deployment - Managing application configuration in a chef environment cookbook -


i new chef , have been struggling find best practices on how configure application configuration in environment cookbook [source #1].

the environment cookbook i'm working on should following:

  • prepare node custom application deployment creating directories, users, etc. specific deployment only.
  • add initialization , monitoring scripts specific application deployment.
  • define application configuration settings.

this last responsibility has been particularly tough nut crack.

an example configuration file of application deployment might follows: 

{     "server": {         "port": 9090     },     "session": {         "proxy": false,         "expires": 100     },     "redis": [{         "port": 9031,         "host": "rds01.prd.example.com"     }, {         "port": 9031,         "host": "rds02.prd.example.com"     }],     "ldapconfig": {         "url": "ldap://example.inc:389",         "admindn": "cn=admin,cn=users,dc=example,dc=inc",         "adminusername": "user",         "adminpassword": "secret",         "searchbase": "ou=bigcustomer,ou=customers,dc=example,dc=inc",         "searchfilter": "(example=*)"     },     "log4js": {         "appenders": [             {                 "category": "[all]",                 "type": "file",                 "filename": "./logs/myapp.log"             }         ],         "levels": {             "[all]": "error"         }     },     "otherservice": {         "basepath" : "http://api.prd.example.com:1234/otherservice",         "smoketestvariable" : "testvar"     } }

some parts of deployment configuration file more stable others. while may vary depending on application , setup, things port numbers , usernames prefer keep same across environments simplicity's sake.

let me classify configuration settings:

stable properties

  • session
  • server
  • log4js.appenders
  • ldapconfig.adminusername
  • ldapconfig.searchfilter
  • otherservice.basepath
  • redis.port

environment specific properties

  • log4js.levels
  • otherservice.smoketestvariable

partial-environment specific properties

  • redis.host: rds01.[environment].example.com
  • otherservice.basepath: http://api.[environment].example.com:1234/otherservice

encrypted environment specific properties

  • ldapconfig.adminpassword

questions

  1. how should create configuration file? options: 1) use file shipped within application deployment itself, 2) use cookbook file template, 3) use json blob 1 of attributes [source #2], 4)... other?
  2. there great diversity of variability in configuration file; how best manage these using chef? roles, environments, per-node configuration, data-bags, encrypted data-bags...? or should opt environment variables instead?

some key concerns in approach:

  • i prefer there 1 way set configuration settings.
  • changing configuration file developer should straightforward (they using vagrant on local machines before pushing test).
  • the passwords must secure.
  • the chef cookbook managed within same git repository sourcecode.
  • some configuration settings require great deal of flexibility; example log4js setting in example config might contain many more appenders dozens of unstructured variables.

any experiences appreciated!

sources

  1. http://blog.vialstudios.com/the-environment-cookbook-pattern/
  2. http://lists.opscode.com/sympa/arc/chef/2013-01/msg00392.html
  3. http://jtimberman.housepub.org/blog/2013/01/28/local-templates-for-application-configuration/
  4. http://realityforge.org/code/2012/11/12/reusable-cookbooks-revisited.html

jamie winsor gave talk @ chefconf goes further in explaining environment cookbook pattern's rationale , usage:

in opinion 1 of key concepts pattern introduces idea of using chef environments control settings of each application instance. environment updated, using berkshelf, run-time version of cookbooks being used application.

what less obvious if decide reserve chef environment use of single application instance, becomes safe use environment configure application's global run-time settings.

an example if given in berkshelf-api installation instructions. there see production environment (for application) being edited various run-time settings:

knife environment edit berkshelf-api-production

in conclusion, chef gives lots of options. make following generic recommendations:

  1. capture defaults in application cookbook
  2. create environment each application instance (as recommended pattern)
  3. set run-time attribute over-rides in environment

notes:

  • see berksflow tool. designed make environment cookbook pattern easier implement.
  • i have made no mention of using roles. these can used override attributes @ run-time, might simpler capture in dedicated chef environment. roles seem better suited capturing information peculiar component of application.

Comments

Post a Comment

Popular posts from this blog

javascript - RequestAnimationFrame not working when exiting fullscreen switching space on Safari -

request animation frame stops working when exiting fullscreen clicking on original space's safari window. fine if fullscreen mode canceled escape key or calling cancelfullscreen(). steps reproduce: open https://dl.dropboxusercontent.com/u/769042/prezi/safari-fullscreen.html click "draw raf", kittie appears click "fullscreen", go fullscreen click "draw raf", kittie appears go space original safari was, showing "click exit fullscreen mode", click anywhere, out fullscreen click "draw raf", nothing happens what handling click calling: window.requestanimationframe(draw); which draws on canvas context: function draw() { ctx.drawimage(img, math.random()*500|0, math.random()*400|0, 100, 100); } i checked .hidden , .visibilitystate, updated correctly. tested on osx 10.9.3, safari 7.0.4 (9537.76.4). has workaround/solution other switching old settimeout? this sounds webkit bug 88940 : using reque
Read more

Python ctypes access violation with const pointer arguments -

i have api i'm trying wrap in python (2.7.6 on win7) code using ctypes. here's api: client_dllfunc bool clientapi search_exporttoclipcopy(clienthsearch handle, int channel, lpctstr filename, const time_t& from, const time_t& to, const bool* cameras, int length, bool usepassword, lpctstr password, bool includetextin = false, bool excludeplayer = false); the issue i'm having cameras argument; , i've had issue other const pointer arguments well. here's how i'm wrapping api: def search_exporttoclipcopy(self, hsearch, csearch, filename, tfrom, tto, cameras, length, usepassword, password, includetextin=true, excludeplayer=false): exporttoclipcopy = self.sdkdll.search_exporttoclipcopy exporttoclipcopy.argtypes = [c_int, c_int, c_wchar_p, c_long, c_long, pointer(c_bool), c_int, c_bool, c_wchar_p, c_bool, c_bool] exporttoclipcopy.restype = c_bool exporttoclipcopy(hsearch, csearch, filename, tfrom, tto, cameras, length, usepassword, pass
Read more