Lock in $30 Savings on PRO—Offer Ends Soon! ⏳
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Automate your Infrastructure with Chef
Search
Christian Joudrey
February 28, 2013
Programming
9
620
Automate your Infrastructure with Chef
Talk given at ConFoo 2013 on February 28th, 2013.
Christian Joudrey
February 28, 2013
Tweet
Share
More Decks by Christian Joudrey
See All by Christian Joudrey
Writing NES games! with assembly!!
cjoudrey
1
750
Developing at Scale
cjoudrey
3
490
Scaling Rails for Black Friday / Cyber Monday at Shopify
cjoudrey
6
5.9k
Tips and Tricks from Shopify's codebase
cjoudrey
2
570
Scaling Shopify
cjoudrey
3
540
#pairwithme
cjoudrey
3
260
Two-factor authentication
cjoudrey
4
390
Other Decks in Programming
See All in Programming
バックエンドエンジニアによる Amebaブログ K8s 基盤への CronJobの導入・運用経験
sunabig
0
140
DSPy Meetup Tokyo #1 - はじめてのDSPy
masahiro_nishimi
1
160
FluorTracer / RayTracingCamp11
kugimasa
0
220
tsgolintはいかにしてtypescript-goの非公開APIを呼び出しているのか
syumai
6
2.1k
テストやOSS開発に役立つSetup PHP Action
matsuo_atsushi
0
150
[SF Ruby Conf 2025] Rails X
palkan
0
490
connect-python: convenient protobuf RPC for Python
anuraaga
0
380
AIコーディングエージェント(Gemini)
kondai24
0
200
C-Shared Buildで突破するAI Agent バックテストの壁
po3rin
0
370
手軽に積ん読を増やすには?/読みたい本と付き合うには?
o0h
PRO
1
170
TypeScript 5.9 で使えるようになった import defer でパフォーマンス最適化を実現する
bicstone
1
1.2k
【CA.ai #3】Google ADKを活用したAI Agent開発と運用知見
harappa80
0
290
Featured
See All Featured
A Modern Web Designer's Workflow
chriscoyier
698
190k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
121
20k
Large-scale JavaScript Application Architecture
addyosmani
515
110k
Typedesign – Prime Four
hannesfritz
42
2.9k
The Illustrated Children's Guide to Kubernetes
chrisshort
51
51k
A better future with KSS
kneath
240
18k
Automating Front-end Workflow
addyosmani
1371
200k
Balancing Empowerment & Direction
lara
5
790
Context Engineering - Making Every Token Count
addyosmani
9
490
Documentation Writing (for coders)
carmenintech
76
5.2k
Building Flexible Design Systems
yeseniaperezcruz
330
39k
Side Projects
sachag
455
43k
Transcript
Automate your Infrastructure with Chef
cjoudrey @
None
c #
c # # # # # # # in minutes
# d # d c # # # # #
d in minutes
w Manual setup takes time
# ruby 1.9.3 # ruby 1.9.2 != and error-prone
# ruby 1.9.3 # ruby 1.9.2 != Oops! and error-prone
What is ?! Chef
1 Manage servers with ruby code
instead of $ ssh root@app1 Last login: Thu Feb 28
... # apt-get install nginx ... # vim /etc/nginx/nginx.conf ... # apt-get install ruby ...
client server
# node # node # node # chef server (server1
to server3.example.com) (chef.example.com) knife ! (local machine)
# node # node # node # chef server (server1
to server3.example.com) (chef.example.com) knife ! (local machine)
# node # node # node # chef server (server1
to server3.example.com) (chef.example.com) knife ! (local machine)
# node # node # node # chef server chef-client
(server1 to server3.example.com) knife ! (local machine)
2terminology Chef
2recipe Ruby file that contains Chef commands
2cookbook Collection of Chef recipes
Getting started with Chef 2
git clone opscode/chef-repo https://github.com/opscode/chef-repo !
! $ ls confoo ... cookbooks/ data_bags/ environments/ roles/
Install Chef on local machine !
! gem install chef
# Hosted* Chef server from Opscode * free up to
5 nodes
#
#
Setup Knife on local machine !
# node # node # node # chef server (server1
to server3.example.com) (chef.example.com) knife ! (local machine)
! $ ls confoo/.chef confoo-demo-validator.pem confoo-demo.pem knife.rb Copy files to
REPO/.chef
! $ cd confoo $ knife user list confoo-demo Test
Knife
8 Create your first cookbook $ cd confoo $ knife
cookbook create nginx
8 $ ls cookbooks/nginx ... attributes/ providers/ recipes/ resources/ templates/
package "nginx" cookbooks/nginx/recipes/default.rb
package installs using system’s package mgr
cookbooks/nginx/recipes/default.rb package "nginx" service "nginx"
service defines an available service
cookbooks/nginx/recipes/default.rb package "nginx" service "nginx" do supports :status => true,
:restart => true, :reload => true end
cookbooks/nginx/recipes/default.rb package "nginx" service "nginx" do supports :status => true,
:restart => true, :reload => true action [:enable, :start] end
:enable start on server boot
:start start when Chef runs
8 Upload cookbook $ knife cookbook upload nginx Uploading nginx
[0.1.0]
Let’s test it on a node #
! $ knife bootstrap \ server1.example.com Bootstrap a node
!
2run list Ordered list of recipes and roles that get
run on the node
! $ knife node edit \ server1.example.com Edit a node
{ "name": "server1.example.com", "run_list": [ ] }
{ "name": "server1.example.com", "run_list": [ "recipe[nginx::default]" ] }
recipe[nginx::default] means default recipe of nginx cookbook
$ ssh server1.example.com server1:~# chef-client Run Chef on the node
#
#
#
# Let’s configure nginx
copy from server to nginx cookbook templates/default/nginx.conf.erb /etc/nginx/nginx.conf !
cookbooks/nginx/recipes/default.rb package "nginx" service "nginx" do supports :status => true,
:restart => true, :reload => true action [:enable, :start] end template "/etc/nginx/nginx.conf" do source "nginx.conf.erb" notifies :reload, "service[nginx]" end
cookbooks/nginx/recipes/default.rb package "nginx" service "nginx" do supports :status => true,
:restart => true, :reload => true action [:enable, :start] end template "/etc/nginx/nginx.conf" do source "nginx.conf.erb" notifies :reload, "service[nginx]" end
cookbooks/nginx/recipes/default.rb package "nginx" service "nginx" do supports :status => true,
:restart => true, :reload => true action [:enable, :start] end template "/etc/nginx/nginx.conf" do source "nginx.conf.erb" notifies :reload, "service[nginx]" end
cookbooks/nginx/recipes/default.rb package "nginx" service "nginx" do supports :status => true,
:restart => true, :reload => true action [:enable, :start] end template "/etc/nginx/nginx.conf" do source "nginx.conf.erb" notifies :reload, "service[nginx]" end
! Upload the cookbook and run chef-client on node
#
2 Chef is idempotent
! What if we edit templates/default/nginx.conf.erb and run Chef
#
#
#
Let’s run Chef one more time #
#
2Attributes
nginx/templates/default/nginx.conf.erb user www-data; worker_processes 2; pid /var/run/nginx.pid; ...
nginx/attributes/nginx.rb default['nginx']['worker_processes'] = 2
nginx/templates/default/nginx.conf.erb user www-data; worker_processes <%= node['nginx'] ['worker_processes'] %>; pid /var/run/nginx.pid;
...
# Override for a specific node
{ "name": "server1.example.com", "run_list": [ "recipe[nginx::default]" ] }
{ "name": "server1.example.com", "normal": { "nginx": { "worker_processes": 4 },
}, "run_list": [ "recipe[nginx::default]" ] }
2Roles
roles/app-server.rb name 'app-server' description 'app-server stuff' run_list( 'recipe[nginx::default]' ) override_attributes(
'nginx' => { 'worker_processes' => 2 } )
! $ knife role from file \ app-server.rb Upload a
role
Apply the role on a node #
{ "name": "server1.example.com", "run_list": [ "role[app-server]" ] }
#
{ "name": "server1.example.com", "run_list": [ "role[base]", "role[app-server]" ] }
2 Environments
environments/production.rb name 'production' cookbook_versions 'nginx' => '= 0.1.0'
{ "name": "server1.example.com", "chef_environment": "production", "run_list": [ "recipe[nginx::default]" ] }
! Searching for nodes $ knife search node \ role:app-server
2
8 Searching can be done in recipes too!
8 Searching can be done in recipes too! OMFG!
backend app balance roundrobin server app1 10.10.0.1 check port 80
server app2 10.10.0.2 check port 80 server app3 10.10.0.3 check port 80
nodes = search( :node, 'role:app-server' ) template "/etc/haproxy.conf" do source
"haproxy.conf.erb" variables :nodes => nodes end
backend www balance roundrobin <% @nodes.each do |n| %> server
<%= n[:hostname] %> <%= n[:ipaddress] %> check port <% end %>
2Goodies
None
None
None
None
None
Automation is important
# staging/CI # production ! development = =
Thanks!
cjoudrey @
cjoudrey
sunabig
masahiro_nishimi
kugimasa
syumai
matsuo_atsushi
palkan
anuraaga
kondai24
po3rin
o0h
bicstone
harappa80
chriscoyier
panda_program
addyosmani
hannesfritz
chrisshort
kneath
lara
carmenintech
yeseniaperezcruz
sachag
![{ "name": "server1.example.com", "run_list": [ ] }](https://files.speakerdeck.com/presentations/b566ebe063840130298b22000a1e877c/slide_48.jpg){kind=link}
![{ "name": "server1.example.com", "run_list": [ "recipe[nginx::default]" ] }](https://files.speakerdeck.com/presentations/b566ebe063840130298b22000a1e877c/slide_49.jpg){kind=link}
![recipe[nginx::default] means default recipe of nginx cookbook](https://files.speakerdeck.com/presentations/b566ebe063840130298b22000a1e877c/slide_50.jpg){kind=link}
![nginx/attributes/nginx.rb default['nginx']['worker_processes'] = 2](https://files.speakerdeck.com/presentations/b566ebe063840130298b22000a1e877c/slide_71.jpg){kind=link}
![nginx/templates/default/nginx.conf.erb user www-data; worker_processes <%= node['nginx'] ['worker_processes'] %>; pid /var/run/nginx.pid;](https://files.speakerdeck.com/presentations/b566ebe063840130298b22000a1e877c/slide_72.jpg){kind=link}
![{ "name": "server1.example.com", "run_list": [ "recipe[nginx::default]" ] }](https://files.speakerdeck.com/presentations/b566ebe063840130298b22000a1e877c/slide_74.jpg){kind=link}
![roles/app-server.rb name 'app-server' description 'app-server stuff' run_list( 'recipe[nginx::default]' ) override_attributes(](https://files.speakerdeck.com/presentations/b566ebe063840130298b22000a1e877c/slide_77.jpg){kind=link}
![{ "name": "server1.example.com", "run_list": [ "role[app-server]" ] }](https://files.speakerdeck.com/presentations/b566ebe063840130298b22000a1e877c/slide_80.jpg){kind=link}
![{ "name": "server1.example.com", "run_list": [ "role[base]", "role[app-server]" ] }](https://files.speakerdeck.com/presentations/b566ebe063840130298b22000a1e877c/slide_82.jpg){kind=link}
![{ "name": "server1.example.com", "chef_environment": "production", "run_list": [ "recipe[nginx::default]" ] }](https://files.speakerdeck.com/presentations/b566ebe063840130298b22000a1e877c/slide_85.jpg){kind=link}
