Open The Bifrost!

Posted on May 21, 2013 by Kevin Smith — No Comments ↓

I’m happy to announce bifrost, the Hosted Chef’s new permission manager, was successfully deployed yesterday at 11:30 AM PDT. The deploy took longer than we had estimated based on over a dozen rehearsal deploys. We apologize for the inconvenience of the outage and longer-than-normal deploy window.

I think the best way to illustrate bifrost’s impact is by looking at runtime metrics from graphite. In the following graphs the left side illustrates the old permission manager’s performance, a dip towards the right indicates yesterday’s deploy outage, and data points to the right of the dip are bifrost.

This graph demonstrates bifrost’s increased throughput. We suspect throughput will increase again when we deploy erchef into Hosted Chef in the coming weeks. Y axis is req/sec.

These graphs illustrate the dramatic improvement in response time for authorization requests. The first graph measures 90th percentile response time.

The second displays the mean response time. The drop in response time is quite marked and stable on both. In short, bifrost is able to handle production load without breathing hard.

Next up: erchef comes to Hosted Chef. Stay Tuned!

Just Released – Update to Knife Plugin for Google Compute Engine

Posted on May 14, 2013 by Bryan Hale — 1 Comment ↓

The folks at Google have just published a major update to “knife-google” plugin for Google Compute Engine. Included in this update is a removal of the “gcutil” tookit as an external dependency, meaning that knife-google users can talk directly to the Compute Engine API to spin up new GCE instances and manage them with Chef.

If you happen to be attending Google IO this week, be sure to look out for demos and discussion on this exciting update to Chef’s integration with Google Compute Engine. One great place to start is Friday’s 2pm session entitled “Building Robust Systems With Google Compute Engine”.

For more information about how to get started, please see the following:

You can also see Chef and GCE in action below.

Hosted Chef Upgrades Addendum

Posted on May 13, 2013 by Kevin Smith — No Comments ↓

I recently wrote about the updates coming soon to Hosted Chef. In particular I described a brand-new permissions manager then scheduled to be deployed the evening of 5/8. This deploy did not occur. We chose to re-schedule due to the last minute discovery of a subtle and hard-to-isolate bug arising from the interaction between Hosted Chef back-end systems.

Delaying the deploy at the last minute was a major bummer for us. Even though the delay meant disappointing ourselves and our users we knew it was the right decision. We want to be as confident as possible of the code we deploy. We would’ve likely missed this bug entirely had it not been for the deploy team’s mantra of “test, verify, and test again”. Replacing existing systems is difficult especially when these systems contain complicated logic. Doubly so when a complex system is a component of a larger even more complicated system. Catching this single bug made the weeks spent rehearsing and validating test deploys worth it.

Since then we’ve been working hard to fix the bug. We’ve identified a minimally reproducible case and are focused on testing and validating a fix. As soon as we’re sure of the fix and we’re confident we have it right we’ll try the deploy again.

We apologize for the delay and unmet expectations. We remain committed to improving Hosted Chef. We promise the additional waiting will be worth it.

Chef 10.26.0 Released

Posted on May 8, 2013 by Bryan McLellan — No Comments ↓

This release adds a feature for setting user passwords on Solaris, fixes a bug in Resource.const_defined?, and adds SSL root certificates to the Omnibus packages.

Ranjib Dey added support for Google Cloud Engine Linux (GCEL), Google's Ubuntu derivative. Thanks Ranjib! You're this releases MVP! In addition to building out more cloud support, Ranjib has been a great addition to the community, helping many others with Chef and Chef testing. Lately he's been working on chef-stage which provides an LWRP for multi-stage Chef client runs.

Zac Stevens and Matthew Horan helped improve the error that resulted when you tried to replace a frozen cookbook.

Aaron Blythe found an issue with haml >= 4.0.0 and fixed it with a version constraint.

Checksums

As mentioned in the 10.24.4 release, you can get checksums for the Omnibus packages from the new metadata API:

$ curl 'https://www.opscode.com/chef/metadata?p=ubuntu&pv=12.04&m=x86_64&v=10.26.0'

url     https://opscode-omnibus-packages.s3.amazonaws.com/ubuntu/11.04/x86_64/chef_10.26.0-1.ubuntu.11.04_amd64.deb
md5     637b14030e89dbff375387984aab4812
sha256  54033fbff9ba7add545cb4ac48defbb7062a69e14ade088e956c4f4da6d22a5e

f9bd7368232ca3941719b5f3e29635cd565dca5c99d5943c5434321a626a6b72  chef-10.26.0.gem
7cf48770abd315974cb2c931d2329d77ad251bee5dd94307ac2e07779a751b96  chef-server-10.26.0.gem
02d5ff329cf210fda8a4f382b9427eba112a89e97cdec95d3a05626d9c433334  chef-server-api-10.26.0.gem
bb8347d0eb1598a1e4d1109e8e06e782f3fd883a343640bead46470cd9489371  chef-solr-10.26.0.gem
7f1d4cbec2d17270aa46649fc11c13c094e1e1efb320c14493357bf790d0749f  chef-server-webui-10.26.0.gem
5d8b30a205d8d059b25fa3618a581bd821883d7570e101b12eeb9a1fc2cd2ce9  chef-expander-10.26.0.gem

Release Notes

Bug

[CHEF-1707] - unable to set password for user on solaris
[CHEF-2467] - 11: Attributes set in role not available via node object when running shef in client mode.
[CHEF-2840] - SSL Verification fails using omnibus installer because of missing certs
[CHEF-3452] - uploading frozen cookbooks shows unfriendly error message
[CHEF-3784] - Deprecation warning with override run list
[CHEF-3898] - chef-server-webui haml dependency issue.
[CHEF-4123] - Chef-10.24.4 break Chef-server bootstrap installation

New Feature

[CHEF-3880] - Recognize GCEL as a platform

Reflections on #ChefConf 2013

Posted on May 8, 2013 by Nathen Harvey — No Comments ↓

#ChefConf 2013 was a roaring success!

Our second annual conference was full of great keynotes, insightful workshops, informative track sessions, and the awesome Chef community. #ChefConf 2013 sold out with more than 700 people in attendance and hundreds more watching the live video stream of the keynote sessions.

Wednesday’s activities included training workshops on Chef, Openstack, and managing production incidents. Bryan Berry helped organize a hack day for the community. The day wrapped-up with a welcome reception to officially kick-off #ChefConf 2013.

The keynotes on Thursday morning included presentations from Opscode, Facebook, Forrester Research, and GE. Following the keynotes, were five tracks of break out sessions and a community room that was used for hacking, Q & A with presenters, and as a focal point for the hallway track. Thursday evening wrapped up with a keynote from Jamie Winsor, the Awesome Community Chef awards, and a concert from Charlie Mars.

Friday kicked off with keynotes from Adam Jacob, Cycle Computing, Disney, Nordstrom, and a joint keynote with IBM and Opscode. Again, the keynotes were followed by five tracks and the community room.

About seventy people headed over to Joyent‘s offices on Saturday morning for an amazing Chef Hack Day.

The most difficult part of #ChefConf 2013 was deciding which talks to attend. There were many awesome talks scheduled over the course of the conference. Check out the #ChefConf Talks page to watch videos or view presentations from most of the talks.

We asked you for your feedback on #ChefConf 2013. 97% of respondents rated the conference “Very Good” or better and 94% said they’re likely attend #ChefConf 2014.

For many, the best part of #ChefConf was connecting with other members of the Opscode Community.

This year’s #ChefConf started off with a video. The video ended with a statement that sums up what was demonstrated throughout #ChefConf:

It’s not just Chef that’s awesome, it’s what people do with it. Code can do some incredible things. But code can’t do it alone. It takes all of us, working together, sharing our experiences, and solving the real problems we face to turn that code into something of value. Code isn’t transforming the world, we are!

Upcoming Hosted Chef Improvements

Posted on May 7, 2013 by Kevin Smith — No Comments ↓

Over the next several weeks Opscode Engineering and Ops teams will be upgrading a number of systems in Hosted Chef. These upgrades are the result of months of behind the scenes hard work. We’ve been quiet, not because we don’t care, but because upgrading large complex systems like Hosted Chef requires lots of planning to get it right. On the contrary, we care deeply about our users and their experiences using all the many flavors of Chef. I’d like to share some details about upcoming upgrades to demonstrate how much we care and how hard we’re working to improve Hosted Chef.

One of Hosted Chef’s benefits is its support for fine-grained permissions. The original permission manager had performed well from the day we turned on Hosted Chef until recently. We analyzed the permission manager’s performance and concluded the current design was nearing its natural scaling limits.

We decided the best course of action for Hosted Chef and our users was to replace the current system with a new design. This design would address our current performance needs and more easily scale as Hosted Chef grows. The end result, after months of work, is a new permission manager twice as fast as the old design, stable under load, and completely backwards compatible. The new system, codenamed ‘bifrost’, will be deployed during the outage we recently announced for tomorrow 6:00 PM – 7:00 PM PDT.

We’re also finalizing plans to bring the Chef 11′s new API server, erchef, to Hosted Chef in the coming weeks. erchef has been proven in demanding environments such as Facebook and Cycle Computing‘s on-demand compute clusters.

Bringing erchef to Hosted Chef is a huge project involving a cast of virtual thousands touching almost every Hosted Chef system and component. We can’t wait to share erchef with our Hosted Chef users but we want to do it right. This means taking the extra time to attend to details and minimize any user-facing impacts. We’re making great progress and will have more to share soon.

#ChefConf – Hack Day

Posted on May 7, 2013 by Nathen Harvey — No Comments ↓

Immediately following #ChefConf 2013, we teamed up with our friends from Joyent and Boundary to co-host a Chef Hack Day.

The idea: capture some of the excitement and buzz generated at #ChefConf and bring community members together to whip up some awesome code.

The results: About 70 Chefs gathered at Joyent’s offices and hacked on numerous projects.

Projects included work on:

An extension to knife ec2 that allows you to pass a “--bake” parameter to generate an EC2 AMI after bootstrapping the node.
A vagrant plugin that allows you to use a local repository of packages to make truly disconnected provisioning possible.
Launch a developer stack from a rake file. The full developer stack might include Berkshelf, minitest, chef spec, and more.
A set of thor files, spiceweasel, and vagrant files to help bootstrap an arbitrary infrastructure. Checkout this repository on github.
Improvements to Python PIP
…and more

There was also a lot of work put into generating omnibus builds of Chef for both SmartOS and Free BSD.

Here’s a description of one of the projects:

We created Chef Stock to provide an extensible solution to inventory and expense management of infrastructure across disparate providers using chef nodes and attributes as our source of truth. We created a Django webui backed by a redis cache, which is populated from chef server. Node attributes for price and location will be used to display filterable tables and maps, which will allow us to easily see what we are spending on and where our nodes are located geographically, precise to the rack slot. In the long term we hope to add better virtualization support, create API-to-node attribute importers for Internap and Amazon and integrate with monitoring (sensu/momonitor), metrics (graphite), and provisioning systems (openstack/razor) in order to create a more encompassing infrastructure management dashboard. MoMonitor is a monitoring and alerting system we recently released open source.

MoMonitor is a monitoring and alerting system that integrates with multiple services including umpire, graphite, and sensu. We recently released it as open source.

Our friends from DYN were on-site with their uptime cart keeping all of the hackers well caffeinated.

Boundrary provided food throughout the day and gave away Raspberry Pis to three lucky winners:

Rob McQueen
Kristina Vlaardingerbrooch
Robert Maury

This was the first time we tried a post-#ChefConf Hack Day but certainly will not be the last!

Thank you to all who participated.

Awesome Community Chefs

Posted on May 7, 2013 by Nathen Harvey — No Comments ↓

During #ChefConf 2013, we announced our first annual Awesome Community Chefs awards.

The Chef community is full of many awesome individuals who contribute and do exceptional things every day. The Awesome Community Chef awards are a way for the community to recognize a few of the individuals who have made a dramatic impact and have helped further the cause.

The community was asked to nominate some awesome chefs and three were selected as this year’s Awesome Community Chefs.

Each of the Awesome Community Chefs were awarded

An iPad Mini
A personalized Chef track jacket
All expense-paid trip to the Opscode Community Summit.

Additionally, the Awesome Chefs will have the privilege of selecting the next round of Awesome Community Chefs.

And the winners are…

Bryan Berry – As one nominator put it, Bryan is deserves this award for “…providing us with the super awesome Food Fight Show, which I find to be an immensely valuable resource to keep up to date with what’s going on, and that’s not even mentioning Bryan’s cookbooks and other contributions!”

Fletcher Nichol – Jamie/Test Kitchen 1.0, Knife-Server, Chef integration for Razor, rbenv/rvm cookbooks and more! Fletcher has earned the moniker “the hardest working man in open source.”

Jamie Winsor – Jamie has been a ‘”wrapper cookbook” pattern cheerleader’ and is well known for his work on Berkshelf and Ridley. As one nominator put it, “Berkshelf has changed the way we manage cookbooks for the better. It has enabled a very managable workflow that incorporates the community cookbooks. Fantastic!”

Congratulations to all of the Awesome Community Chef award winners!

Cheezburger Builds Massive Social Humor Website Network w/Hosted Chef

Posted on May 6, 2013 by Lucas Welch — No Comments ↓

Coming out of a seriously rockin’ #ChefConf a week ago, it’s time to profile more customer awesomeness in the Chef Community. This go round it’s a neighbor of ours here in Seattle – Cheezburger, one of the largest social humor sites in the world.

You may be familiar with one or more of Cheezburger’s hilarious sites like I Can Has Cheezburger and Know Your Meme. To keep good times rolling, Cheezburger has automated their hybrid cloud and physical data center infrastructure with Hosted Chef.

Using Hosted Chef for configuration management of its primarily Windows-based infrastructure, Cheezburger can manage all its IaaS and physical resources from a single point of view, providing serious system visibility and control. In addition, Cheezburger customized the Chef Community .NET cookbook, creating a code-based blueprint for managing server deployments.

You can read the full press release below. For all the technical details of Cheezburger’s Hosted Chef deployment, please check out the case study here.

Chef 11.4.4 and Chef 10.24.4 Released

Posted on April 25, 2013 by Dan DeLeo — No Comments ↓

Chef 11.4.4 and 10.24.4 Released

We’ve released Chef 11.4.4 and 10.24.4 to fix some bugs introduced in the previous release:

CHEF-3432: Chef client was keeping references to “stale” LWRP classes, which caused a memory leak when running Chef as a daemon without the --fork option.
CHEF-4117: The patch for CHEF-3432 would cause Chef to fail if there was a constant defined on Object with the same name as a LWRP resource.

Chef 11.4.4 also contains the following patch, which was already released for Chef 10.x:

CHEF-3367: Chef client would delete its pid file when run as a daemon with the --fork option. When using the chef-client cookbook to manage chef-client and running chef under a standard SysV style init system, this would cause the init script to start a new chef-client on each chef run.

To download the omnibus packages, head over to the downloads page.

Package Checksums

For rubygem packages, the checksums are as follows:

SHA2-256

c929e25043c551901bb5ae12518da2c8425291992caa3b0118233fa64f563990  chef-11.4.4.gem
9f02f55f0df274b928d19ad14c44fcf5f21c356f455d55889dc421fb23cbde34  chef-10.24.4.gem
c6cc88c15c816271cc8b0ea0446f5b900b250a55ed75e67b298d9f5fe5e3c4e7  chef-expander-10.24.4.gem
f8a380de092451be3095c7f7436551b722b4cc2f7b121a2873116a601da180be  chef-server-10.24.4.gem
74fb9b28ee744218cce8cfb1a2cddafc7581ce0f7927ba151245e6a37c7a49ef  chef-server-api-10.24.4.gem
def8750626962bf9c071911524cc305a924892b756ff3592d9efa88b2f4eaebb  chef-server-webui-10.24.4.gem
00c530254e36d32672e3af1950ece9b142f51f6b3ed4a7741df8836e150ae10e  chef-solr-10.24.4.gem

MD5

MD5 (chef-11.4.4.gem) = dc50aa6a4a7d4785a4c82fcaab3f9436
MD5 (chef-10.24.4.gem) = f35ad7c477e065662d12d28f87a702c2
MD5 (chef-expander-10.24.4.gem) = 9505583d5ccc7d19c3c5e67e05255a88
MD5 (chef-server-10.24.4.gem) = 5e02d3841507422cb3e6d7b31fcaa85a
MD5 (chef-server-api-10.24.4.gem) = a861b8bb8268be585daf4b5abe7d41c8
MD5 (chef-server-webui-10.24.4.gem) = 0d865422f8bd86a8eb8741f1f5438258
MD5 (chef-solr-10.24.4.gem) = dab6229bdeabd9f096b24cf2490179ed

Omnibus Package Checksums

To obtain checksums for omnibus packages, you may use the metadata API. For Ubuntu 12.04 64 bit, for example:

$ curl 'https://www.opscode.com/chef/metadata?p=ubuntu&pv=12.04&m=x86_64&v=11.4.4'

url https://opscode-omnibus-packages.s3.amazonaws.com/ubuntu/11.04/x8664/chef11.4.4-1.ubuntu.11.04amd64.deb md5 6df945506d067b60fede84846e78529f sha256 c3c6f5302752e44cb9c88666646f91c825668f4fb9b5333233524c98cb29ad07

Chef 10.26.0 Beta Released
In addition to the two patch releases above, we’ve released a beta of Chef 10.26.0. This contains a handful of bug fixes, and we hope you’ll give us a hand testing it.
Obtaining Omnibus Prerelease Packages
You can use the aforementioned metadata API to obtain a link and checksums:

curl 'https://www.opscode.com/chef/metadata?p=ubuntu&pv=12.04&m=x8664&v=10.26.0&prerelease=true'

For a direct download, use the download api:

curl -L 'https://www.opscode.com/chef/download?p=ubuntu&pv=12.04&m=x86_64&v=10.26.0&prerelease=true' > beta-pkg.deb

Obtaining Prerelease Gems

To get prerelease gems, you need to run gem install with the -v and --pre options:

gem install chef -v "~> 10.0" --pre