SlideShare une entreprise Scribd logo

Running CentOS on the Facebook fleet

D
Davide Cavalca

This talk will focus on how we deploy and manage CentOS on our fleet at Facebook, and showcase challenges, best practices and lessons learned working with a deployment of hundreds of thousands of machines. We'll discuss challenges encountered over the years, tools that we developed to overcome them, the process used to integrate upstream updates, packaging tools and workflows and configuration management challenges. The talk is mostly focused on bare metal, but will cover some container best practices as well. We'll also focus on our interactions with the RPM, Yum, Anaconda and systemd projects to showcase how to work with the upstream community.

Ingénierie
1  sur  40
Télécharger pour lire hors ligne
Running CentOS on the Facebook feet Davide Cavalca Production Engineer
• Infrastructure • Packaging • OS Updates • Chef • Provisioning • Containers Agenda
Infrastructure
• OS team manages the bare metal experience of the feet • OS as a platform • Individual teams are responsible for their own hosts Infrastructure How does it work?
• Community sets the direction • We move fast; opensource often moves faster • We don’t need to write everything ourselves • Sharing our code means sharing the maintenance and having others extend it • DevConf.CZ 2017 talk: https://tinyurl.com/y7gx6nro Infrastructure Upstream frst
• Stable releases • Binary compatibility • Security updates • Mature and well understood tooling • EPEL • Close relationship with Fedora Infrastructure Why CentOS?
• Backports from Fedora Rawhide for stuf we care about • Mostly plumbing and low-level packages • %facebook macro to gate internal stuf • GitHub: facebookincubator/rpm-backports • CentOS + FTL = stable distro, moving fast Infrastructure FTL – Fast Thin Layer
• Rawhide backport of latest stable • GitHub: facebookincubator/systemd-compat-libs • Tracking upstream development in master • New features: cgroup2, DynamicUsers, etc. • fb_systemd and fb_timers cookbooks • All Systems Go 2017 talk: https://tinyurl.com/ycx6525p Infrastructure Plumbing – systemd
• CentOS version + backported network-scripts from master • IPv6 improvements, per-device routes, ifdown • GitHub: fedora-sysv/initscripts Infrastructure Plumbing – initscripts
• Upstream kernel (or as close as possible) • Development in master • Internal stable and development branches • Testing and rollout automation • SCALE 15x talk: https://tinyurl.com/ybqgwn47 Infrastructure Kernel
Packaging
• Public mirror at http://mirror.facebook.net/centos/ • Upstream repos straight from CentOS • Internal repos: site-packages and fb-runtime • Extra oneof repos for special cases Packaging Server side – layout
• Per-region package masters • Stored in Subversion (+ GlusterFS) • Served per-region via Apache2 • Per-cluster Varnish caches Packaging Server side – implementation
• Yummy: mock wrapper with SCM integration • Store specfles + patches in source control • Store blobs in GlusterFS-backed NFS • Automation to sync to GitHub Packaging Tooling – system packages
• Packman: rpmbuild wrapper for simple RPMs • Integrates with buck and our SCM tooling • Build software, generate specfle, package it up • Simple YAML confguration Packaging Tooling – fb-runtime packages
• Backported RPM from Rawhide • yum-utils from CentOS + backported PRs • DNF from rpmsoftwaremanagement/dnf-nightly copr • fb_rpm and fb_yum cookbooks Packaging Client side
• I/O thrash fsync() on close() (PR#187 on rpm)→ • rpmdb corruption issues dcrpm→ • Zero byte fles reprovision→ • Duplicate packages package-cleanup wrapper→ • Scaling Yum pkgtorrent (PR#14 on yum-utils)→ Packaging RPM and Yum at scale
• Automate detection and remediation of common issues • rpmdb corruption, stuck processes, etc. • Works on Linux and OSX (!) • Runs before every Chef run • GitHub: facebookincubator/dcrpm Packaging dcrpm
Packaging dcrpm – before and after • RPM-related failures over time • Baseline of errors still WIP
• Merge package-cleanup wrapper into dcrpm • Test new database format • Test DNF in production • DNF package provider in Chef Packaging Work in progress
OS upgrades
• CentOS 5 6 and 6 7→ → • No in-place updates: reprovision the host from scratch • Easier to ensure a good state • Side efect: clean slate ofers opportunity to deprecate unwanted features or tools OS updates Major releases
• About a year from initial PoC to frst production machine • About two years to migrate 100% of the feet • Documentation and automation • Stateless vs stateful services • Prerequisites and hidden dependencies OS updates CentOS 7 migration
• Rolling OS updates • Every two weeks we sync down the latest updates… • …and roll them out over two weeks • Easy stop button and opt out for individual packages OS updates Minor releases and security updates
• /yum/centos/7.x/rollingupdates/YYYYMMDD • Tool to automate syncing and validation • ‘yum upgrade’ kicked of via fb_yum • Manual per-host override • Early canary 0.1% 1% 2% …→ → → → OS updates Rolling OS updates – implementation
Chef
• Idempotent resources • Only start sshd when actually needed Chef Philosophy service 'sshd' do action [:enable, :start] end
• Separation of data and confg Chef Philosophy node.default['fb_networking']['interfaces']['eth1'] = { 'ip => '10.0.0.12', 'netmask' => '255.255.255.0', 'onboot' => 'yes', 'bootproto' => 'static', } node.default['fb_sysctl']['vm.dirty_ratio'] = 25
• Confguration as programming Chef Philosophy # determines proper DSR interface type and next index # automatically for us: node.add_dsr_vip('172.31.255.10')
• Expose APIs via attributes • Use providers for implementation • Global defaults and local overrides • GitHub: facebook/chef-utils • Atmosphere 2014 talk: https://tinyurl.com/ychqprft Chef Data driven confguration
• Chef cookbooks in SCM • GitHub: facebook/chef-cookbooks • Servers are as stateless as possible • chefctl.rb runner for locking, logging and custom hooks • GitHub: facebook/grocery-delivery Chef Infrastructure
• Develop locally, then test on real machines • Spin local chef-zero instance and repoint target to it • GitHub: facebook/taste-tester Chef Testing
Provisioning
Provisioning From zero to production • Standard kickstart netbooting fow • Kea, dhcplb, fbtftp • GitHub: facebookincubator/dhcplb • GitHub: facebook/fbtftp • LoL – using Linux to boot Linux • Anaconda from Rawhide • Internal tooling for orchestration
Containers
Containers Also running CentOS • Tupperware: our container platform • Layered CentOS base image • Btrfs flesystem • Chef-solo for image customization • All Systems Go 2017 talk: https://tinyurl.com/y79hs7pq
Questions?
Running CentOS on the Facebook fleet

Recommandé

systemd @ Facebook -- a year later
systemd @ Facebook -- a year latersystemd @ Facebook -- a year later
systemd @ Facebook -- a year laterDavide Cavalca
 
Hyperscale SIG update
Hyperscale SIG updateHyperscale SIG update
Hyperscale SIG updateDavide Cavalca
 
SaltConf14 - Matthew Williams, Flowroute - Salt Virt for Linux contatiners an...
SaltConf14 - Matthew Williams, Flowroute - Salt Virt for Linux contatiners an...SaltConf14 - Matthew Williams, Flowroute - Salt Virt for Linux contatiners an...
SaltConf14 - Matthew Williams, Flowroute - Salt Virt for Linux contatiners an...SaltStack
 
OpenNebulaConf 2016 - Measuring and tuning VM performance by Boyan Krosnov, S...
OpenNebulaConf 2016 - Measuring and tuning VM performance by Boyan Krosnov, S...OpenNebulaConf 2016 - Measuring and tuning VM performance by Boyan Krosnov, S...
OpenNebulaConf 2016 - Measuring and tuning VM performance by Boyan Krosnov, S...OpenNebula Project
 
OpenNebula Conf 2014: CentOS, QA an OpenNebula - Christoph Galuschka
OpenNebula Conf 2014: CentOS, QA an OpenNebula - Christoph GaluschkaOpenNebula Conf 2014: CentOS, QA an OpenNebula - Christoph Galuschka
OpenNebula Conf 2014: CentOS, QA an OpenNebula - Christoph GaluschkaNETWAYS
 
Enjoying k8s cluster with Minikube and Helm
Enjoying k8s cluster with Minikube and HelmEnjoying k8s cluster with Minikube and Helm
Enjoying k8s cluster with Minikube and Helmロフト くん
 
QNAP COSCUP Container Station
QNAP COSCUP Container StationQNAP COSCUP Container Station
QNAP COSCUP Container StationWu Fan-Cheng
 
Make Accelerator Pluggable for Container Engine
Make Accelerator Pluggable for Container EngineMake Accelerator Pluggable for Container Engine
Make Accelerator Pluggable for Container EngineLinuxCon ContainerCon CloudOpen China
 

Recommandé

systemd @ Facebook -- a year later
systemd @ Facebook -- a year latersystemd @ Facebook -- a year later
systemd @ Facebook -- a year laterDavide Cavalca
 
Hyperscale SIG update
Hyperscale SIG updateHyperscale SIG update
Hyperscale SIG updateDavide Cavalca
 
SaltConf14 - Matthew Williams, Flowroute - Salt Virt for Linux contatiners an...
SaltConf14 - Matthew Williams, Flowroute - Salt Virt for Linux contatiners an...SaltConf14 - Matthew Williams, Flowroute - Salt Virt for Linux contatiners an...
SaltConf14 - Matthew Williams, Flowroute - Salt Virt for Linux contatiners an...SaltStack
 
OpenNebulaConf 2016 - Measuring and tuning VM performance by Boyan Krosnov, S...
OpenNebulaConf 2016 - Measuring and tuning VM performance by Boyan Krosnov, S...OpenNebulaConf 2016 - Measuring and tuning VM performance by Boyan Krosnov, S...
OpenNebulaConf 2016 - Measuring and tuning VM performance by Boyan Krosnov, S...OpenNebula Project
 
OpenNebula Conf 2014: CentOS, QA an OpenNebula - Christoph Galuschka
OpenNebula Conf 2014: CentOS, QA an OpenNebula - Christoph GaluschkaOpenNebula Conf 2014: CentOS, QA an OpenNebula - Christoph Galuschka
OpenNebula Conf 2014: CentOS, QA an OpenNebula - Christoph GaluschkaNETWAYS
 
Enjoying k8s cluster with Minikube and Helm
Enjoying k8s cluster with Minikube and HelmEnjoying k8s cluster with Minikube and Helm
Enjoying k8s cluster with Minikube and Helmロフト くん
 
QNAP COSCUP Container Station
QNAP COSCUP Container StationQNAP COSCUP Container Station
QNAP COSCUP Container StationWu Fan-Cheng
 
Make Accelerator Pluggable for Container Engine
Make Accelerator Pluggable for Container EngineMake Accelerator Pluggable for Container Engine
Make Accelerator Pluggable for Container EngineLinuxCon ContainerCon CloudOpen China
 
Experiences from Running Masterless Puppet - PuppetConf 2014
Experiences from Running Masterless Puppet - PuppetConf 2014Experiences from Running Masterless Puppet - PuppetConf 2014
Experiences from Running Masterless Puppet - PuppetConf 2014Puppet
 
Masterless puppet
Masterless puppetMasterless puppet
Masterless puppetJesus Nunez
 
How Openstack is Built
How Openstack is BuiltHow Openstack is Built
How Openstack is BuiltAnton Weiss
 
Breaking the RpiDocker challenge
Breaking the RpiDocker challenge Breaking the RpiDocker challenge
Breaking the RpiDocker challenge Nicolas De Loof
 
runC: The little engine that could (run Docker containers) by Docker Captain ...
runC: The little engine that could (run Docker containers) by Docker Captain ...runC: The little engine that could (run Docker containers) by Docker Captain ...
runC: The little engine that could (run Docker containers) by Docker Captain ...Docker, Inc.
 
Containers for the Enterprise: Delivering OpenShift on OpenStack for Performa...
Containers for the Enterprise: Delivering OpenShift on OpenStack for Performa...Containers for the Enterprise: Delivering OpenShift on OpenStack for Performa...
Containers for the Enterprise: Delivering OpenShift on OpenStack for Performa...Stephen Gordon
 
OMD and Check_mk
OMD and Check_mkOMD and Check_mk
OMD and Check_mkArtur Martins
 
Introduction to ansible
Introduction to ansibleIntroduction to ansible
Introduction to ansibleMukul Malhotra
 
Continuous integration with Docker and Ansible
Continuous integration with Docker and AnsibleContinuous integration with Docker and Ansible
Continuous integration with Docker and AnsibleDmytro Slupytskyi
 
Lifecycle Management with Foreman
Lifecycle Management with ForemanLifecycle Management with Foreman
Lifecycle Management with ForemanJulien Pivotto
 
OpenNebula, the foreman and CentOS play nice, too
OpenNebula, the foreman and CentOS play nice, tooOpenNebula, the foreman and CentOS play nice, too
OpenNebula, the foreman and CentOS play nice, tooinovex GmbH
 
Red Hat Satellite 6 - Automation with Puppet
Red Hat Satellite 6 - Automation with PuppetRed Hat Satellite 6 - Automation with Puppet
Red Hat Satellite 6 - Automation with PuppetMichael Lessard
 
Hyperscale SIG update
Hyperscale SIG updateHyperscale SIG update
Hyperscale SIG updateDavide Cavalca
 
OpenNebula Conf 2014 | Puppet and OpenNebula - David Lutterkort
OpenNebula Conf 2014 | Puppet and OpenNebula - David LutterkortOpenNebula Conf 2014 | Puppet and OpenNebula - David Lutterkort
OpenNebula Conf 2014 | Puppet and OpenNebula - David LutterkortNETWAYS
 
OpenNebula Conf 2014 | Lightning talk: OpenNebula at Etnetera by Jan Horacek
OpenNebula Conf 2014 | Lightning talk: OpenNebula at Etnetera by Jan HoracekOpenNebula Conf 2014 | Lightning talk: OpenNebula at Etnetera by Jan Horacek
OpenNebula Conf 2014 | Lightning talk: OpenNebula at Etnetera by Jan HoracekNETWAYS
 
ViFX Tech Connect: Containers & VMs
ViFX Tech Connect: Containers & VMsViFX Tech Connect: Containers & VMs
ViFX Tech Connect: Containers & VMsViFX
 
Rasperry Pi and TI CC2650 IPv6 border router
Rasperry Pi and TI CC2650 IPv6 border routerRasperry Pi and TI CC2650 IPv6 border router
Rasperry Pi and TI CC2650 IPv6 border routerNikolaos Monios
 
OpenNebula Conf 2014 | Lightning talk: OpenNebula Puppet Module - Norman Mess...
OpenNebula Conf 2014 | Lightning talk: OpenNebula Puppet Module - Norman Mess...OpenNebula Conf 2014 | Lightning talk: OpenNebula Puppet Module - Norman Mess...
OpenNebula Conf 2014 | Lightning talk: OpenNebula Puppet Module - Norman Mess...NETWAYS
 
OpenNebulaConf 2016 - Icinga2 - APIFY them all by Achim Ledermüller, Netways ...
OpenNebulaConf 2016 - Icinga2 - APIFY them all by Achim Ledermüller, Netways ...OpenNebulaConf 2016 - Icinga2 - APIFY them all by Achim Ledermüller, Netways ...
OpenNebulaConf 2016 - Icinga2 - APIFY them all by Achim Ledermüller, Netways ...OpenNebula Project
 
Simplify Networking for Containers
Simplify Networking for ContainersSimplify Networking for Containers
Simplify Networking for ContainersLinuxCon ContainerCon CloudOpen China
 
CentOS at Facebook
CentOS at FacebookCentOS at Facebook
CentOS at FacebookPhil Dibowitz
 
CentOS Stream at Facebook
CentOS Stream at FacebookCentOS Stream at Facebook
CentOS Stream at FacebookDavide Cavalca
 

Contenu connexe

Tendances

Experiences from Running Masterless Puppet - PuppetConf 2014
Experiences from Running Masterless Puppet - PuppetConf 2014Experiences from Running Masterless Puppet - PuppetConf 2014
Experiences from Running Masterless Puppet - PuppetConf 2014Puppet
 
Masterless puppet
Masterless puppetMasterless puppet
Masterless puppetJesus Nunez
 
How Openstack is Built
How Openstack is BuiltHow Openstack is Built
How Openstack is BuiltAnton Weiss
 
Breaking the RpiDocker challenge
Breaking the RpiDocker challenge Breaking the RpiDocker challenge
Breaking the RpiDocker challenge Nicolas De Loof
 
runC: The little engine that could (run Docker containers) by Docker Captain ...
runC: The little engine that could (run Docker containers) by Docker Captain ...runC: The little engine that could (run Docker containers) by Docker Captain ...
runC: The little engine that could (run Docker containers) by Docker Captain ...Docker, Inc.
 
Containers for the Enterprise: Delivering OpenShift on OpenStack for Performa...
Containers for the Enterprise: Delivering OpenShift on OpenStack for Performa...Containers for the Enterprise: Delivering OpenShift on OpenStack for Performa...
Containers for the Enterprise: Delivering OpenShift on OpenStack for Performa...Stephen Gordon
 
Introduction to ansible
Introduction to ansibleIntroduction to ansible
Introduction to ansibleMukul Malhotra
 
Continuous integration with Docker and Ansible
Continuous integration with Docker and AnsibleContinuous integration with Docker and Ansible
Continuous integration with Docker and AnsibleDmytro Slupytskyi
 
Lifecycle Management with Foreman
Lifecycle Management with ForemanLifecycle Management with Foreman
Lifecycle Management with ForemanJulien Pivotto
 
OpenNebula, the foreman and CentOS play nice, too
OpenNebula, the foreman and CentOS play nice, tooOpenNebula, the foreman and CentOS play nice, too
OpenNebula, the foreman and CentOS play nice, tooinovex GmbH
 
Red Hat Satellite 6 - Automation with Puppet
Red Hat Satellite 6 - Automation with PuppetRed Hat Satellite 6 - Automation with Puppet
Red Hat Satellite 6 - Automation with PuppetMichael Lessard
 
OpenNebula Conf 2014 | Puppet and OpenNebula - David Lutterkort
OpenNebula Conf 2014 | Puppet and OpenNebula - David LutterkortOpenNebula Conf 2014 | Puppet and OpenNebula - David Lutterkort
OpenNebula Conf 2014 | Puppet and OpenNebula - David LutterkortNETWAYS
 
OpenNebula Conf 2014 | Lightning talk: OpenNebula at Etnetera by Jan Horacek
OpenNebula Conf 2014 | Lightning talk: OpenNebula at Etnetera by Jan HoracekOpenNebula Conf 2014 | Lightning talk: OpenNebula at Etnetera by Jan Horacek
OpenNebula Conf 2014 | Lightning talk: OpenNebula at Etnetera by Jan HoracekNETWAYS
 
ViFX Tech Connect: Containers & VMs
ViFX Tech Connect: Containers & VMsViFX Tech Connect: Containers & VMs
ViFX Tech Connect: Containers & VMsViFX
 
Rasperry Pi and TI CC2650 IPv6 border router
Rasperry Pi and TI CC2650 IPv6 border routerRasperry Pi and TI CC2650 IPv6 border router
Rasperry Pi and TI CC2650 IPv6 border routerNikolaos Monios
 
OpenNebula Conf 2014 | Lightning talk: OpenNebula Puppet Module - Norman Mess...
OpenNebula Conf 2014 | Lightning talk: OpenNebula Puppet Module - Norman Mess...OpenNebula Conf 2014 | Lightning talk: OpenNebula Puppet Module - Norman Mess...
OpenNebula Conf 2014 | Lightning talk: OpenNebula Puppet Module - Norman Mess...NETWAYS
 
OpenNebulaConf 2016 - Icinga2 - APIFY them all by Achim Ledermüller, Netways ...
OpenNebulaConf 2016 - Icinga2 - APIFY them all by Achim Ledermüller, Netways ...OpenNebulaConf 2016 - Icinga2 - APIFY them all by Achim Ledermüller, Netways ...
OpenNebulaConf 2016 - Icinga2 - APIFY them all by Achim Ledermüller, Netways ...OpenNebula Project
 

Tendances (20)

Experiences from Running Masterless Puppet - PuppetConf 2014
Experiences from Running Masterless Puppet - PuppetConf 2014Experiences from Running Masterless Puppet - PuppetConf 2014
Experiences from Running Masterless Puppet - PuppetConf 2014
 
Masterless puppet
Masterless puppetMasterless puppet
Masterless puppet
 
How Openstack is Built
How Openstack is BuiltHow Openstack is Built
How Openstack is Built
 
Breaking the RpiDocker challenge
Breaking the RpiDocker challenge Breaking the RpiDocker challenge
Breaking the RpiDocker challenge
 
runC: The little engine that could (run Docker containers) by Docker Captain ...
runC: The little engine that could (run Docker containers) by Docker Captain ...runC: The little engine that could (run Docker containers) by Docker Captain ...
runC: The little engine that could (run Docker containers) by Docker Captain ...
 
Containers for the Enterprise: Delivering OpenShift on OpenStack for Performa...
Containers for the Enterprise: Delivering OpenShift on OpenStack for Performa...Containers for the Enterprise: Delivering OpenShift on OpenStack for Performa...
Containers for the Enterprise: Delivering OpenShift on OpenStack for Performa...
 
OMD and Check_mk
OMD and Check_mkOMD and Check_mk
OMD and Check_mk
 
Introduction to ansible
Introduction to ansibleIntroduction to ansible
Introduction to ansible
 
Continuous integration with Docker and Ansible
Continuous integration with Docker and AnsibleContinuous integration with Docker and Ansible
Continuous integration with Docker and Ansible
 
Lifecycle Management with Foreman
Lifecycle Management with ForemanLifecycle Management with Foreman
Lifecycle Management with Foreman
 
OpenNebula, the foreman and CentOS play nice, too
OpenNebula, the foreman and CentOS play nice, tooOpenNebula, the foreman and CentOS play nice, too
OpenNebula, the foreman and CentOS play nice, too
 
Red Hat Satellite 6 - Automation with Puppet
Red Hat Satellite 6 - Automation with PuppetRed Hat Satellite 6 - Automation with Puppet
Red Hat Satellite 6 - Automation with Puppet
 
Hyperscale SIG update
Hyperscale SIG updateHyperscale SIG update
Hyperscale SIG update
 
OpenNebula Conf 2014 | Puppet and OpenNebula - David Lutterkort
OpenNebula Conf 2014 | Puppet and OpenNebula - David LutterkortOpenNebula Conf 2014 | Puppet and OpenNebula - David Lutterkort
OpenNebula Conf 2014 | Puppet and OpenNebula - David Lutterkort
 
OpenNebula Conf 2014 | Lightning talk: OpenNebula at Etnetera by Jan Horacek
OpenNebula Conf 2014 | Lightning talk: OpenNebula at Etnetera by Jan HoracekOpenNebula Conf 2014 | Lightning talk: OpenNebula at Etnetera by Jan Horacek
OpenNebula Conf 2014 | Lightning talk: OpenNebula at Etnetera by Jan Horacek
 
ViFX Tech Connect: Containers & VMs
ViFX Tech Connect: Containers & VMsViFX Tech Connect: Containers & VMs
ViFX Tech Connect: Containers & VMs
 
Rasperry Pi and TI CC2650 IPv6 border router
Rasperry Pi and TI CC2650 IPv6 border routerRasperry Pi and TI CC2650 IPv6 border router
Rasperry Pi and TI CC2650 IPv6 border router
 
OpenNebula Conf 2014 | Lightning talk: OpenNebula Puppet Module - Norman Mess...
OpenNebula Conf 2014 | Lightning talk: OpenNebula Puppet Module - Norman Mess...OpenNebula Conf 2014 | Lightning talk: OpenNebula Puppet Module - Norman Mess...
OpenNebula Conf 2014 | Lightning talk: OpenNebula Puppet Module - Norman Mess...
 
OpenNebulaConf 2016 - Icinga2 - APIFY them all by Achim Ledermüller, Netways ...
OpenNebulaConf 2016 - Icinga2 - APIFY them all by Achim Ledermüller, Netways ...OpenNebulaConf 2016 - Icinga2 - APIFY them all by Achim Ledermüller, Netways ...
OpenNebulaConf 2016 - Icinga2 - APIFY them all by Achim Ledermüller, Netways ...
 
Simplify Networking for Containers
Simplify Networking for ContainersSimplify Networking for Containers
Simplify Networking for Containers
 

Similaire à Running CentOS on the Facebook fleet

CentOS Stream at Facebook
CentOS Stream at FacebookCentOS Stream at Facebook
CentOS Stream at FacebookDavide Cavalca
 
What's new with CentOS at Facebook
What's new with CentOS at FacebookWhat's new with CentOS at Facebook
What's new with CentOS at FacebookDavide Cavalca
 
Upgrading CentOS on the Facebook fleet
Upgrading CentOS on the Facebook fleetUpgrading CentOS on the Facebook fleet
Upgrading CentOS on the Facebook fleetDavide Cavalca
 
Deploying software at Scale
Deploying software at ScaleDeploying software at Scale
Deploying software at ScaleKris Buytaert
 
Stateless Hypervisors at Scale
Stateless Hypervisors at ScaleStateless Hypervisors at Scale
Stateless Hypervisors at ScaleAntony Messerl
 
Cobbler, Func and Puppet: Tools for Large Scale Environments
Cobbler, Func and Puppet: Tools for Large Scale EnvironmentsCobbler, Func and Puppet: Tools for Large Scale Environments
Cobbler, Func and Puppet: Tools for Large Scale EnvironmentsMichael Zhang
 
Puppet Camp New York 2014: Streamlining Puppet Development Workflow
Puppet Camp New York 2014: Streamlining Puppet Development Workflow Puppet Camp New York 2014: Streamlining Puppet Development Workflow
Puppet Camp New York 2014: Streamlining Puppet Development Workflow Puppet
 
Steamlining your puppet development workflow
Steamlining your puppet development workflowSteamlining your puppet development workflow
Steamlining your puppet development workflowTomas Doran
 
Fluo CICD OpenStack Summit
Fluo CICD OpenStack SummitFluo CICD OpenStack Summit
Fluo CICD OpenStack SummitMiguel Zuniga
 
Build and deployment
Build and deploymentBuild and deployment
Build and deploymentWO Community
 
Deploying to Ubuntu on Linode
Deploying to Ubuntu on LinodeDeploying to Ubuntu on Linode
Deploying to Ubuntu on LinodeWO Community
 
OpenStack Summit 2013 Hong Kong - OpenStack and Windows
OpenStack Summit 2013 Hong Kong - OpenStack and WindowsOpenStack Summit 2013 Hong Kong - OpenStack and Windows
OpenStack Summit 2013 Hong Kong - OpenStack and WindowsAlessandro Pilotti
 
Gentoo Linux, or Why in the World You Should Compile Everything
Gentoo Linux, or Why in the World You Should Compile EverythingGentoo Linux, or Why in the World You Should Compile Everything
Gentoo Linux, or Why in the World You Should Compile EverythingDonnie Berkholz
 
Packaging perl (LPW2010)
Packaging perl (LPW2010)Packaging perl (LPW2010)
Packaging perl (LPW2010)p3castro
 
Rmll Virtualization As Is Tool 20090707 V1.0
Rmll Virtualization As Is Tool 20090707 V1.0Rmll Virtualization As Is Tool 20090707 V1.0
Rmll Virtualization As Is Tool 20090707 V1.0guest72e8c1
 
Symfony under control. Continuous Integration and Automated Deployments in Sy...
Symfony under control. Continuous Integration and Automated Deployments in Sy...Symfony under control. Continuous Integration and Automated Deployments in Sy...
Symfony under control. Continuous Integration and Automated Deployments in Sy...Max Romanovsky
 

Similaire à Running CentOS on the Facebook fleet (20)

CentOS at Facebook
CentOS at FacebookCentOS at Facebook
CentOS at Facebook
 
CentOS Stream at Facebook
CentOS Stream at FacebookCentOS Stream at Facebook
CentOS Stream at Facebook
 
What's new with CentOS at Facebook
What's new with CentOS at FacebookWhat's new with CentOS at Facebook
What's new with CentOS at Facebook
 
Upgrading CentOS on the Facebook fleet
Upgrading CentOS on the Facebook fleetUpgrading CentOS on the Facebook fleet
Upgrading CentOS on the Facebook fleet
 
Deploying software at Scale
Deploying software at ScaleDeploying software at Scale
Deploying software at Scale
 
Stateless Hypervisors at Scale
Stateless Hypervisors at ScaleStateless Hypervisors at Scale
Stateless Hypervisors at Scale
 
Linux basics (part 2)
Linux basics (part 2)Linux basics (part 2)
Linux basics (part 2)
 
Cobbler, Func and Puppet: Tools for Large Scale Environments
Cobbler, Func and Puppet: Tools for Large Scale EnvironmentsCobbler, Func and Puppet: Tools for Large Scale Environments
Cobbler, Func and Puppet: Tools for Large Scale Environments
 
Cobbler, Func and Puppet: Tools for Large Scale Environments
Cobbler, Func and Puppet: Tools for Large Scale EnvironmentsCobbler, Func and Puppet: Tools for Large Scale Environments
Cobbler, Func and Puppet: Tools for Large Scale Environments
 
Puppet Camp New York 2014: Streamlining Puppet Development Workflow
Puppet Camp New York 2014: Streamlining Puppet Development Workflow Puppet Camp New York 2014: Streamlining Puppet Development Workflow
Puppet Camp New York 2014: Streamlining Puppet Development Workflow
 
Steamlining your puppet development workflow
Steamlining your puppet development workflowSteamlining your puppet development workflow
Steamlining your puppet development workflow
 
Fluo CICD OpenStack Summit
Fluo CICD OpenStack SummitFluo CICD OpenStack Summit
Fluo CICD OpenStack Summit
 
Build and deployment
Build and deploymentBuild and deployment
Build and deployment
 
Deploying to Ubuntu on Linode
Deploying to Ubuntu on LinodeDeploying to Ubuntu on Linode
Deploying to Ubuntu on Linode
 
OpenStack Summit 2013 Hong Kong - OpenStack and Windows
OpenStack Summit 2013 Hong Kong - OpenStack and WindowsOpenStack Summit 2013 Hong Kong - OpenStack and Windows
OpenStack Summit 2013 Hong Kong - OpenStack and Windows
 
Gentoo Linux, or Why in the World You Should Compile Everything
Gentoo Linux, or Why in the World You Should Compile EverythingGentoo Linux, or Why in the World You Should Compile Everything
Gentoo Linux, or Why in the World You Should Compile Everything
 
Packaging perl (LPW2010)
Packaging perl (LPW2010)Packaging perl (LPW2010)
Packaging perl (LPW2010)
 
RMLL / LSM 2009
RMLL / LSM 2009RMLL / LSM 2009
RMLL / LSM 2009
 
Rmll Virtualization As Is Tool 20090707 V1.0
Rmll Virtualization As Is Tool 20090707 V1.0Rmll Virtualization As Is Tool 20090707 V1.0
Rmll Virtualization As Is Tool 20090707 V1.0
 
Symfony under control. Continuous Integration and Automated Deployments in Sy...
Symfony under control. Continuous Integration and Automated Deployments in Sy...Symfony under control. Continuous Integration and Automated Deployments in Sy...
Symfony under control. Continuous Integration and Automated Deployments in Sy...
 

Plus de Davide Cavalca

Building community with CentOS Stream
Building community with CentOS StreamBuilding community with CentOS Stream
Building community with CentOS StreamDavide Cavalca
 
Hyperscale SIG Introduction
Hyperscale SIG IntroductionHyperscale SIG Introduction
Hyperscale SIG IntroductionDavide Cavalca
 
systemd @ Facebook in 2019
systemd @ Facebook in 2019systemd @ Facebook in 2019
systemd @ Facebook in 2019Davide Cavalca
 
State of systemd @ Facebook
State of systemd @ FacebookState of systemd @ Facebook
State of systemd @ FacebookDavide Cavalca
 
Building Better FLOSS Community Relationships @ FB
Building Better FLOSS Community Relationships @ FBBuilding Better FLOSS Community Relationships @ FB
Building Better FLOSS Community Relationships @ FBDavide Cavalca
 
Building Better FLOSS Community Relationships @ FB
Building Better FLOSS Community Relationships @ FBBuilding Better FLOSS Community Relationships @ FB
Building Better FLOSS Community Relationships @ FBDavide Cavalca
 
Deploying systemd at scale
Deploying systemd at scaleDeploying systemd at scale
Deploying systemd at scaleDavide Cavalca
 

Plus de Davide Cavalca (7)

Building community with CentOS Stream
Building community with CentOS StreamBuilding community with CentOS Stream
Building community with CentOS Stream
 
Hyperscale SIG Introduction
Hyperscale SIG IntroductionHyperscale SIG Introduction
Hyperscale SIG Introduction
 
systemd @ Facebook in 2019
systemd @ Facebook in 2019systemd @ Facebook in 2019
systemd @ Facebook in 2019
 
State of systemd @ Facebook
State of systemd @ FacebookState of systemd @ Facebook
State of systemd @ Facebook
 
Building Better FLOSS Community Relationships @ FB
Building Better FLOSS Community Relationships @ FBBuilding Better FLOSS Community Relationships @ FB
Building Better FLOSS Community Relationships @ FB
 
Building Better FLOSS Community Relationships @ FB
Building Better FLOSS Community Relationships @ FBBuilding Better FLOSS Community Relationships @ FB
Building Better FLOSS Community Relationships @ FB
 
Deploying systemd at scale
Deploying systemd at scaleDeploying systemd at scale
Deploying systemd at scale
 

Dernier

data_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdfdata_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdfJiananWang21
 
KubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghlyKubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghlysanyuktamishra911
 
PVC VS. FIBERGLASS (FRP) GRAVITY SEWER - UNI BELL
PVC VS. FIBERGLASS (FRP) GRAVITY SEWER - UNI BELLPVC VS. FIBERGLASS (FRP) GRAVITY SEWER - UNI BELL
PVC VS. FIBERGLASS (FRP) GRAVITY SEWER - UNI BELLManishPatel169454
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756dollysharma2066
 
Double Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torqueDouble Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torqueBhangaleSonal
 
Call for Papers - International Journal of Intelligent Systems and Applicatio...
Call for Papers - International Journal of Intelligent Systems and Applicatio...Call for Papers - International Journal of Intelligent Systems and Applicatio...
Call for Papers - International Journal of Intelligent Systems and Applicatio...Christo Ananth
 
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...ranjana rawat
 
Generative AI or GenAI technology based PPT
Generative AI or GenAI technology based PPTGenerative AI or GenAI technology based PPT
Generative AI or GenAI technology based PPTbhaskargani46
 
University management System project report..pdf
University management System project report..pdfUniversity management System project report..pdf
University management System project report..pdfKamal Acharya
 
Intze Overhead Water Tank Design by Working Stress - IS Method.pdf
Intze Overhead Water Tank Design by Working Stress - IS Method.pdfIntze Overhead Water Tank Design by Working Stress - IS Method.pdf
Intze Overhead Water Tank Design by Working Stress - IS Method.pdfSuman Jyoti
 
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night StandCall Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Standamitlee9823
 
notes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.pptnotes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.pptMsecMca
 
Thermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . pptThermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . pptDineshKumar4165
 
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...SUHANI PANDEY
 
Online banking management system project.pdf
Online banking management system project.pdfOnline banking management system project.pdf
Online banking management system project.pdfKamal Acharya
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Call Girls in Nagpur High Profile
 
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Bookingroncy bisnoi
 

Dernier (20)

data_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdfdata_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdf
 
Roadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and RoutesRoadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and Routes
 
KubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghlyKubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghly
 
PVC VS. FIBERGLASS (FRP) GRAVITY SEWER - UNI BELL
PVC VS. FIBERGLASS (FRP) GRAVITY SEWER - UNI BELLPVC VS. FIBERGLASS (FRP) GRAVITY SEWER - UNI BELL
PVC VS. FIBERGLASS (FRP) GRAVITY SEWER - UNI BELL
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
 
Double Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torqueDouble Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torque
 
Call for Papers - International Journal of Intelligent Systems and Applicatio...
Call for Papers - International Journal of Intelligent Systems and Applicatio...Call for Papers - International Journal of Intelligent Systems and Applicatio...
Call for Papers - International Journal of Intelligent Systems and Applicatio...
 
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
 
Generative AI or GenAI technology based PPT
Generative AI or GenAI technology based PPTGenerative AI or GenAI technology based PPT
Generative AI or GenAI technology based PPT
 
University management System project report..pdf
University management System project report..pdfUniversity management System project report..pdf
University management System project report..pdf
 
Intze Overhead Water Tank Design by Working Stress - IS Method.pdf
Intze Overhead Water Tank Design by Working Stress - IS Method.pdfIntze Overhead Water Tank Design by Working Stress - IS Method.pdf
Intze Overhead Water Tank Design by Working Stress - IS Method.pdf
 
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night StandCall Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
 
notes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.pptnotes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.ppt
 
Thermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . pptThermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . ppt
 
NFPA 5000 2024 standard .
NFPA 5000 2024 standard .NFPA 5000 2024 standard .
NFPA 5000 2024 standard .
 
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
 
Online banking management system project.pdf
Online banking management system project.pdfOnline banking management system project.pdf
Online banking management system project.pdf
 
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
 
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
 

Running CentOS on the Facebook fleet

  • 1.
  • 2. Running CentOS on the Facebook feet Davide Cavalca Production Engineer
  • 3. • Infrastructure • Packaging • OS Updates • Chef • Provisioning • Containers Agenda
  • 5.
  • 6. • OS team manages the bare metal experience of the feet • OS as a platform • Individual teams are responsible for their own hosts Infrastructure How does it work?
  • 7. • Community sets the direction • We move fast; opensource often moves faster • We don’t need to write everything ourselves • Sharing our code means sharing the maintenance and having others extend it • DevConf.CZ 2017 talk: https://tinyurl.com/y7gx6nro Infrastructure Upstream frst
  • 8. • Stable releases • Binary compatibility • Security updates • Mature and well understood tooling • EPEL • Close relationship with Fedora Infrastructure Why CentOS?
  • 9. • Backports from Fedora Rawhide for stuf we care about • Mostly plumbing and low-level packages • %facebook macro to gate internal stuf • GitHub: facebookincubator/rpm-backports • CentOS + FTL = stable distro, moving fast Infrastructure FTL – Fast Thin Layer
  • 10. • Rawhide backport of latest stable • GitHub: facebookincubator/systemd-compat-libs • Tracking upstream development in master • New features: cgroup2, DynamicUsers, etc. • fb_systemd and fb_timers cookbooks • All Systems Go 2017 talk: https://tinyurl.com/ycx6525p Infrastructure Plumbing – systemd
  • 11. • CentOS version + backported network-scripts from master • IPv6 improvements, per-device routes, ifdown • GitHub: fedora-sysv/initscripts Infrastructure Plumbing – initscripts
  • 12. • Upstream kernel (or as close as possible) • Development in master • Internal stable and development branches • Testing and rollout automation • SCALE 15x talk: https://tinyurl.com/ybqgwn47 Infrastructure Kernel
  • 14. • Public mirror at http://mirror.facebook.net/centos/ • Upstream repos straight from CentOS • Internal repos: site-packages and fb-runtime • Extra oneof repos for special cases Packaging Server side – layout
  • 15. • Per-region package masters • Stored in Subversion (+ GlusterFS) • Served per-region via Apache2 • Per-cluster Varnish caches Packaging Server side – implementation
  • 16. • Yummy: mock wrapper with SCM integration • Store specfles + patches in source control • Store blobs in GlusterFS-backed NFS • Automation to sync to GitHub Packaging Tooling – system packages
  • 17. • Packman: rpmbuild wrapper for simple RPMs • Integrates with buck and our SCM tooling • Build software, generate specfle, package it up • Simple YAML confguration Packaging Tooling – fb-runtime packages
  • 18. • Backported RPM from Rawhide • yum-utils from CentOS + backported PRs • DNF from rpmsoftwaremanagement/dnf-nightly copr • fb_rpm and fb_yum cookbooks Packaging Client side
  • 19. • I/O thrash fsync() on close() (PR#187 on rpm)→ • rpmdb corruption issues dcrpm→ • Zero byte fles reprovision→ • Duplicate packages package-cleanup wrapper→ • Scaling Yum pkgtorrent (PR#14 on yum-utils)→ Packaging RPM and Yum at scale
  • 20. • Automate detection and remediation of common issues • rpmdb corruption, stuck processes, etc. • Works on Linux and OSX (!) • Runs before every Chef run • GitHub: facebookincubator/dcrpm Packaging dcrpm
  • 21. Packaging dcrpm – before and after • RPM-related failures over time • Baseline of errors still WIP
  • 22. • Merge package-cleanup wrapper into dcrpm • Test new database format • Test DNF in production • DNF package provider in Chef Packaging Work in progress
  • 24. • CentOS 5 6 and 6 7→ → • No in-place updates: reprovision the host from scratch • Easier to ensure a good state • Side efect: clean slate ofers opportunity to deprecate unwanted features or tools OS updates Major releases
  • 25. • About a year from initial PoC to frst production machine • About two years to migrate 100% of the feet • Documentation and automation • Stateless vs stateful services • Prerequisites and hidden dependencies OS updates CentOS 7 migration
  • 26. • Rolling OS updates • Every two weeks we sync down the latest updates… • …and roll them out over two weeks • Easy stop button and opt out for individual packages OS updates Minor releases and security updates
  • 27. • /yum/centos/7.x/rollingupdates/YYYYMMDD • Tool to automate syncing and validation • ‘yum upgrade’ kicked of via fb_yum • Manual per-host override • Early canary 0.1% 1% 2% …→ → → → OS updates Rolling OS updates – implementation
  • 28. Chef
  • 29. • Idempotent resources • Only start sshd when actually needed Chef Philosophy service 'sshd' do action [:enable, :start] end
  • 30. • Separation of data and confg Chef Philosophy node.default['fb_networking']['interfaces']['eth1'] = { 'ip => '10.0.0.12', 'netmask' => '255.255.255.0', 'onboot' => 'yes', 'bootproto' => 'static', } node.default['fb_sysctl']['vm.dirty_ratio'] = 25
  • 31. • Confguration as programming Chef Philosophy # determines proper DSR interface type and next index # automatically for us: node.add_dsr_vip('172.31.255.10')
  • 32. • Expose APIs via attributes • Use providers for implementation • Global defaults and local overrides • GitHub: facebook/chef-utils • Atmosphere 2014 talk: https://tinyurl.com/ychqprft Chef Data driven confguration
  • 33. • Chef cookbooks in SCM • GitHub: facebook/chef-cookbooks • Servers are as stateless as possible • chefctl.rb runner for locking, logging and custom hooks • GitHub: facebook/grocery-delivery Chef Infrastructure
  • 34. • Develop locally, then test on real machines • Spin local chef-zero instance and repoint target to it • GitHub: facebook/taste-tester Chef Testing
  • 36. Provisioning From zero to production • Standard kickstart netbooting fow • Kea, dhcplb, fbtftp • GitHub: facebookincubator/dhcplb • GitHub: facebook/fbtftp • LoL – using Linux to boot Linux • Anaconda from Rawhide • Internal tooling for orchestration
  • 38. Containers Also running CentOS • Tupperware: our container platform • Layered CentOS base image • Btrfs flesystem • Chef-solo for image customization • All Systems Go 2017 talk: https://tinyurl.com/y79hs7pq