We all wish testing applications was as much fun as watching Hulu content. Just sit back, watch some Family Guy or The Office, and the app is fully tested. While sometimes this is part of our quality assurance process, most of the time testing is much more mundane. Logging in, logging out, resetting passwords, adding items to your queue, checking watch history, checking search results, rotating the device, making sure you can’t watch Chasing Amy when logged with a 13-year-old’s account, ensuring correct ad logic… And as tedious as this might be to do on a beautiful new iPad with a Retina display, you have to repeat this process on the iPad 3, and iPad 2, and on the iPad 1. And then a new build comes, and we do it all over again.

Test automation is the obvious solution. On the iOS team we’ve traditionally relied on Apple’s UIAutomation, which is a cool framework that lets you simulate user behaviors (such as taps, scrolling, flicks, rotations, string input, etc) and check UI elements in JavaScript. At first, watching buttons get magically tapped by an invisible ghost navigating throughout the app is impressive. Eventually, however, we found ourselves spending more time maintaining the script than the time saved from the automation process. One reason is that the automation script covers a rather small portion of test scenarios, and the other reason is that the automated tests are sometimes fragile, causing false negatives due to a changed application view layering rather than a legitimate bug.

With the goals of making test scripts easier to write and making their performance more reliable and robust, we created the library called GSAutomation. (Wondering where the prefix GS is from? Check out our last year’s blog post on GSFancyText.) It is an extension/wrapper for UIAutomation, which makes iOS app testers’ and test script developers’ lives a lot easier.

First, GSAutomation makes writing scripts parallel real human testers’ behaviors. For example, if you want to tap a button and then check if some label says the right thing, just define a task array like:

task = [
  [Tap, "Button"],
  [Check, "Text I'm expecting", "Text I'm expecting from another label"],
]

And then call performTask(task)

A task array consists of a number of steps. Each step is itself an array starting with the action name, followed by a series of parameters (e.g. for “Tap” it’s the title of a button, for “Check” it’s a list of labels/text views.) The simplicity of this syntax means that it’s no longer a requirement to be a software developer to create a test. Anyone with a text editor and some light education about the syntax can chip in and get their favorite features covered by tests that are running nightly.

But why arrays? Why not just define some helper methods and then make the scripts like

Tap("Button");
Check("label1", "label2");

One reason is of course that in the Cult of Objective-C we think square brackets are more beautiful than parentheses. Another reason is that while interating with the task arrays, we got many instabilities and sharp edges handled with some common logic. So the scripts are more robust against all scenarios. For example, there is always one second delay between individual actions. Also, for tapping or checking results, if the element you are looking for doesn’t exist at the beginning, we patiently wait for some more time since we know it might be either network latency or an old device’s poor CPU.

To make tests even more robust, GSAutomation offers a failure rescue mechanism for some actions. For example, when we test the player within the Hulu Plus app, if our script fails to tap the pause button it might not be because pausing is broken — instead, it could have been that the control bar auto-hid after seconds of inactivity. So we simply tap the screen center and try the pause button again. The step array here will be:

[Tap, "pauseButton", [TapPoint, screenCenter()]]

The last parameter in this step is the rescue action if the original action failed. Note that in this example, the pauseButton doesn’t have a text title, so we refer to it by the image file name — credit for this flexibility goes to UIAutomation (and more fundamentally, UIAccessibility, which determines how UI elements are referred to within UIAutomation).

Other than this task array based workflow, GSAutomation also provides a list of helper methods to work around the need to use Apple’s long method name convention and make basic jobs much simpler. So for example you can call isPad() to check whether it’s iPad; you can call win() to get the main window; you can call log(“some text”) instead of UIALogger.logDebug(“some text”).

Interested and want to give a try? Check it out at http://github.com/hulu/gsautomation

The project includes an example with a simple iOS app project and GSAutomation based test scripts. For full definition of actions, parameters, and ways to reference an UI element, check the README on Github.

Bao Lei is a software developer on the mobile team who works on our iOS platform.

At Hulu, our development teams (and individual developers) have a lot of freedom in their choice of development tools. Our overridding principle is “make the best choice for your project”, which means that we expect you to evaluate tools and platforms that are already used within the company as well as those that are new to us. While sometimes the project’s needs will drive its development team to choose something new, there are a lot of people at Hulu who make the choice of Python.

This year, as part of our commitment to Python, we are helping to sponsor PyCon 2013. Look for a few Hulugans on the conference floor and at our booth too. If you are there, stop by our booth to chat about what kinds of things we do with Python.

We like Python for its speed of development and execution, its diverse libraries, and for being easy enough to read to easily let new developers get acquainted with a project. We use Python widely, for tasks big and small. The small might include scripts to help with deployment or monitoring, or wrappers around git or other tools. The large includes systems that are core to our application API. Some internal examples are below.

Deejay

At the core of our devices is an application we call Deejay. When our desktop, living room, and mobile apps start up, they connect to Deejay to learn about the Hulu environment they’re connecting to. An iPhone in Japan needs to know to use a different information architecture than an iPhone in the US. The PS3 app will need a different set of icons than an Xbox. In addition to general configuration, the Deejay service is used to help in streaming video.

Obviously, to support these core API needs, the service needs to be very high performance. Python, together with CherryPy, gunicorn, and gevent more than provides for this.

Ectyper

Python and the Tornado web server are behind the service that we at Hulu use to resize, crop, and otherwise manipulate images that get displayed by our site and by our device apps. We’d open sourced the core of this service a bit ago, and have used it extensively. The service provides a consistent HTTP front-end to some imagemagick capabilities, and allows an app to request an image of a particular size with a particular effect applied — whatever an app needs at the moment. Given our scale, this service benefits greatly from living behind a cache (whether local or CDN-based).

Sod

There comes a time in every company’s life when devops gets sick and tired of developers saying, “I’d like another machine for my service”. We’d gotten to this point some time ago, and built Sod. This platform is the foundation of our private cloud. It allows any of our developers to create a Xen-based virtual machine (running Centos, Ubuntu, or Windows), get it up on the correct part of our network, endow it with the desired amount of RAM and drive space, and launch it — within less than a minute. Whether using a web user interface, an API, or a command-line tool, Sod is our centralized interface to a cluster of Xen nodes. It abstracts the interaction with Xen and handles its peculiarities. It also helps our devops team to manage VM operations like cross-host moves. By integrating with our internal authenticaion system it also helps us keep track of machine and service ownership throughout our environment. We built Sod with CherryPy, gunicorn, gevent, and based its data store on MySQL.  

Donki

There comes a further time in a company’s life when developers start spinning up VMs to host a one-off web service. The developers want the service to be fault-tolerant — so they spin up multiple instances and get them load-balanced. They want to know how well the service runs, so they build log collection systems. They want to have the service geo-distributed, so they create their own schemes for hosting this in multiple data centers.

Donki was built to make this much more simple. At its core it’s a service for hosting other services. Developers write any wsgi-compliant service, then git push it to donki, which handles the rest. This includes deployment, pre-release smoke testing, setting up DNS and load balancing, handling data center distribution, log collection, and much more. Donki guarantees that at least 2 instances (or more, depending on load) are always up. Under the covers, Donki uses Sod and other internal devops services to orchestrate its hosting. In fact, the Sod service itself is hosted by Donki. We wrote Donki using Django for the front-end.

 

Parley

What started off as a Hack Day project for a couple of us has become an important part of many people’s lives at Hulu. After noticing that we pay significant money for a telco phone conferencing service, we hacked on a Django-based system to use the Twilio API to create a phone conferencing service. After a weekend it was a working prototype, and after a few more weeks we launched it to the company. By January of this year, we had 400+ users participating in 1,300+ calls per month — at a fraction of the cost our telco-based service cost us, and with a great deal of flexibility. Like many other such apps, Parley runs as a Donki-managed service.

There are many more Python projects at Hulu. From small to big, we depend on the language and its ecosystem to drive our business. So it’s with pride that we sponsor this year’s PyCon, and hope to continue to have a wonderful symbiotic relationship with the language, its future advances, and its great influence for years to come.

At Hulu we use Jenkins as our continuous integration system. We use it on Windows, Linux, and OS X — depending on the platform of the project.

Recently, we noticed that our Windows build machine exhibited a strange issue. From time to time, some builds were triggered automatically without new commits or any manual operations. We started calling them them “ghost builds”. Here’s a snippet of our Hipchat log:

PaymentsJenkins Build 4162 for project pay-net-master: SUCCESS. No commits. December 9, 2012
PaymentsJenkins Build 4163 for project pay-net-master: SUCCESS. No commits. December 10, 2012
PaymentsJenkins Build 4164 for project pay-net-master: SUCCESS. No commits. December 10, 2012
PaymentsJenkins Build 4165 for project pay-net-master: SUCCESS. No commits. December 10, 2012
PaymentsJenkins Build 4166 for project pay-net-master: SUCCESS. No commits. December 11, 2012
PaymentsJenkins Build 4167 for project pay-net-master: SUCCESS. No commits. December 11, 2012
PaymentsJenkins Build 4168 for project pay-net-master: SUCCESS. No commits. December 11, 2012
PaymentsJenkins Build 4169 for project pay-net-master: SUCCESS. No commits. December 12, 2012
PaymentsJenkins Build 4170 for project pay-net-master: SUCCESS. No commits. December 12, 2012

Now, errant automated builds don’t really hurt anyone. But at some point Sizheng decided that we ought to fix it.

Sizheng Chen   2:52 PM
i will pay a decent lunch if anyone can fix the ghost jenkin build issue

So, let’s figure out the issue for this “decent lunch”.

If you take a look at the log of the ghost build, you’ll find something interesting:

Started on Feb 3, 2013 2:40:34 PM
Using strategy: Default
[poll] Last Build : #94
[poll] Last Built Revision: Revision 82846c5e8a046e81c5e20874d2cd767449884304 (origin/develop)
Workspace has a .git repository, but it appears to be corrupt.
No Git repository yet, an initial checkout is required
Done. Took 12 sec
Changes found

Reason

Turns out, this is a common issue in Windows Jenkins. According to JENKINS-11547, the main reason is that there are just too many jobs making git requests at once.

Work Around

Configure Jenkins jobs with a different auto-polling schedule, so that they have less of a chance to overlap.

Here is what I changed:

pay-net-master: Polling SCM: */10 * * * *
pay-net-develop: Polling SCM: */11 * * * *

Result

The ghost builds haven’t occurred any more. And Sizheng owes me a lunch.

Jia Cao is a software developer in our Beijing office.

Hulu hosted the Los Angeles Scala Users Group’s October 2012 meet up as part of our ongoing support of the local tech community.

Our two speakers included our own Ben Hardy, who gave an introductory presentation on Scala’s Option class, and local Scala authority Paul Snively, who gave a detailed presentation on SLICK. SLICK is Scala 2.10′s advanced type-safe database access layer, which provides a lightweight alternative to ORM, and provides functional manipulation techniques for objects in databases.

Stay tuned for more Hulu tech community events!

Check out the video of the event below.

Chef is an open source configuration management and system integration framework that is generating a lot of interest and momentum these days. At Hulu, we are also actively investing in Chef infrastructure to simplify operations.

Among the many benefits that Chef provides, I am personally intrigued by the possibility of unifying “server provisioning” and “application deployment” under single framework. Traditionally, server provisioning has been the territory of system administrators (a.k.a the ops team), while software developers usually guide application deployment.

This division is a natural one, since correctly provisioning a server or an entire infrastructure often involves fairly different skill sets and knowledge from those of software development. Nonetheless, the requirements for how applications are installed and configured come from software developers. This division is unfortunate, since it invites developers to be one layer removed from actual production considerations. This often results in an application working perfectly in the development environment, but breaking once it is deployed to production.

There is no silver bullet for this problem, but bringing system provisioning and application deployment under same framework is a step in the right direction. This creates an environment in which developers and operations can collaborate closely towards a common goal – completely automating the process of bringing up a functional application server starting from bare metal hardware.

System Provisioning

Automated provisioning process should be managed under source control, just like any application code. It should be deterministic, repeatable, flexible, well-organized and predictably convergent. Here are some of Chef features and characteristics that can help implement such an automated process.

1) Chef recipes, roles and “run lists” define the order of configuration changes deterministically. They are just Ruby code, and they will execute in the same sequence of operations every time they run.

2) Chef attributes can be overridden at multiple levels of organization, and you can normalize your configuration items (e.g. node attributes in Chef) into cookbook, environment, role or node defaults and overrides. Here is the actual node attribute precedence from low to high:

cookbook default < environment default < role default < node default
    < cookbook set < node set < cookbook override < role override
              < environment override < node override

By using this precedence rule, you can configure node attributes across an entire Chef environment with a single configuration change, or override one specific node’s attribute without making changes to the rest of the environment.

3) Chef provides search capability in the form of a Ruby API as well as web service. This allows your recipes to query the server and make configuration decisions based on the query result. With this feature, you can write your recipes in such way that every node in your infrastructure can automatically converge towards the correct configuration for the environment to which it belongs.

The above features are only a subset of the capabilities provided by the Chef framework. There are yet other benefits, such as an active community of experienced system administrators and developers. But enough talk about provisioning-related benefits: let’s examine how you might integrate your application deployment with Chef!

Application Deployment: Ruby on Rails Example

If you work on web applications, you often deploy your applications straight from source code without going through a build process or packaging system. Chef supports such deployment scenarios very well. Let’s go over a Ruby on Rails deployment scenario to make this more concrete.

Once you have your Ruby environment set up, Rails scaffolding makes getting up and running with Ruby on Rails a breeze. However, when you are ready to deploy your Rails application to production there are many questions that need to be answered:

1. How will you install the version of Ruby necessary for your Rails application?
2. How do you create your application’s service account?
3. How do you set up data and log directories? What about log rotation?
4. How do you set up a reverse proxy, such as nginx?
5. How do you start/stop/monitor your Rails application process?

Let’s look at how you can use Chef to address these questions! We will use an application called “cage” as a convenient example below. Cage is a Rails application I wrote for the Hulu Hackathon in March 2012.

Quick Introduction to Chef Concepts

Before we dive into details around the recipe for deploying a Rails application, let’s review a minimum set of basic Chef concepts.

Chef server is the repository of infrastructure configuration information. It is basically a data stroage backend and corresponding web service front end that provides RESTful APIs for chef clients to access configuration information about the node that the client is running on. A node maps to a machine in your infrastructure, and every node belongs to a Chef environment. You can organize your infrastructure into multiple Chef environment for management purposes. For example, you might have production, staging, and QA Chef environments.

A cookbook is a collection of related recipes, attributes, and templates files, which collectively describe how a software package is to be installed and configured. Recipes consist of resources, which represent the smallest unit of configuration activity. For example, a “user” resource represents a local user account to be provisioned according to resource attributes, such as user ID, group ID and home directory. Cookbooks are uploaded to Chef server to represent infrastructure components that are available.

Each node in Chef has a run list that lists recipes and roles are assigned to it in the order of execution. A role consists of other roles and recipes that should be executed. Hence, you can compose a new application role based on existing roles and recipes. For example, an application role may consist of a nginx recipe, a rails recipe, and a log rotation recipe.

A data bag stores arbitrary information about the infrastructure in a nested hash structure. Just like any other Chef objects, it can be accessed via RESTful API. A data bag does not belong to a specific Chef environment, so it should be used to store truly global configuration items. You can also encrypt a data bag to store sensitive information that you need to keep out of your source code repository.

You can read about these concepts in more detail at Opscode community wiki site.

Cage Cookbook Directory Structure

Here is my cookbook structure for cage (inside Hulu’s Chef git repo).

cage
├── attributes
│   └── default.rb                 # default cookbook attributes
├── metadata.rb                    # cookbook definition
├── README.rdoc
├── recipes
│   ├── default.rb                 # includes service, deploy, nginx, runit recipes
│   ├── deploy.rb                  # cage:deploy recipe contains deploy_revision resource
│   ├── nginx.rb                   # cage:nginx recipe
│   ├── runit.rb                   # cage:runit recipe (= process init/monitoring)
│   └── service.rb                 # cage:service recipe
└── templates
    └── default
        ├── logrotate.conf.erb     # logrotate configuration template
        ├── nginx.erb              # nginx configuration template
        ├── service.yml.erb        # application configuration template
        ├── sv-cage-log-run.erb    # runit svlogd “run” file
        └── sv-cage-run.erb        # runit “run” file

As you can see, rather than having one default recipe file, I broke up the recipe into 4 small pieces, and include them in main recipe file recipes/default.rb.

Ruby Installation

If you are running on an Ubuntu platform (e.g. Ubuntu 10.04 LTS), you may not have the latest Ruby package in the official Ubuntu apt repository. For example, Cage was developed as Rails 3.2 application running on Ruby 1.9.3. Also, I would like my application’s Ruby installation to be separated from system Ruby installation if any.

For this, we have an internal Debian package called hulu-ruby19, which installs a clean copy of Ruby into /opt/hulu/ruby-1.9.3 directory. This package also contains the latest rubygem module as well as the latest bundler gem. The idea is that once this package is installed, any ruby gems can be managed by the bundler from there on. We also have an internal Debian repository that will serve up this package. So, in my Chef recipe, I just need to add the following line at the top of cage/recipe/deploy.rb file.

package 'hulu-ruby19'

Application Account Creations

It is usually a bad idea to run your applications as root. At Hulu, our applications run under application-specific machine-local accounts, and each account needs to be created. For Cage, I add the following snippet to the JSON file that define the service account data bag.

"cage": { "uid": 975, "gid": 975, "shell" : "/bin/false", "home": "/tmp", “system”: true},

We store our accounts in a data bag, and create it consistently across all Linux boxes. In this case, we are creating an account called “cage” with UID/GID of 975. This is a “system” account that my application will run under, and has no interactive login credentials. Once you have this data bag item, it’s trivial to map the data to the corresponding user resource in Chef DSL.

Application Directories

Now that we have the two external dependencies taken care of (Ruby installation and user account creation), let’s examine how Cage is installed. All files used by our application are installed into /opt/hulu/cage directory, which is laid out as follows.

$ tree -L 3 /opt/hulu/cage
/opt/hulu/cage
├── current -> /opt/hulu/cage/releases/5ed123d91ee74210341765d76271d314fe58f3d0
├── releases
│   ├── 5ed123d91ee74210341765d76271d314fe58f3d0
│   │   ├── app
│   │   ├── conf -> /opt/hulu/cage/shared/conf
│   │   ├── config
│   │   ├── config.ru
│   │   ├── data -> /opt/hulu/cage/shared/data
│   │   ├── db
│   │   ├── doc
│   │   ├── Gemfile
│   │   ├── Gemfile.lock
│   │   ├── lib
│   │   ├── log -> /opt/hulu/cage/shared/log
│   │   ├── public
│   │   ├── Rakefile
│   │   ├── README.rdoc
│   │   ├── script
│   │   ├── test
│   │   ├── tmp -> /opt/hulu/cage/shared/tmp
│   │   └── vendor
│   └── f419316f9bc63bc20ee7f348f7519461771916ee
│       └── ...
└── shared
    ├── ...
    └── vendor_bundle

First, specific snapshots of the application repository are installed into the /opt/hulu/cage/releases/<revision> directory. Then, symbolic links are created into /opt/hulu/cage/shared directory, which survives across application deployment. Finally, /opt/hulu/cage/current symbolic link is switched to point to the latest release (in this case 5ed123d91ee74210341765d76271d314fe58f3d0 directory). We use symbolic links here because Ruby on Rails assumes that it can write to certain subdirectories from its installation root. For example, Rails will create log files under the Rails.root + “/log” directory.

If you have used Capistrano before, this process should be familiar. This style of deployment was directly ported from Capistrano, and is available as Chef resource called “deploy_revision”. Let’s examine the use of deploy_revision resource inside cage/recipes/deploy.rb below.

CAGE_SERVICE_ROOT = '/opt/hulu/cage'
deploy_revision CAGE_SERVICE_ROOT do
  deploy_to         CAGE_SERVICE_ROOT
  repo              'ssh://hulu-internal-git-repository/repos/cage.git'
  ssh_wrapper       "/home/chefclient/bin/gitssh"
  revision          node['cage']['revision_tag']
  action            node['cage']['release_action']
  shallow_clone     true
  enable_submodules true
  migrate           false
  environment       "RAILS_ENV" => node['cage']['rails_env']
  purge_before_symlink %w{conf data log tmp public/system public/assets}
  create_dirs_before_symlink []
  symlinks(                        # the arrow is sort of reversed:
    "conf"   => "conf",            # current/conf          -> shared/conf
    "data"   => "data",            # current/data          -> shared/data
    "log"    => "log",             # current/log           -> shared/log
    "tmp"    => "tmp",             # current/tmp           -> shared/tmp
    "system" => "public/system",   # current/public/system -> shared/system
    "assets" => "public/assets"    # current/public/assets -> shared/assets
  )
  before_restart do
    Dir.chdir '/opt/hulu/cage/current'
    system("/opt/hulu/ruby-1.9.3/bin/bundle install") or raise "bundle install failed"
    system("RAILS_ENV=#{node.cage.rails_env} /opt/hulu/ruby-1.9.3/bin/rake assets:precompile")
  end
  notifies :restart, "service[cage]"
  notifies :restart, "service[nginx]"
end

The above recipe code does the following:

1) Check out the revision specified as node attribute node['cage']['revision_tag'] from the git repository specified by “repo”, using the ssh_wrapper in chefclient user’s home directory. This wrapper is used to specify the necessary credentials to ssh when accessing git repository. Here is the content of /home/chefclient/bin/gitssh.

#!/bin/sh
exec ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i "/home/chefclient/.ssh/id_rsa" "$@"

The -o options given in the ssh command line above are used to avoid interactive warnings like:

The authenticity of host 'hulu-internal-git-repository (10.12.49.133)' can't be established.
RSA key fingerprint is 89:62:0f:9c:78:d6:f5:ce:e6:b8:36:38:e4:c7:d4:f0.
Are you sure you want to continue connecting (yes/no)?

The -i option specifies the private key to be used for accessing the git repository.

Notice that node[’cage’][’revision_tag’] attribute can be overridden at the Chef environment level (e.g. “production” or “staging” or “qa”) to specify the revision to be deployed across all machines that belong to each chef environment.

2) node[’cage’][’release_action’] attribute may be “deploy”, “force_deploy” or “rollback”. The Chef client will examine the currently deployed revision, and will bail out if it determines that that this revision is already deployed — i.e. that the target release tag is the current revision tag. The “force_deploy” option is a convenient way to override this behavior, allowing a full redeployment of the application. This is particularly handy if you are debugging your Chef recipe that performs deployment.

3) Other interesting resource attributes are “purge_before_symlink” and “symlinks”. These attributes specify symbolic links to be created from /opt/hulu/cage/releases/<revision>/ directories to /opt/hulu/cage/shared directory.

Note that the direction of arrows in “symlinks” attribute appear to be reversed. “system” => “public/system” means to create a symbolic link from “/opt/hulu/cage/releases/<revision>/public/system” to /opt/hulu/cage/shared/system directory.

4) There are several hooks that allow you to inject some custom actions during deployment. In this example, we are using the “before_restart” hook to precompile Rails assets (under Rails.root + “/app/assets” directory in source tree) before restarting the service. This is required if your Rails application is running in “production” mode.

5) Finally, notice the “notifies” attributes at the bottom of the resource definition. Notification resources in Chef are used to delay certain actions until prerequisites are satisfied. Elsewhere in our “cage” recipe, we defined the cage service resource and the nginx service resource. Here, we are notifying those resources to “restart” themselves once deployment is finished.

Nginx Set Up

You can use the community nginx cookbook to set up nginx fairly easily. In our example, I wanted to show how you can serve up your application from port 80, which is by default assigned to the default nginx site. Here is what our recipes/nginx.rb looks like:

template "#{node.nginx.dir}/sites-available/default" do
  source "nginx.erb"
  owner "root"
  group "root"
  mode 0644
  variables(
    :service_name     => "cage",
    :service_port     => "80",
    :worker_port      => "8800",
    :nginx_access_log => "/opt/hulu/cage/shared/log/nginx-access.log",
    :nginx_error_log  => "/opt/hulu/cage/shared/log/nginx-error.log"
  )
end
nginx_site 'default' do
  options(:enable => true)
end

Here is what cage/templates/default/nginx.erb looks like:

server {
  listen <%= @service_port -%>;
  server_name <%= @service_name -%>;
  access_log <%= @nginx_access_log -%>;
  error_log <%= @nginx_error_log -%> warn;
  location / {
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_pass http://localhost:<%= @worker_port -%>/;
  }
}

This will set up /etc/nginx/sites-available/default by instantiating the ERB template, and enable the nginx default site that will proxy for our Cage application.

Runit Set Up

Runit is a process initialization and monitoring solution often used by Opscode-authored cookbooks. One obvious benefit of using runit is that you don’t need to worry about writing your own init.d script, which is often a hassle to get right. Runit will capture STDOUT from your application and log it and rotate it automatically. Also, runit monitors and restart your application process if it dies for some reason.

There is a community cookbook for Runit that works well on Ubuntu. Here is how I use this cookbook.

1) Include the runit recipe, and add a runit_service resource as follows.

include_recipe 'runit'
runit_service 'cage' do
  options(
    :service_curr => '/opt/hulu/cage/current',
    :owner        => 'cage',
    :group        => 'www-data',
    :unicorn      => '/opt/hulu/ruby-1.9.3/bin/unicorn',
    :logdir       => '/opt/hulu/cage/shared/log',
    :rails_env    => 'production'
  )
end

We will be running our application process as ‘cage’, but our effective group ID will be www-data. Also, we will be using unicorn to run our Rails application.

2) Create templates/default/sv-cage-run.erb, which will turn into a /etc/sv/cage/run file when instantiated (replace “cage” in the ERB file name with your application name). The content of the ERB file looks like the following.

#!/bin/bash
cd <%= @options[:service_curr] %>
exec 2>&1
exec chpst -u <%= @options[:owner] %>:<%= @options[:group] %> <%= @options[:unicorn] %> -E <%= @options[:rails_env] %> -c config/unicorn.rb

3) Create templates/default/sv-cage-log-run.erb, which looks like.

#!/bin/sh
exec chpst -u root:root svlogd -tt <%= @options[:logdir] %>

Note that we are running as root here. I found this to be a bit of a quirk in runit, but nothing too serious. This file gets instantiated into /etc/sv/cage/log/run, which is the process that captures STDIO from the main run file (/etc/sv/cage/run) and writes it to the given log directory in a file named “current” (e.g. /opt/hulu/cage/shared/log/current).

Once you have this in your recipe, runit will take care of starting your application during boot, as well as monitoring and restarting your application process as necessary.

The process that runs our application’s “run” file is a program called svrun, which will spawn the unicorn process for us. Svrundir is the grandfather process that monitors all svrun processes, and restarts them as necessary. You can use ps to see this relationship as follows.

$ ps axjf | grep -e cage -e unicorn -e runsvdir
    1  3776  3776  3776 ?  -1 Ss       0   0:44 runsvdir -P /etc/service log: .......................
 3776  9273  9273  9273 ?  -1 Ss       0   0:00 \_ runsv cage
 9273  9274  9273  9273 ?  -1 S        0   0:00    \_ svlogd -tt /opt/hulu/cage/shared/log
 9273 19694  9273  9273 ?  -1 Sl     975   0:02     \_ unicorn master -c config/unicorn.rb
19694 19700  9273  9273 ?  -1 Sl     975   0:00         \_ unicorn worker[0] -c config/unicorn.rb
19694 19703  9273  9273 ?  -1 Sl     975   0:00         \_ unicorn worker[1] -c config/unicorn.rb
19694 19706  9273  9273 ?  -1 Sl     975   0:00         \_ unicorn worker[2] -c config/unicorn.rb
19694 19709  9273  9273 ?  -1 Sl     975   0:00         \_ unicorn worker[3] -c config/unicorn.rb

Note that once your Rails application under runit’s control, you cannot simply use UNIX kill command to stop it. Runit recipe conveniently maps /etc/init.d/cage command to /usr/bin/sv command, so you can start and stop your application in the usual way (e.g. “/etc/init.d/cage stop” or “service cage stop”).

Role: Cage

It’s also a good idea to create a role that contains your recipe, so that people always think in terms of “roles” rather than individual recipes when putting together a new environment. Here is what the role file looks like for Cage. Here “role[hulu-common]” is the common set of recipes that run on all Hulu machines, and contains basic settings such as user accounts and NTP configuration.

name "cage"
description "Automated visual verification service"
run_list(
  "role[hulu-common]",
  "recipe[cage]"
)

Deploying the Recipe

Once you have the cookbook and role written, you need to upload your cookbook to the Chef server, and run chef-client on your target machine to deploy the role. The chef framework provides a command line tool called “knife”, which is used to administer the Chef server. Here are the knife command I run to deploy cage.

<pre>
knife cookbook upload cage
knife role from file roles/cage.rb
knife ssh -x chefclient 'chef_environment:staging AND role:cage' 'sudo /etc/init.d/chef-client stop'
knife ssh -x chefclient 'chef_environment:staging AND role:cage' 'sudo chef-client'
knife ssh -x chefclient 'chef_environment:staging AND role:cage' 'sudo /etc/init.d/chef-client start'
</pre>

Here I am using knife ssh to run chef-client on all nodes that are supposed to be running Cage in Chef environment named “staging”. And, voilà! My Rails application will be up and running in production mode on all machines that have the role “cage” assigned to them.

Conclusion: Push vs. Pull

In this article, I tried to highlight the Chef features that are designed to help deploy your applications. If you are currently using Capistrano, Fabric or just plain rsync/ssh as your application deployment mechanism, you are used to “push” model. In contrast, Chef is based on “pull” model.

This is an important distinction, in that “push” model implies a lot of explicit actions on system operators’ part. For example, operators need to worry about which machines to push changes to, and when to push the changes. The idea behind “pull” model is that each machine in the infrastructure is downloading and applying its own configuration, without explicit involvement of operators.

Moving your application deployment model from “push” model to “pull” model, you are making your application be more like regular part of provisioning and infrastructure maintenance, hence making the deployment process more scalable and robust. This increased robustness is a core benefit of Chef-based application deployment, in addition to promoting close collaboration between software developers and system administrators under a unified framework and process. This is why we are investing our time into Chef.

RailsConf 2012

RailsConf has always been one of my favorite conferences since I started going to it in 2007. I have been primarily a Rails developer since late 2006, long before coming to Hulu. I’ve seen it transition from a promising upstart to the platform it is today. The influence of Rails has been huge. The ideals of Rails – convention over configuration, DRY, test first, and agile are quickly becoming pervasive throughout software development.

As Hulu has been built with Ruby on Rails since the beginning, we decided to give back and sponsor this year’s RailsConf 2012 in Austin. We had seven Hulu employees at the conference. Our web site as well as several services are built with Ruby on Rails.

We gave a talk Building Asynchronous Communication Layer on our project for programatically managing devices like PlayStation 3 and Android mobile phones. The project allows us to do things like automate playback testing. The technology used to build the framework includes XMPP, JavaScript, and Ruby.

Here’s my daily summary of the events:

Day 1

The morning opened with David Heinemeier Hansson’s keynote. He talked about progress both for us as programmers and the Rails community. He stated that it’s ok to disrupt and to not get too comfortable, and emphasized that new programmers to the platform really need to learn even if it is hard or you make mistakes… I’d agree strongly with that. I’m not a fan of creating artificially easy on-ramps. I want to see Rails include anyone that wants to join but at the same time I expect that developers learn the right set of skills. Some of the talk was a bit preachy, but the sentiment of not settling and accepting change are good advice.

The next talk I went to was Sarah Mei’s presentation on Backbone.js. It was a very well done talk. Sarah is an excellent presenter striking a good balance between content and moving the audience through the topic. She gave a quick tour of what Backbone.js is about and did a nice job of relating it to the Rails structure. She did such a good job I was starting to think maybe I should look at this framework much closer as a solution for my own projects, but then at the very end she sort of torpedoed the entire talk saying that she probably wouldn’t use it anymore. I appreciate the honesty but it was kind of a surprise given the strong case she made the previous 45 minutes.

I went to Mark Bates’s talk on Coffee Script as I’m already a believer so this was not really new. It certainly reinforced how great Coffee Script is and I think Mark convinced at least one of my teammates to consider it seriously.

I hit the first major speed bump at Andy Maleh’s talk on Rails engines. He did little to convince me to look at Rails engines. His solutions using engines sounded more like hacks to me as I didn’t see a clear path to code reuse. It felt like trading one complexity for another.

John Bender’s talk on Progressive Enhancement for Mobile Web was next. John is active with JQuery Mobile. He talked a lot about the state of targeting mobile browsers and had some very particular scorn for Android (as he said the “new IE”). One thing I wish he would have talked about more is progressive design since he talked almost exclusively about segregating mobile from desktop browsers. I think it is time to be thinking mobile first with progressive scaling up. It’s disappointing to see separating a mobile site from the main site.

Finally, the closing keynote for the day was by Rich Hickey. Rich talked about simplifying but not from the programmer’s perspective. He had a lot of great points – we often design software to make our lives as programmers easy but not necessarily the user. The tone of his talk though came off a little sanctimonious as I would have liked a little more acknowledgement of the pragmatism that often leads to the decisions we make.

Day 2

Aaron Patterson presented the keynote in the morning. He didn’t try to compete with his over-the-top presentation from last year. Aaron was downright subdued compared to his previous talks and seemed to be encouraging a bit of a back to basics appeal, talking about normalizing things like the queue interface in Rail, etc.

The first talk I went to on the second day by Mike Moore on presenters and decorators. Mike gave a great talk with good takeaways. He did an excellent job breaking down the decorator, presenter, and mediator patterns. It was great timing for me as I’ve been looking at these very things for a project I’m doing now.

Next was Ilya Grigorik on making the web faster. This was a good overall talk on leveraging a number of tools and techniques. Since Ilya is a Google engineer, he was heavily biased to the Google tool kit, but his advice was valid despite what toolkit you might use. A key take-away was focusing on perceived load time for the user over most other performance metrics. It’s a really good point: the user’s experience trumps most anything else.

After lunch, I attended Will Leinweber’s talk on schemaless SQL in Postgres. There are some pretty amazing things coming to PostgreSQL, like the new key value hstore. They are also integrating V8 into the programming space of Postgres which opens up some new scenarios that compete directly with solutions like MongoDB. It’s early for much of this, but it’s a very forward looking approach for Postgres to be taking.

My colleague Steve Jang and I presented a short tour of our automation project for Hulu devices called Bender. We use XMPP, Ruby, and JavaScript to create a communication framework for controlling devices and running scripts. I think the talk went well, but we weren’t sure if the material would be useful to people or not. People had some great questions and so it was great to get a conversation going on projects we have here at Hulu.

Day 3

Yehuda Katz talked about The Next Five Years for Rails. Honestly, Yehuda’s talk should have been the day 3 keynote since I think it was the most honest and informative talk of the entire conference. Yehuda did a great job calling out what it is about Rails that attracted all of us to the platform in the first place. He said (and I agree) that the next big thing should be making Rails just as good for JSON API services as it is for HTML. It’s a mixed world more than ever; building web services whose clients are primarily mobile devices only is increasing.

Nick Quaranto had a great tour of Basecamp Next: Code Spelunking. It was actually nice to see that 37signals has some of the same kinds of tradeoffs in their software as everyone else. One of the big takeaways was to always be pragmatic about things like changing data stores. There were numerous things I want to investigate including all the cool JavaScript console tricks, using GitHub for API documentation (see 37signals BCX API), and the strong parameters gem.

Jared Ning had a nice overview of minitest. If you hadn’t seen it before, it was a good tour of what minitest is about and how it draws from both Test::Unit and RSpec. I’m already in the minitest camp so there wasn’t a lot new for me. I liked the explanation Jared used to talk about mocking and stubbing. I agree with his advice – use mocks and stubs sparingly and only after you test against the real thing.

Summary

Overall, it was another great RailsConf. As a developer that switches among multiple platforms and languages, it’s always great to dive into my favorite language: Ruby. Rails feels to me like it is continuing to mature. It’s moving a little slower now, but I think that’s to be expected. There is still lots opinions among the faithful and that’s healthy. As always, I look forward to apply what I’ve learned to our own projects.

It was great to share what we are doing with Ruby and Rails at Hulu. We would love to talk to anyone passionate about Ruby (as you can see from our list of jobs). I’m glad I got a chance to visit Austin, but I’m definitely looking forward to going back again when the conference returns to Portland.

As we like to do every so often, a few weeks ago we held our hackathon. For the uninitiated, a hackathon is a chance for developers to take a break from their regular duties and work on something new, something unexpected, something experimental. For this hackathon, most of our development team in LA went off-site, grouped around makeshift workspaces, and hacked on a bunch of different projects in small teams. Our Seattle team also formed ad-hoc groups to write some new code. This time around we chose to spend a Thursday and a Friday working on our projects, and then came together early the following week to share our results with each other. In all, there were 18 different projects that made it far enough to be presented. They ran the gamut from setting up an NFS/HDFS proxy to a keg bot that allows you to remotely pour yourself some beer. Below are a few projects that we worked on.

Blinker

Yupeng and Eugene got curious and wanted to create a visualization of Hulu streams across the US. The result is Blinker, an internal website that plots points on a map corresponding to IP addresses beginning video streams.

To build this, they put up a CherryPy-based web service that listens for UDP unicasts containing rough geo-location data. A quick modification to our stream control service allowed it to send data for each request to the Blinker service. A web page embeds a Google Map, and uses WebSockets (and ws4py on the backend) to continually update data.

 

ShowGraph Hang and Feng decided to spend their hackathon looking at graphical representations of show similarity. They used our recommendation system’s show similarity data to perform multidimensional scaling and clustering, resulting in a zoomable chart that plots shows in similarity clusters.

The scaling and clustering was built using R, and the front-end was developed using processing.js.

Parley Fed up with the complexity and cost of our current phone conferencing system, David, Sherin and Ilya came up with Parley – Hulu’s phone conference room system. Using Django and the Twilio API, they built a service that lets Hulu employees create conference rooms with access codes. Callers can then call into an access number and participate in a phone conference. Meanwhile, the employee that created the room can see a log of room accesses and optionally invite people by typing in their phone number (or selecting them from the company contact list) and having the system call them up with an offer to join a phone conference in progress.

Cage One of our teams in Seattle works on software for connected devices – gaming consoles, set-top boxes, internet-connected televisions, and the like. Since these are often fairly closed platforms, debugging and testing can be a challenge, with some validation steps requiring a human to eyeball a screen and see if it’s correctly displaying an application. To help humans with this task, Steve and Dallas built Cage – a system that uses an Android phone and a backend service to capture screenshots of an application at various stages of testing.



When a connected device application runs, it displays a QR code describing the device and the test being performed. The Android app uses the camera to capture the barcode, and then takes a picture of the application as it performs various tasks. These photos are then sent to a service which displays the photo that was taken alongside an “expected results” picture. This will allow us to run some validation tests unattended, and then have humans verify the outcomes in bulk.

DJ Bot Unsatisfied with a quiet environment, Scott decided to build a bot to let us all play DJ. Scott took Alain Gilbert‘s code for creating bots that talk to the turntable.fm API, tweaked it a bit and integrated it into our node.js-based bot framework. Since our bot sits in all the channels in our HipChat chatrooms, we can now issue control a “DJ session” by issuing commands like this:

!dj start             starts playing !dj stop              stops playing !dj skip              skips the current song !dj info              shows the curent song info !dj history           shows playlist history !dj search            search for songs, artists, albums !dj q list            shows songs in your dj queue !dj q clear           removes all songs in your dj queue !dj q add             adds song as next in your dj queue, where is from search output !dj q rm              removes song at from your dj queue !dj q mv              moves a song index index in your queue

And the bot commands a turntable session appropriately. Just add a big speaker, and we’re (collaboratively) grooving.