• Which talks to a different Chef Server... • Which downloads a recipe that... • Creates machines that run chef-client... • That install Chef Server packages... • Which then run chef-server-ctl reconfigure... • Which runs chef-solo to configure the Chef Server
"chef-‐solo -‐c #{base_path}/embedded/cookbooks/solo.rb -‐j #{base_path}/embedded/cookbooks/dna.json" ) if status.success? log "#{display_name} Reconfigured!" exit! 0 if exit_on_success else exit! 1 end end
using Chef cookbooks • (yay! ...but) • Many forked community cookbooks • (before berkshelf/librarian) • One cookbook per component/service • (postgresql, erchef, authz, rabbitmq, solr, etc) • Growth over time • (over 10k commits) • Not the same as what customers use • (chef-server-ctl reconfigure vs "knife ssh and chef-client")
feature for Hosted Chef • Chef Push Jobs is opened now • Remove tension between Open Source Chef and Enterprise Chef codebase • Remove tension between Hosted Enterprise Chef and Enterprise Chef code, too
node ("bootstrap backend") sudo dpkg -‐i chef-‐server-‐core*.deb sudo vi /etc/opscode/chef-‐server.rb ## manage some server blocks for the cluster per docs sudo chef-‐server-‐ctl reconfigure sudo rsync -‐avz /etc/opscode [email protected]:/etc ## On the second node ("frontend") sudo dpkg -‐i chef-‐server-‐core*.deb sudo chef-‐server-‐ctl reconfigure
backend") sudo dpkg -‐i chef-‐server-‐core*.deb sudo vi /etc/opscode/chef-‐server.rb ## manage some server blocks according to docs.chef.io... sudo chef-‐server-‐ctl reconfigure sudo rsync -‐avz /etc/opscode [email protected]:/etc ## On the second node ("frontend") sudo dpkg -‐i chef-‐server-‐core*.deb sudo chef-‐server-‐ctl reconfigure
• Manage machines as Chef resources • Various provisioners available • several come with ChefDK, e.g., aws, azure • Available as rubygems • Makes it easy to reason about standing up a cluster
recipe 'example-‐postgresql::server' end machine 'cache' do recipe 'example-‐memcached' end machine 'www1' do recipe 'example-‐nginx' end machine 'www2' do recipe 'example-‐nginx end
recipe 'chef-‐server-‐cluster::bootstrap-‐backend' end machine 'frontend' do recipe 'chef-‐server-‐cluster::frontend' end machine 'analytics' do recipe 'chef-‐server-‐cluster::analytics' end
File.join(Dir.home, '.ssh') directory key_dir do recursive true end file File.join(key_dir, key_name) do content ssh_keys['private_ssh_key'] sensitive true end
(using Policyfiles*) • Uploaded data bags • AWS authentication credentials in ~/.aws/config • SSH private key in ~/.ssh/keyname * Due to time constraints, Policyfile discussion is not appearing in this talk
end chef_server_ingredient 'opscode-‐reporting' do notifies :reconfigure, 'chef_server_ingredient[opscode-‐reporting]' end chef_server_ingredient 'opscode-‐manage' do notifies :reconfigure, 'chef_server_ingredient[opscode-‐manage]' end chef_server_ingredient 'opscode-‐analytics' do notifies :reconfigure, 'chef_server_ingredient[opscode-‐analytics]' end
type value_for_platform_family(:debian => 'deb', :rhel => 'rpm') end package new_resource.package_name do options new_resource.options version new_resource.version end end action :reconfigure do ctl_cmd = ctl_command execute "#{new_resource.package_name}-‐reconfigure" do command "#{ctl_cmd} reconfigure" end end
Write the configuration* • Run the reconfigure command • Configuration can happen first - and does with the Chef Provisioning recipes * or rsync it from a node, RIGHT?
"/etc/opscode-‐analytics/#{analytics_file}" do local_path "/tmp/stash/#{analytics_file}" machine 'bootstrap-‐backend' action :download end end %w{ pivotal.pem webui_pub.pem }.each do |opscode_file| machine_file "/etc/opscode/#{opscode_file}" do local_path "/tmp/stash/#{opscode_file}" machine 'bootstrap-‐backend' action :download end end
Create bootstrap-‐backend with AMI ami-‐b99ed989 in us-‐west-‐2 -‐ create node bootstrap-‐backend at https://api.opscode.com/organizations/jtimberman-‐chefconf -‐ update run_list from [] to ["recipe[chef-‐server-‐cluster::bootstrap]"] -‐ waiting for bootstrap-‐backend (i-‐553a519c on aws::us-‐west-‐2) to be connectable -‐ bootstrap-‐backend is now connectable -‐ generate private key (2048 bits) -‐ create directory /etc/chef on bootstrap-‐backend -‐ write file /etc/chef/client.pem on bootstrap-‐backend -‐ create client bootstrap-‐backend at clients -‐ add public_key = "-‐-‐-‐-‐-‐BEGIN PUBLIC KEY-‐-‐-‐-‐-‐\n...SNIP...-‐-‐-‐-‐-‐END PUBLIC KEY-‐-‐-‐-‐-‐\n" -‐ Add bootstrap-‐backend to client read ACLs -‐ Add bootstrap-‐backend to client update ACLs -‐ create directory /etc/chef/ohai/hints on bootstrap-‐backend -‐ write file /etc/chef/ohai/hints/ec2.json on bootstrap-‐backend -‐ write file /etc/chef/client.rb on bootstrap-‐backend -‐ write file /tmp/chef-‐install.sh on bootstrap-‐backend -‐ run 'bash -‐c ' bash /tmp/chef-‐install.sh'' on bootstrap-‐backend [bootstrap-‐backend] Starting Chef Client, version 12.1.1 Chef Client finished, 25/32 resources updated in 453.570204517 seconds -‐ run 'chef-‐client -‐l auto' on bootstrap-‐backend
-‐ Create bootstrap-‐backend with AMI ami-‐b99ed989 in us-‐west-‐2 -‐ create node bootstrap-‐backend at https://api.opscode.com/ organizations/jtimberman-‐chefconf -‐ update run_list from [] to ["recipe[chef-‐server-‐ cluster::bootstrap]"] -‐ waiting for bootstrap-‐backend (i-‐553a519c on aws::us-‐west-‐2) to be connectable -‐ bootstrap-‐backend is now connectable
-‐ create directory /etc/chef/ohai/hints on bootstrap-‐backend -‐ write file /etc/chef/ohai/hints/ec2.json on bootstrap-‐backend -‐ write file /etc/chef/client.rb on bootstrap-‐backend -‐ write file /tmp/chef-‐install.sh on bootstrap-‐backend -‐ run 'bash -‐c ' bash /tmp/chef-‐install.sh'' on bootstrap-‐ backend [bootstrap-‐backend] Starting Chef Client, version 12.1.1 Chef Client finished, 25/32 resources updated in 453.57 seconds -‐ run 'chef-‐client -‐l auto' on bootstrap-‐backend
-‐ download file /etc/opscode-‐analytics/actions-‐source.json on bootstrap-‐backend to /tmp/stash/actions-‐source.json * machine_file[/etc/opscode-‐analytics/webui_priv.pem] action download -‐ download file /etc/opscode-‐analytics/webui_priv.pem on bootstrap-‐backend to /tmp/stash/webui_priv.pem * machine_file[/etc/opscode/pivotal.pem] action download -‐ download file /etc/opscode/pivotal.pem on bootstrap-‐backend to /tmp/stash/pivotal.pem * machine_file[/etc/opscode/webui_pub.pem] action download -‐ download file /etc/opscode/webui_pub.pem on bootstrap-‐backend to /tmp/stash/webui_pub.pem ...SNIP -‐ upload file /tmp/stash/webui_priv.pem to /etc/opscode/webui_priv.pem on frontend -‐ upload file /tmp/stash/webui_pub.pem to /etc/opscode/webui_pub.pem on frontend -‐ upload file /tmp/stash/pivotal.pem to /etc/opscode/pivotal.pem on frontend
you want to use • Using Chef to build Chef is awesome • Chef Provisioning makes deploying to EC2 easy • chef-server-cluster is a full working example • chef-server-ingredient is a lower level primitive • (and used by chef-server cookbook, too!) • Build your own with chef-server-ingredient