chef talk at DevOps Singapore

Transcript

1. chef May 15 2014
 Claudio Mettler, CtrlM Singapore Pte. Ltd.

   1

2. ME ME ME ME • In Singapore since mid-2013 •

   CtrlM • Focusing on: ruby/rails, objC, JS and PHP • [email protected] 2

3. use cases • distributed development environments (with vagrant) • large

   server infrastructure, physical or IaaS • Phoenix Servers: http://martinfowler.com/bliki/ PhoenixServer.html and http://martinfowler.com/ bliki/SnowflakeServer.html 3

4. 4

5. chef in general • ist mostly ruby • makes use

   of domain specific languages • partly open source (apache license) • in active development 5

6. chef server • stores cookbooks, roles, node data • can

   be queried • hosted: enterprise chef • self-hosted: enterprise chef, open source chef (64 bit only) • differences: ACL, organizations, LDAP, nicer UI and obviously less hassle 6

7. enterprise chef pricing 7

8. chef client • runs on instance to be provisioned (called

   a node) • communicates with server • self-registers node • has a run list • gets cookbooks and other configuration information • idempotently brings node into desired state 8

9. chef-client: how does it get there? • knife bootstrap •

   knife ec2, knife do etc. • manual installation/deliver with image • new: chef metal 9

10. ohai • part of chef-client • finds out useful things

    about the node it runs on • information will then be stored in the node object 10

11. chef workstation • used for: • authoring cookbooks • managing

    cookbooks, roles, databags etc. • bootstrapping nodes (ssh) • uploading cookbooks etc. to server • main tool: knife • state kept in scm (most likely git) 11

12. cookbooks • collection of recipes, attributes and metadata (and other

    stuff) • can have dependencies • usually has a “default” recipe • community cookbooks and home made cookbooks • examples: apache2, mysql, mywebapp 12

13. community cookbooks vs. DIY • community cookbooks try to run

    everywhere • try running apache cookbook on ubuntu 14.04 though… • lots of platform specific code • lots of configurability • decide on a case-by-case basis • do NOT automatically update 13

14. run lists • collection of roles, cookbooks, recipes • expands

    to a list of recipes and attributes 14

15. roles • attributes + a run list • expands to

    attributes + a list of recipes 15

16. chef-solo • server-less chef client mode • does not store

    node data • use case: simple (one-server) projects, development environments, testing, deploying chef-server 16

17. chef-zero • in-memory chef server • does not do authentication

    • mainly for development and testing 17

18. one more thing: berkshelf • downloads cookbooks • resolves dependencies

    • uploads to server • manages cookbooks locally • part of chef development kit (chef-dk) 18

19. let’s try something 19

20. cloud services • knife ec2 server create -r "role[webserver]" -I

    ami-2d4aa444 --flavor m1.small -G www,default - x ubuntu -N server01 • knife digital_ocean droplet create --server-name awesome-vm2.chef.io --image 25306 --location 4 --size 66 --ssh-keys 1234,1235 --bootstrap --run- list "role[base],role[webserver]" 20

21. 21

22. cookbooks are not just recipe collections • definitions • Lightweight

    Resource/Provider • attributes 22

23. resources • “A resource defines the desired state for a

    single configuration item present on a node that is under management by Chef.”
 (http://docs.opscode.com/resource.html) • Examples: system user, folders, files, packages, execute, deploy • has: attributes, actions, guards, guard interpreters 23

24. providers • the code behind a resource • can depend

    on the OS (etc.) on the node • example: “package” resource may use: apt/ dpkg, rpm, gem etc. • sometimes you still need to handle different OS/ distributions (example: apache package) 24

25. LWRP • lightweight resource/provider • a more declarative/DSL way to

    create resources/ providers • can be supplied by cookbooks 25

26. definitions • almost resource/provider • no de-coupling • often contains

    resources • discouraged 26

27. attributes • in the end make up the node object

    • sources: ohai, attribute files, recipes, environments, roles • types: default, force_default, normal, override, force_override, automatic • become one big json-style tree 27

28. attribute precedence • A default attribute located in a cookbook

    attribute file • A default attribute located in a recipe • A default attribute located in an environment • A default attribute located in role • A force_default attribute located in a cookbook attribute file • A force_default attribute located in a recipe • A normal attribute located in a cookbook attribute file • A normal attribute located in a recipe • An override attribute located in a cookbook attribute file • An override attribute located in a recipe • An override attribute located in a role • An override attribute located in an environment • A force_override attribute located in a cookbook attribute file • A force_override attribute located in a recipe • An automatic attribute identified by Ohai at the start of the chef-client run 28

29. attribute precedence, simplified • default, force_default, normal, override, force_override, automatic

    • cookbook, recipe, role, environment • automatic comes from ohai only 29

30. my little cookbook • deploy a static website • use

    the webapp definition from the apache cookbook • configurable via attribute 30

31. let’s do it 31

32. let’s iterate • we want 2 different sites. or maybe

    3? • maybe we should have a dev environment? 32

33. data bags • have a name • contain named items

    • items are JSON style data • globally available • can be encrypted 33

34. environments • default environment is called _default • _default can’t

    really be modified • other environments can contain attributes and cookbook version constraints 34

35. on with it 35

36. foodcritic • lint tool for cookbooks • part of chef-dk

    36

37. let’s have a look 37

38. chef metal • very new (version 0.10.2) • machine resource

    • abstracts cloud, VMs, Containers etc. • allows you to put a cluster configuration into a file 38

39. what else? • testing: • test-kitchen for integration testing across

    various platforms (using vagrant, usually) • ChefSpec: RSpec based unit testing • both are part of chef-dk • querying the server 39

40. http://learnchef.opscode.com/
 HTTP://docs.opscode.com/ 40

41. ? 41

42. ! 42