Chef 101: Breaking Down the Jargon

Transcript

1. Chef 101: Breaking Down the Jargon Joshua Timberman @jtimberman [email protected]

   https://flic.kr/p/662Len

2. http://www.flickr.com/photos/michaelheiss/3090102907/ Complexity

3. Think about your application... • It has a code repository

   • That has to be deployed on a filesystem • It has a configuration file • It runs as a non-privileged user • It runs a service

4. Your application provides a https://flic.kr/p/oq2MwM

5. Application A tale of growth...

6. Application Application Database Add a database

7. Application App Databases Make database redundant

8. App Servers App Databases Application server redundancy

9. App LB App Servers App Databases Add a load balancer

10. App LBs App Servers App Databases Webscale!

11. App LBs App Servers App DB Cache App DBs Now

    we need a caching layer

12. App LBs App Servers App DB Cache App DBs Infrastructure

    Has a Topology

13. Round Robin DNS App Servers App DB Cache App DBs

    Floating IP? Your's Is a Snowflake

14. App LBs App Servers < Shiny! DB slaves Cache DB

    Cache DBs Complexity Increases Quickly Are we monitoring?? These are all microservices of course

15. And that's just one app/site... Ruby App Python App Java

    App

16. It Increases Globally USA EUR APAC

17. https://www.flickr.com/photos/debord/4932655 What can handle this complexity?

18. None

19. 19

20. Audience Participation https://flic.kr/p/hmF8Lk

21. Who is a system administrator? https://flic.kr/p/nK7kRW

22. Who is a software developer? https://flic.kr/p/pcLbnb

23. Who is a manager/director/executive? https://flic.kr/p/eSwdcX

24. % whoami https://twitter.com/evangoer/status/447049913310797824

25. Cure Technical Debt Wounds for 1d8 Lines of Code •

    Help improve internal process, use of Chef at Chef • System Administrator, Software Developer • Based in Westminster, CO • Contact: jtimberman pretty much everywhere, and [email protected]

26. Major Topics (in talk abstract order) • Configuration Management, system

    integration • Complete infrastructure automation • Resources, providers, recipes, cookbooks • Chef Server • Test Driven Infrastructure • Chef Provisioning • Walls of text and funny weird interesting images

27. My goal today is help you: • Have context about

    Chef • Know what Chef does • Know how to get started with Chef • Understand how Chef can help solve business problems

28. My goal today is not to sell Chef https://flic.kr/p/b21SpD

29. Unless you're a manager/director/executive! :-) https://flic.kr/p/eSwdcX

30. What about Chef vs [alternatives]? https://flic.kr/p/9YctFG

31. http://xpsr.deviantart.com/art/Grumpy-Cat-Nope-366369969 - by ImWithStoopid13

32. What is Chef?

33. Chef Software, Inc. • Chef, the company • Based in

    Seattle, with widely distributed workforce • Raised $60 million; +192% YoY growth • Hiring! (chef.io/careers) 1/3

34. Chef, the software 2/3

35. Chef, the binary • Comes with ChefDK • Plugin-based workflow

    tool • We were missing a program named `chef` for years • I'll talk about this later 3/3

36. But not, Chef "the Movie"

37. What are the "flavors" of Chef? https://flic.kr/p/4gyFsd

38. Chef is Open Source! • https://github.com/chef/chef • https://github.com/chef/chef-server • https://github.com/chef/chef-rfc

    • http://docs.chef.io/#the-community

39. Chef Client is written in Ruby • Chef recipes you

    write are also Ruby! • https://docs.chef.io/chef/dsl_recipe.html • https://www.ruby-lang.org/en/

40. Chef is Multi-platform

41. Chef is distributed as native packages • curl -L https://www.chef.io/chef/install.sh

    | less • https://speakerdeck.com/jtimberman/stop-demonizing-curl-bash •https://packagecloud.io/chef/stable

42. chef-client • Runs on the nodes that should be configured

    • Nodes are the things managed by Chef • Nodes authenticate as API Clients to the Server • The Server stores the public key for the Clients

43. % sudo chef-client Starting  Chef  Client,  version  12.3.0   resolving

     cookbooks  for  run  list:  ["build-­‐essential"]   Synchronizing  Cookbooks:      -­‐  build-­‐essential   Compiling  Cookbooks...   Converging  1  resource   Recipe:  build-­‐essential::_mac_os_x      *  xcode_command_line_tools[install]  action  install  (up  to   date)   Running  handlers:   Running  handlers  complete   Chef  Client  finished,  0/1  resources  updated  in  5.131888   seconds

44. Chef Server • Formerly Open Source Chef, Private Chef, Enterprise

    Chef • Run your own Chef Server • Entirely Open Source as of Chef Server 12 "There is One Chef Server, and it is Open Source" - Adam Jacob https://www.chef.io/blog/2014/09/08/there-is-one-chef-server-and-it-is-open-source/

45. Hosted Chef • Managed by Chef Software, Inc.

46. Chef Zero "Local Mode" • chef-client --local-mode • In memory

    • API compatible

47. chef-zero %  chef-­‐zero   >>  Starting  Chef  Zero  (v4.2.1)...  

    >>  WEBrick  (v1.3.1)  on  Rack  (v1.5)  is  listening  at   http://127.0.0.1:8889   >>  Press  CTRL+C  to  stop   %  knife  client  create  demo  -­‐d  -­‐z   Created  client[demo]   %  knife  client  list  -­‐z   demo

48. chef-solo https://flic.kr/p/nwSUYG

49. chef-solo • Most functionality is the same • No server

    to manage • No server to publish cookbooks, search, etc • Server features can be emulated, but aren't completely the same

50. Caveat emptor, RFC 031 https://github.com/chef/chef-rfc/blob/master/rfc031-replace-solo-with- local-mode.md

51. None

52. The Chef Software Platform Chef 
 Development Kit Cookbook and

    
 Policy Authoring Test-Driven Infrastructure Chef Server Management 
 Console Analytics Platform High Availability 
 and Replication Chef Client 
 Nodes Data Center The Cloud

53. Building Blocks Cookbooks Recipes Resources

54. Building Blocks: What is a Resource? • A Resource is

    system state you define • You declare resource state using the recipe DSL package "httpd" do action :install end windows_feature "IIS-WebServerRole" do action :install end

55. Many Resources are included in Chef • package • template

    • service • user • group • directory • remote_file • git • chef_gem • gem_package • windows_package • windows_service • dsc_resource • powershell_script • deploy • mdadm • mount • many more!

56. Example Resources package  'example'   user  'example'  do    

     home  '/opt/example'      shell  '/bin/false'      system  true   end   template  '/opt/example/example.conf'  do      notifies  :restart,  'service[example]'   end   service  'example'  do      supports  :restart      action  [:enable,  :start]   end

57. Resources have a type package  'example'   user  'example'  do

         home  '/opt/example'      shell  '/bin/false'      system  true   end   template  '/opt/example/example.conf'  do      notifies  :restart,  'service[example]'   end   service  'example'  do      supports  :restart      action  [:enable,  :start]   end

58. Resources have a name package  'example'   user  'example'  do

         home  '/opt/example'      shell  '/bin/false'      system  true   end   template  '/opt/example/example.conf'  do      notifies  :restart,  'service[example]'   end   service  'example'  do      supports  :restart      action  [:enable,  :start]   end

59. Resources have properties package  'example'   user  'example'  do  

       home  '/opt/example'      shell  '/bin/false'      system  true   end   template  '/opt/example/example.conf'  do      notifies  :restart,  'service[example]'   end   service  'example'  do      supports  :restart      action  [:enable,  :start]   end

60. Resources have actions package  'example'   user  'example'  do  

       home  '/opt/example'      shell  '/bin/false'      system  true   end   template  '/opt/example/example.conf'  do      notifies  :restart,  'service[example]'   end   service  'example'  do      supports  :restart      action  [:enable,  :start]   end Chef has a default action for all resources

61. Resources can notify other resources package  'example'   user  'example'

     do      home  '/opt/example'      shell  '/bin/false'      system  true   end   template  '/opt/example/example.conf'  do      notifies  :restart,  'service[example]'   end   service  'example'  do      supports  :restart      action  [:enable,  :start]   end

62. • An abstraction of a service that consists of a

    collection of resources to deliver that service • Resources are converged in the order they are listed Building Blocks: What is a Recipe? On Linux based OSes: package "httpd" do action :install end template ”/var/www/index.html" do source ”index.html.erb” mode "0644" end service "httpd" do action [ :enable, :start ] end windows_feature "IIS-WebServerRole" do action :install end template 'c:\inetpub\wwwroot\Default.htm' do source "Default.htm.erb" rights :read, "Everyone" end service "w3svc" do action [ :enable, :start ] end

63. Wait, converge? By converge, we mean to bring the state

    of the system in line with what we've declared in the policy (recipe). Chef resources are configured by providers that take action to put resources in the desired state. That is, Chef performs "test and repair" operations. Actions are not taken if the resource is in the desired state. Providers can be platform specific, e.g. "yum" or "apt" for the "package" resource

64. Building Blocks: What is a Cookbook? • A cookbook is

    a set of recipes and supporting assets (templates, etc) • A cookbook is a defined set of items and different outcomes that you expect to address ./attributes ./attributes/default.rb ./CHANGELOG.md ./metadata.rb ./README.md ./recipes ./recipes/application.rb ./recipes/balancer.rb ./recipes/database.rb ./recipes/default.rb ./recipes/webserver.rb ./templates ./templates/default ./templates/default/mysite.conf.erb

65. https://supermarket.chef.io

66. Building Blocks Environments Roles Cookbooks Recipes Resources

67. Building Blocks: What is a role? • Roles apply specific

    attributes and run lists to nodes chef_type: role default_attributes: my-app: application: version: 1.5.6 description: Role for my application json_class: Chef::Role name: my_application_role run_list: role[base] recipe[my-app::application]

68. Building Blocks: What is an Environment? • Environments define version

    constraints for cookbooks... uh, per environment chef_type: environment cookbook_versions: database: 2.2.0 default_attributes: myapp: application: version: 1.2.3 description: Our production environment json_class: Chef::Environment name: production

69. Data Bags Environments Building Blocks Roles Cookbooks Recipes Resources

70. Building Blocks: What is a Data Bag? • Define global

    data in JSON • Accessible "everywhere" { "id": "myapp", "repository": "[email protected]/myapp.git", "revision": "master", "database": { "user": "superuser", "password": "just kidding we'd encrypt this" } "api_fqdn": "myapp.example.com" }

71. Data bags can be encrypted • Encrypted data bags are

    built into Chef • Chef Vault* is a library by Nordstrom for shared secret management/distribution deploy_key: cipher: aes-256-cbc encrypted_data: lIpW3sqd69wXt7+MB +uGXr0GfcrEf6rOnHLMA7H00ZCbTxMcEypguGD22w23 qzEZSzCf2ahv67CtcfrDGvUoWS57Gp5/QoR4WBYKQQUplY0LPtXMZFDISCLU a0aNhrzrXhT9eDKNpru7hpuEkOZPRNstx1121bdMZ9lm1/6BPBeIWUYrxAeS . . . . . . . . . . . . . . iv: tpz6zFz9xkscoi36kRw4JQ== version: 1 id: jenkins_ssh_key *Not to be confused with Hashicorp's Vault

72. Chef knows about the node it runs on { "cpu":

    { "real": 4, "total": 8 }, "platform": "mac_os_x", "platform_version": "10.10.3", "platform_family": "mac_os_x", "current_user": "jtimberman", "root_group": "wheel" }

73. Meet "ohai" %  which  ohai   /opt/chefdk/bin/ohai   %  ohai

     -­‐-­‐version   Ohai:  8.2.0

74. Data from ohai is saved on the server %  knife

     node  show  champagne   Node  Name:      champagne   Environment:  _default   FQDN:   IP:                    10.13.37.102   ...   Platform:        mac_os_x  10.10   Tags:

75. Other node data is stored on the server %  knife

     node  show  champagne  -­‐m   Node  Name:      champagne   Attributes:   rbenv:      install_pkgs:  git   ruby_build:      install_git_pkgs:      git-­‐core

76. Node data is stored as attributes

77. 15 ways to set attributes? https://s-media-cache-ak0.pinimg.com/originals/e7/1e/bc/e71ebc217063c4bc54a46851ee78cee9.jpg

78. TL, DR; our advice • Use default where you need

    to set attributes • The others are there if when you need them

79. Chef has extensible CLI tools https://flic.kr/p/fkmB7T

80. Meet `knife` https://flic.kr/p/oa8ZeE

81. knife is an administrative tool https://flic.kr/p/tN8Wn

82. % knife --help | grep COMMANDS **  BOOTSTRAP  COMMANDS  **

      **  CLIENT  COMMANDS  **   **  COOKBOOK  COMMANDS  **   **  COOKBOOK  SITE  COMMANDS  **   **  DATA  BAG  COMMANDS  **   **  ENVIRONMENT  COMMANDS  **   **  EXEC  COMMANDS  **   **  NODE  COMMANDS  **   **  PATH-­‐BASED  COMMANDS  **   **  RAW  COMMANDS  **   **  RECIPE  COMMANDS  **   **  ROLE  COMMANDS  **   **  SEARCH  COMMANDS  **   **  SSH  COMMANDS  **   **  STATUS  COMMANDS  **   **  TAG  COMMANDS  **   **  USER  COMMANDS  ** And more! 26 sub-commands installed by default

83. knife is run from the user's workstation https://flic.kr/p/9jrQch

84. Users are authenticated humans https://flic.kr/p/Wd54U

85. % knife user show jtimberman admin:        

       false   name:              jtimberman   public_key:  -­‐-­‐-­‐-­‐-­‐BEGIN  PUBLIC  KEY-­‐-­‐-­‐-­‐-­‐   MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvhYooPZJIE6Dr0g2g8f1   VUFu6JydX6Wugzs44uYGcLUpg6uZ9aE0t9C8/zMAjBt7mZy8O/ZenWfsRsnrlBnR   Qen7w9BgWkCX+5VqFm91S8J5FlyQGSS5co7t8FglZrn692upLRDo+ycUZVLvg+KF   snd20FRT9s3VMko0SVx5eTY9Qq3TIi9A4sDYGUeaczf4X/zSHgd1WM5g3okswP16   hevCc1LGiv5SfCviBqfFXL2CSzy0SSY0/B2x/s3cCE25l0A7HbmbqjhL+F0iNlAU   whXM1yZlyFO4cRRyApaF9JNBR8wYkmC4yiRaDbztBo7kNaEAdAmxAEebqw5Of5PH   MQIDAQAB   -­‐-­‐-­‐-­‐-­‐END  PUBLIC  KEY-­‐-­‐-­‐-­‐-­‐

86. knife has a plugin system https://flic.kr/p/5nmduv

87. % chef gem list knife ***  LOCAL  GEMS  ***  

    knife-­‐acl  (0.0.12)   knife-­‐cloud  (1.0.1)   knife-­‐config  (1.1.0)   knife-­‐ec2  (0.10.0)   knife-­‐openstack  (1.0.0)   knife-­‐report-­‐resource  (1.0.0)   knife-­‐reporting  (0.4.1)   knife-­‐solve  (1.0.1)   knife-­‐spork  (1.5.0)   knife-­‐supermarket  (0.2.1)   knife-­‐windows  (0.8.4,  0.8.2) Get more from rubygems.org, or publish your own!

88. Core plugins operate against a Chef Server (upload cookbooks, roles,

    etc) https://flic.kr/p/bAmFx7

89. Plugins exist for cloud providers, provisioning new machines, and more!

    https://flic.kr/p/9RqBfq

90. Meet `chef` https://flic.kr/p/63iEj9

91. chef comes with ChefDK Photo by Joshua Timberman, licensed under

    Creative Commons Attribution 4.0

92. % chef --version Chef  Development  Kit  Version:  0.6.0   chef-­‐client

     version:  12.3.0   berks  version:  3.2.4   kitchen  version:  1.4.0

93. Workflow for local development litabot image me workflow -> https://scanningwithsharepoint.files.wordpress.com/2013/10/shutterstock_74855416.jpg

94. The tale of two workflows https://github.com/chef/chef-rfc/blob/master/rfc019-chef-workflows.md

95. `chef` functionality will replace some knife workflow plugins https://flic.kr/p/5z7VAc

96. Provision Machines with Chef https://www.flickr.com/photos/kija_kaji/14074377096

97. The old way: knife bootstrap, cloud plugins %  knife  ec2

     server  create  -­‐-­‐ssh-­‐user   ubuntu  -­‐f  m1.small  -­‐I  ami-­‐57516467  -­‐-­‐ region  us-­‐west-­‐2  -­‐S  jtimberman  -­‐i  ~/.ssh/ chef-­‐aws-­‐jtimberman.pem  -­‐g  default  -­‐-­‐ hint=ec2.json  -­‐r  'role[appserver]'  

98. The old way: knife bootstrap, cloud plugins %  knife  ec2

     server  create  -­‐-­‐help  |  wc  -­‐l   90 What is this, tar or rsync?!

99. The new way: Chef Provisioning require  'chef/provisioning/aws_driver'   with_driver  'aws'

      machine  'appserver1'  do      machine_options(          bootstrap_options:  {              key_name:  'provisioner',              image_id:  'ami-­‐b99ed989',              instance_type:  'm3.medium'          }      )      recipe  'myapp::frontend'      action  :converge   end

100. Multiple Machines machine  'appserver1'  do      ...   machine

      'appserver2'  do      ...   machine  'database1'  do      ...   machine  'shiny1'  do      ...  etc

101. Chef Provisioning • Write recipes with machine resources • Optionally

     drive them with data • Track it in source control • Convergent, idempotent

102. Chef Provisioning Examples • Chef Provisioning a Chef Server Cluster

     • https://www.youtube.com/watch?v=HUQA1Ikm5Iw

103. Provisioning is only one part of the story Provisioning Configuration

     Management System Integration

104. Configuration Management: • Test and repair nodes to bring them

     in line with policy • Prevent configuration drift over time

105. Test and Repair $  getent  passwd  example   <  no

      results!  >   $  sudo  chef-­‐apply  -­‐e  "user  'example'  do      home  '/opt/example'      shell  '/bin/false'      system  true   end   "  

106. Create the user Recipe:  (chef-­‐apply  cookbook)::(chef-­‐apply  recipe)      *

      user[example]  action  create   DEBUG:  user[example]  user  does  not  exist   DEBUG:  user[example]  setting  shell  to  /bin/false   DEBUG:  user[example]  setting  home  to  /opt/example   INFO:  user[example]  created   -­‐  create  user  example   $  getent  passwd  example   example:x:999:999::/opt/example:/bin/false

107. What if we wanted to change the UID? %  sudo

      chef-­‐apply  -­‐l  debug  -­‐e  "   user  'example'  do      home  '/opt/example'      shell  '/bin/false'      uid  '333'      system  true   end   "  

108. Chef only changes what it needs to change Recipe:  (chef-­‐apply

      cookbook)::(chef-­‐apply   recipe)      *  user[example]  action  create   DEBUG:  user[example]  setting  uid  to  333   INFO:  user[example]  altered          -­‐  alter  user  example         $  getent  passwd  example   example:x:333:999::/opt/example:/bin/false

109. System Integration Make the configured systems work together to provide

     an overall service

110. haproxy example recipe members  =  search('node',  'role:webserver  AND  chef_environment:production')  

     package  'haproxy'   template  '/etc/haproxy/haproxy.cfg'  do      source  'haproxy.cfg.erb'      owner  'root'      group  'root'      mode  '0644'      variables(:pool_members  =>  members)      notifies  :reload,  'service[haproxy]'   end   service  'haproxy'  do      supports  :reload      action  [:enable,  :start]   end

111. haproxy.cfg.erb template backend  servers-­‐http      <%  @pool_members.each  do  |member|

      -­‐%>      server  <%=  member['hostname']  %>  <%=  member['ipaddress']%>:< %=  member['myapp']['port']  %>  weight  1  maxconn  <%=   member['myapp']['max_connections']  %>  check      <%  end  -­‐%>  

112. Ask questions about the infrastructure %  knife  search  node  'role:webserver

      AND   chef_environment:production'   3  items  found   Node  Name:        web1   ...   Node  Name:        web2   ...   Node  Name:        web3   ...etc

113. Why not a service discovery system instead? Sure, why not?

     Chef Search is not a service discovery system. Nor does it do leader election. Service discovery is not infrastructure management. Service discovery tools aren't publishing platforms.

114. Use Chef to setup your favorite PAXOS/RAFT system! So, not

     instead, but in addition to :-)

115. Chef Server Overview https://flic.kr/p/eyLzYC

116. What is the Chef Server? • Publishing system for infrastructure

     as code: • cookbooks • nodes/API clients • roles • environments • data • Four Main Components* *Built as "microservices", aka SOA (without the XML)

117. % chef-server-ctl status run:  bookshelf:  (pid  5376)  60983s;   run:

      nginx:  (pid  5578)  60970s;   run:  oc_bifrost:  (pid  5145)  60997s;   run:  oc_id:  (pid  5194)  60995s;   run:  opscode-­‐erchef:  (pid  5460)  60980s;   run:  opscode-­‐expander:  (pid  5270)  60989s;   run:  opscode-­‐expander-­‐reindexer:  (pid  5330)  60987s;   run:  opscode-­‐solr4:  (pid  5220)  60992s;   run:  postgresql:  (pid  5123)  60998s;   run:  rabbitmq:  (pid  6228)  60913s;   run:  redis_lb:  (pid  14062)  49602s;

118. Erchef, the RESTful API https://flic.kr/p/gTX7Sh

119. Bifrost, the RBAC/ACL service https://flic.kr/p/bs44Hp

120. API / RBAC are Erlang+WebMachine • http://www.erlang.org/ • https://github.com/basho/webmachine •

     http://docs.chef.io/chef_server.html
121. None

122. Search Engine https://flic.kr/p/ac9rhB

123. Chef Server's Search Engine • RabbitMQ • Apache SOLR •

     chef-expander

124. Sounds complicated... The Chef server stores policy and configuration data

     about all your machines. With an API. And a search engine. Without a server you have to create your own way to manage all of that.

125. Installing Chef Server #  add  packagecloud  repository,  then:   %

      sudo  apt-­‐get  install  chef-­‐server-­‐core   %  sudo  chef-­‐server-­‐ctl  reconfigure   %  echo  "There's  no  step  three^Wfour!"

126. Chef Server Add-ons https://flic.kr/p/9CZxfa

127. Push Jobs • Open Source Add-on • Orchestration Primitives •

     https://docs.chef.io/push_jobs.html • https://www.chef.io/blog/chefconf-talks/push-jobs-an- orchestration-building-block-for-private-chef-mark- anderson/

128. Chef Analytics • Event system • Rules • Notifications

129. Chef Analytics Rules rules  'org  notifier'      rule  on

      action      when          true      then          notify('hipchat-­‐org')      end   end

130. Chef Analytics Notifications • HipChat, for example:

131. Chef Manage

132. https://www.chef.io/delivery/ Chef Delivery

133. Test Driven Infrstructure (TDI) https://flic.kr/p/gMbJb8

134. What is "Test Driven Infrastructure"? When you build your infrastructure

     as code, you need to test your infrastructure like code. In other words, bring software testing practices to your infrastructure.

135. Test Kitchen https://flic.kr/p/f1KUrn

136. Kitchen creates machines https://flic.kr/p/bs52Uo

137. Downloading https://www.chef.io/chef/install.sh to file /tmp/install.sh Trying wget... Download complete. Downloading

     Chef for ubuntu... downloading https://www.chef.io/chef/metadata? v=&prerelease=false&nightlies=false&p=ubuntu&pv=14.04&m=x86_64 to file /tmp/install.sh.12411/metadata.txt trying wget... url https://opscode-omnibus-packages.s3.amazonaws.com/ubuntu/10.04/x86_64/ chef_12.3.0-1_amd64.deb md5 d8421c9b3010deb03e713ada00387e8a sha256 e06eb748e44d0a323f4334aececdf3c2c74d2f97323678ad3a43c33ac32b4f81 downloaded metadata file looks valid... downloading https://opscode-omnibus-packages.s3.amazonaws.com/ubuntu/10.04/x86_64/ chef_12.3.0-1_amd64.deb to file /tmp/install.sh.12411/chef_12.3.0-1_amd64.deb trying wget... Comparing checksum with sha256sum... Installing Chef installing with dpkg... Selecting previously unselected package chef. ng database ... 32352 files and directories currently installed.) Preparing to unpack .../chef_12.3.0-1_amd64.deb ... Unpacking chef (12.3.0-1) ... Setting up chef (12.3.0-1) ... Thank you for installing Chef! Kitchen installs Chef

138. [2015-05-05T16:57:11-06:00] INFO: Forking chef instance to converge... [2015-05-05T16:57:11-06:00] INFO: ***

     Chef 12.3.0 *** [2015-05-05T16:57:11-06:00] INFO: Chef-client pid: 12879 [2015-05-05T16:57:14-06:00] INFO: Run List is [recipe[pantry]] [2015-05-05T16:57:14-06:00] INFO: Run List expands to [pantry] [2015-05-05T16:57:14-06:00] INFO: Starting Chef Run for champagne.local [2015-05-05T16:57:14-06:00] INFO: Running start handlers [2015-05-05T16:57:14-06:00] INFO: Start handlers complete. [2015-05-05T16:57:15-06:00] INFO: Loading cookbooks [[email protected], [email protected], [email protected], [email protected], [email protected], [email protected]] [2015-05-05T16:57:49-06:00] INFO: execute[update homebrew from github] ran successfully [2015-05-05T16:57:49-06:00] INFO: Processing homebrew_tap[caskroom/cask] action tap (homebrew::cask line 21) [2015-05-05T16:57:49-06:00] INFO: Processing homebrew_package[brew-cask] action install (homebrew::cask line 23) [2015-05-05T16:57:50-06:00] INFO: Processing execute[update homebrew cask from github] action run (homebrew::cask line 25) Error: brew-cask 0.53.3 already installed [2015-05-05T16:57:50-06:00] INFO: execute[update homebrew cask from github] ran successfully [2015-05-05T16:57:50-06:00] INFO: Processing directory[/opt/homebrew-cask] action create (homebrew::cask line 31) [2015-05-05T16:57:50-06:00] INFO: Processing directory[/opt/homebrew-cask/Caskroom] action create (homebrew::cask line 36) [2015-05-05T16:57:51-06:00] INFO: Chef Run complete in 36.945477 seconds [2015-05-05T16:57:51-06:00] INFO: Running report handlers [2015-05-05T16:57:51-06:00] INFO: Report handlers complete [2015-05-05T16:57:51-06:00] INFO: Sending resource update report (run-id: e8251771-c6fa-4d0f-8858- cc8a85af46f8) Kitchen runs Chef

139. Kitchen verifies the Node https://flic.kr/p/tpCxq

140. TDI Workflow, Tools https://flic.kr/p/oB5Mon

141. chef generate cookbook gluecon %  chef  generate  cookbook  gluecon  

     Compiling  Cookbooks...   Recipe:  code_generator::cookbook      *  directory[/Users/jtimberman/Development/sandbox/gluecon]  action   create          -­‐  create  new  directory  /Users/jtimberman/Development/sandbox/gluecon      *  template[/Users/jtimberman/Development/sandbox/gluecon/metadata.rb]   action  create_if_missing          -­‐  create  new  file  /Users/jtimberman/Development/sandbox/gluecon/ metadata.rb          -­‐  update  content  in  file  /Users/jtimberman/Development/sandbox/ gluecon/metadata.rb  from  none  to  2048b8          (diff  output  suppressed  by  config)   ....

142. Develop Recipes, etc.

143. foodcritic: Lint check Chef Cookbooks %  foodcritic  .   FC023:

      Prefer  conditional  attributes:  ./ recipes/default.rb:20   FC045:  Consider  setting  cookbook  name  in   metadata:  ./metadata.rb:1

144. Unit Testing, Resource Collection Verification with ChefSpec https://flic.kr/p/dancu5

145. ChefSpec: Unit Test Chef recipes %  rspec  spec   chef-­‐client::config

          contains  the  default  chef_server_url  setting      contains  the  default  validation_client_name  setting      contains  /var/run  directory      contains  /var/chef/cache  directory      contains  /var/chef/backup  directory      contains  /var/log/chef  directory      contains  /etc/chef  directory   ...snip   Finished  in  2  minutes  13.6  seconds  (files  took  7.79  seconds  to   load)   41  examples,  0  failures

146. Verify Node State with Audit Mode https://flic.kr/p/rLd1m

147. Audit Mode: Test for Policy Compliance %  sudo  chef-­‐client  -­‐-­‐audit-­‐mode

      enabled   Starting  audit  phase   1  Patching  and  Software  Updates      1.1  Install  Updates,  Patches,  and  Additional  Security   Software          does  not  have  packages  to  upgrade  (FAILED  -­‐  1)   ...   Finished  in  32.97  seconds  (files  took  1.27  seconds  to  load)   113  examples,  28  failures,  5  pending   Audit  phase  exception:      Audit  phase  found  failures  -­‐  28/113  controls  failed

148. Overview of Test Driven Infrastructure with Chef Read more, with

     more links: https://www.chef.io/blog/2015/04/21/overview-of-test-driven- infrastructure-with-chef/
149. None

150. Getting Started with Chef https://flic.kr/p/aikkbD

151. learnchef.com

152. Pick a simple task • Update sudoers • Manage SSH

     keys for your user • Checkout your editor configuration from a repository • Setup NTP • Etc.

153. Takeaways • Chef is a complete automation platform • It

     grows as you grow • Start small, the rest is available when you get there • learn.chef.io • Come visit our booth!

154. https://flic.kr/p/abh4j6 Joshua Timberman @jtimberman [email protected]