Automate your server configuration with Chef

Transcript

1. Automate your server configuration with Chef Jeremy Olliver @static_storm

2. Why? • Sooner or later, you will need to repeat

   or change the setup • If you have to document it, make it an executable one • Faster to setup additional servers • Share knowledge (or at least make it portable)

3. What is chef? • chef is a configuration management system

   • define snippets of configuration as cookbooks • chef-client pulls down what changes to make and runs them • chef-server is a merb rest web app backed by solr, couchdb

4. Chef Concepts • Cookbook - the actual ruby code that

   determines how to install/configure something • Node - each server you are configuring is a node • Role - A collection of cookbooks to run, may override attributes • environment - Similar to Role, though every node belongs to one environment.

5. Cookbooks • community hosted cookbooks are online at: http://community.opscode.com/cookbooks/ rubygems.org

   of cookbooks • mostly good, but always read before using them. • install off github easily • create your own

6. knife • knife is the command line tool for interacting

   via the api • Each component is uploaded through knife • knife cookbook upload <name> [--freeze] • knife environment|role from file <path> • create cookbooks, integrate with cloud services • some rake tasks to simplify uploading everything

7. Bootstrapping & Auth • Uses a master ssh key validation.pem

   to authenticate clients • knife has a bootstrap script which over ssh does: • install chef client, copies the validation.pem across • validates a new client key with validation.pem • triggers the first chef-client run • bootstrap <ipaddress> -x user -E ‘staging’ -r ‘role [ruby_app]’ --sudo

8. Anatomy of a chef run • client connects to server,

   authenticating with pub key • checks run_list, downloads required cookbooks • compliation phase, defines resources, sets attributes • execution phase, resources are executed

9. Attributes precedence order • automatic (what chef detects), override, normal,

   default • set via: cookbooks, environments, roles, nodes default attributes applied in an attributes file default attributes applied in an environment default attributes applied in a role default attributes applied on a node directly in a recipe normal or set attributes applied in an attributes file normal or set attributes applied on a node directly in a recipe override attributes applied in an attributes file override attributes applied in a role override attributes applied in an environment override attributes applied on a node directly in a recipe automatic attributes generated by Ohai

10. Resource Types • File: copies a file • Template: Creates

    a file from an ERB template • directory, user, service • can notify other resources (restart when config file changed) • create custom ones via resources/providers

11. Creating cookbooks • Creating things specific to your application will

    require a cookbook (cookbooks are the only dynamic code) • knife cookbook create <name> • Specify dependencies and version number in metadata.rb • recipes/default.rb is the bare minimum you need • most simple cookbooks will just need recipes, attributes, and maybe files/templates

12. Knife plugins • knife-spork (version management through environments) • knife-essentials

    • librarian (bundler for cookbooks) • foodcritic (best practice guides for writing cookbooks)

13. Chef good practice • Version your cookbooks, specify versions in

    environments • Specify cookbook sources (librarian or Berkfile) • keep chef-client running periodically (chef-client cookbook) • avoid automatic (set/stored) attributes unless necessary • keep a balance between composability and unversioned roles • Freeze cookbook versions, and use VM’s to test (vagrant)

14. Resources • http://community.opscode.com/cookbooks/ • http://wiki.opscode.com/display/chef • irc.freenode.net #chef

15. Automate your server configuration with Chef Jeremy Olliver @static_storm