$30 off During Our Annual Pro Sale. View Details »

5 Things You Always Wanted To Know About Chef

Nathen Harvey
May 17, 2012

5 Things You Always Wanted To Know About Chef

Level-up your Chef skills by learning about these areas of Chef:
* Attribute Precedence - Role, environment, cookbook, data bag? Which attribute value will be used in my chef run? Walk through an example that will show you which value gets applied in your chef run.
* Encrypted Databags - Chef 0.10 brought us encrypted databags. We'll look at how to create and use databags and how to keep them up-to-date in your repository.
* LWRP - What is a LWRP? How and why do you create one? We'll look at a couple of sample LWRPs and learn how to build a simple one.
* Error Handlers - Demystify exception and report handlers by writing a simple one and seeing examples of how they work in the wild.
* Capistrano and Chef - Take a quick look at why and how to integrate Chef search into your Capistrano configuration to make deploying your Rails apps even easier.

Nathen Harvey

May 17, 2012


  1. 5 Things You Always Wanted To Know About Chef ...but

    were afraid to ask Nathen Harvey Web Operations, CustomInk Contributor - Food Fight Show @nathenharvey @nathenharvey
  2. What things? Attribute Precedence Encrypted Databags LWRP Exception and Report

    Handlers Capistrano vs. Chef @nathenharvey
  3. Attribute Precedence Attributes can be set on the node from

    the following objects: cookbooks environments (>= 0.10.0) roles nodes, but mind the ohai @nathenharvey
  4. Types of Attributes default normal or set override automatic @nathenharvey

  5. Default Attribute Precedence 1. default in an attributes file 2.

    default in an environment 3. default in a role 4. default attributes applied on a node directly in a recipe @nathenharvey
  6. Normal Attribute Precedence 1. normal or set in an attributes

    file 2. normal or set attributes applied on a node directly in a recipe @nathenharvey
  7. Override Attribute Precedence 1. override in an attributes file 2.

    override in a role 3. override in an environment 4. override attributes applied on a node directly in a recipe @nathenharvey
  8. Summary 1. default < normal < override 2. attribute file

    < environment < role < recipe 3. automatic have the highest precedence and may not be modified @nathenharvey
  9. Want to get crazy? bag_config cookbook allows attributes to be

    provided via data bag entries. It slips functionality into recipes seamlessly to provide consistent functionality across all recipes, not just those explicitly built for it. @nathenharvey
  10. Encrypted Databags $ knife data bag create db creds --secret-file

    ~/.chef/secret { "id": "creds", "production" : { "username": "prod_user", "password": "tFVn9GvpIOUcmIIt" }, "staging" : { "username": "user", "password": "notS0$ecret" } } @nathenharvey
  11. Encrypted Databags $ knife data bag show db creds --secret-file

    ~/.chef/secret id: creds production: password: tFVn9GvpIOUcmIIt username: prod_user staging: password: notS0$ecret username: user @nathenharvey
  12. Encrypted Databags $ knife data bag edit db creds --secret-file

    ~/.chef/secret { "id": "creds", "production": { "username": "prod_user", "password": "tFVn9GvpIOUcmIIt" }, "staging": { "username": "user", "password": "notS0$ecret" } } @nathenharvey
  13. Encrypted Databags @nathenharvey

  14. Encrypted Databags $ knife data bag show db creds -Fj

    > data_bags/db/creds.json { "id": "creds", "production": "txt+gIEznZPl1r2KNXL918I7CsYjkU3xuSFRZq99MhSFQWrO0F "staging": "4qMvWb2xEYPeOBSluW1zuBKANKXYn0c2D9arUA6Oj3VNvMN3Ojbbm } @nathenharvey
  15. Encrypted Databags Use the data in a recipe creds =

    Chef::EncryptedDataBagItem.load("db" env_db_creds = db_creds[node["rails_env"]] template "#{app_dir}/shared/config/database.ym source "database.yml.erb" variables( :rails_env => node["rails_env"], :username => env_db_creds["username"], :password => env_db_creds["password"] ) end @nathenharvey
  16. LWRP Light-Weight Resources and Providers Resources: Basic unit, representation of

    something, like Packages Providers: Allow you to manipulate resources LWRPs: Allow you to define your own resources and their providers @nathenharvey
  17. Resource and Provider Example directory "/tmp/monkey" do owner "root" group

    "root" mode 0755 action :create end @nathenharvey
  18. LWRP Example pre-LWRP # recipe file: # Add alias for

    myrailsapp template "/etc/profile.d/myrailsapp.sh" do mode "0644" source "myrailsapp.sh.erb" end # template file: alias current='cd /opt/myrailsapp/current' @nathenharvey
  19. LWRP Example The resource file actions :add, :remove attribute :alias_name,

    :kind_of => String, :name_attribute => true attribute :command, :kind_of => String, :default => nil @nathenharvey
  20. LWRP Example action :add do command_name = sanitize_to_command new_resou if

    !new_resource.command.nil? Chef::Log.info("Adding #{command_name}.sh file_contents = "# This alias was generate file_contents += "alias #{command_name}='# file "/etc/profile.d/#{command_name}.sh" owner "root" group "root" mode "0755" content file_contents end new_resource.updated_by_last_action(true end end @nathenharvey
  21. LWRP Example include_recipe "magic_shell" magic_shell_alias "current" do command "cd /opt/myrailsapp/current"

    action :add end @nathenharvey
  22. Exception and Report Handlers Allow you to run code when

    chef run starts, ends, fails or succeeds The most obvious use is to notify when a Chef run fails Can be used to gather rich data about your chef runs @nathenharvey
  23. Exception and Report Handlers success? / failed? backtrace exception formatted_exception

  24. Exception and Report Handlers node all_resources updated_resources elapsed_time @nathenharvey

  25. Exception and Report Handlers start_time / end_time run_context @nathenharvey

  26. Community Based Handlers Airbrake exceptions Campfire handler chef-handler-graphite Mail report

    handler ...and more @nathenharvey
  27. Exception and Report Handlers At a minimum, send an email

    when a chef run fails. @nathenharvey
  28. DATADOG Handler @nathenharvey

  29. Capistrano vs. Chef Deploy resource or Capistrano? Why use cap?

    How do I integrate the two? @nathenharvey
  30. Deploying with Capistrano Without Chef: role :web, "web01","web02","web03" Update every

    time something changes @nathenharvey
  31. Deploying with Capistrano With Chef search webservers = [] web_query

    = Chef::Search::Query.new web_query.search(:node, 'role:chefconf_web') do |h| websevers << h["fqdn"] end role :web, *webservers @nathenharvey
  32. Thank You! @nathenharvey http://nathenharvey.com nharvey@customink.com http://foodfightshow.org http://bit.ly/LXdc0s @nathenharvey