Upgrade to Pro — share decks privately, control downloads, hide ads and more …

5 Things You Always Wanted To Know About Chef

Nathen Harvey
May 17, 2012
7.1k

5 Things You Always Wanted To Know About Chef

Level-up your Chef skills by learning about these areas of Chef:
* Attribute Precedence - Role, environment, cookbook, data bag? Which attribute value will be used in my chef run? Walk through an example that will show you which value gets applied in your chef run.
* Encrypted Databags - Chef 0.10 brought us encrypted databags. We'll look at how to create and use databags and how to keep them up-to-date in your repository.
* LWRP - What is a LWRP? How and why do you create one? We'll look at a couple of sample LWRPs and learn how to build a simple one.
* Error Handlers - Demystify exception and report handlers by writing a simple one and seeing examples of how they work in the wild.
* Capistrano and Chef - Take a quick look at why and how to integrate Chef search into your Capistrano configuration to make deploying your Rails apps even easier.

Nathen Harvey

May 17, 2012
Tweet

Transcript

  1. 5 Things You Always Wanted To Know About Chef ...but

    were afraid to ask Nathen Harvey Web Operations, CustomInk Contributor - Food Fight Show @nathenharvey @nathenharvey
  2. Attribute Precedence Attributes can be set on the node from

    the following objects: cookbooks environments (>= 0.10.0) roles nodes, but mind the ohai @nathenharvey
  3. Default Attribute Precedence 1. default in an attributes file 2.

    default in an environment 3. default in a role 4. default attributes applied on a node directly in a recipe @nathenharvey
  4. Normal Attribute Precedence 1. normal or set in an attributes

    file 2. normal or set attributes applied on a node directly in a recipe @nathenharvey
  5. Override Attribute Precedence 1. override in an attributes file 2.

    override in a role 3. override in an environment 4. override attributes applied on a node directly in a recipe @nathenharvey
  6. Summary 1. default < normal < override 2. attribute file

    < environment < role < recipe 3. automatic have the highest precedence and may not be modified @nathenharvey
  7. Want to get crazy? bag_config cookbook allows attributes to be

    provided via data bag entries. It slips functionality into recipes seamlessly to provide consistent functionality across all recipes, not just those explicitly built for it. @nathenharvey
  8. Encrypted Databags $ knife data bag create db creds --secret-file

    ~/.chef/secret { "id": "creds", "production" : { "username": "prod_user", "password": "tFVn9GvpIOUcmIIt" }, "staging" : { "username": "user", "password": "notS0$ecret" } } @nathenharvey
  9. Encrypted Databags $ knife data bag show db creds --secret-file

    ~/.chef/secret id: creds production: password: tFVn9GvpIOUcmIIt username: prod_user staging: password: notS0$ecret username: user @nathenharvey
  10. Encrypted Databags $ knife data bag edit db creds --secret-file

    ~/.chef/secret { "id": "creds", "production": { "username": "prod_user", "password": "tFVn9GvpIOUcmIIt" }, "staging": { "username": "user", "password": "notS0$ecret" } } @nathenharvey
  11. Encrypted Databags $ knife data bag show db creds -Fj

    > data_bags/db/creds.json { "id": "creds", "production": "txt+gIEznZPl1r2KNXL918I7CsYjkU3xuSFRZq99MhSFQWrO0F "staging": "4qMvWb2xEYPeOBSluW1zuBKANKXYn0c2D9arUA6Oj3VNvMN3Ojbbm } @nathenharvey
  12. Encrypted Databags Use the data in a recipe creds =

    Chef::EncryptedDataBagItem.load("db" env_db_creds = db_creds[node["rails_env"]] template "#{app_dir}/shared/config/database.ym source "database.yml.erb" variables( :rails_env => node["rails_env"], :username => env_db_creds["username"], :password => env_db_creds["password"] ) end @nathenharvey
  13. LWRP Light-Weight Resources and Providers Resources: Basic unit, representation of

    something, like Packages Providers: Allow you to manipulate resources LWRPs: Allow you to define your own resources and their providers @nathenharvey
  14. Resource and Provider Example directory "/tmp/monkey" do owner "root" group

    "root" mode 0755 action :create end @nathenharvey
  15. LWRP Example pre-LWRP # recipe file: # Add alias for

    myrailsapp template "/etc/profile.d/myrailsapp.sh" do mode "0644" source "myrailsapp.sh.erb" end # template file: alias current='cd /opt/myrailsapp/current' @nathenharvey
  16. LWRP Example The resource file actions :add, :remove attribute :alias_name,

    :kind_of => String, :name_attribute => true attribute :command, :kind_of => String, :default => nil @nathenharvey
  17. LWRP Example action :add do command_name = sanitize_to_command new_resou if

    !new_resource.command.nil? Chef::Log.info("Adding #{command_name}.sh file_contents = "# This alias was generate file_contents += "alias #{command_name}='# file "/etc/profile.d/#{command_name}.sh" owner "root" group "root" mode "0755" content file_contents end new_resource.updated_by_last_action(true end end @nathenharvey
  18. Exception and Report Handlers Allow you to run code when

    chef run starts, ends, fails or succeeds The most obvious use is to notify when a Chef run fails Can be used to gather rich data about your chef runs @nathenharvey
  19. Exception and Report Handlers At a minimum, send an email

    when a chef run fails. @nathenharvey
  20. Capistrano vs. Chef Deploy resource or Capistrano? Why use cap?

    How do I integrate the two? @nathenharvey
  21. Deploying with Capistrano With Chef search webservers = [] web_query

    = Chef::Search::Query.new web_query.search(:node, 'role:chefconf_web') do |h| websevers << h["fqdn"] end role :web, *webservers @nathenharvey