5 Things You Always Wanted To Know About Chef

Transcript

1. 5 Things You Always Wanted To Know About Chef ...but

   were afraid to ask Nathen Harvey Web Operations, CustomInk Contributor - Food Fight Show @nathenharvey @nathenharvey

2. What things? Attribute Precedence Encrypted Databags LWRP Exception and Report

   Handlers Capistrano vs. Chef @nathenharvey

3. Attribute Precedence Attributes can be set on the node from

   the following objects: cookbooks environments (>= 0.10.0) roles nodes, but mind the ohai @nathenharvey

4. Types of Attributes default normal or set override automatic @nathenharvey

5. Default Attribute Precedence 1. default in an attributes file 2.

   default in an environment 3. default in a role 4. default attributes applied on a node directly in a recipe @nathenharvey

6. Normal Attribute Precedence 1. normal or set in an attributes

   file 2. normal or set attributes applied on a node directly in a recipe @nathenharvey

7. Override Attribute Precedence 1. override in an attributes file 2.

   override in a role 3. override in an environment 4. override attributes applied on a node directly in a recipe @nathenharvey

8. Summary 1. default < normal < override 2. attribute file

   < environment < role < recipe 3. automatic have the highest precedence and may not be modified @nathenharvey

9. Want to get crazy? bag_config cookbook allows attributes to be

   provided via data bag entries. It slips functionality into recipes seamlessly to provide consistent functionality across all recipes, not just those explicitly built for it. @nathenharvey

10. Encrypted Databags $ knife data bag create db creds --secret-file

    ~/.chef/secret { "id": "creds", "production" : { "username": "prod_user", "password": "tFVn9GvpIOUcmIIt" }, "staging" : { "username": "user", "password": "notS0$ecret" } } @nathenharvey

11. Encrypted Databags $ knife data bag show db creds --secret-file

    ~/.chef/secret id: creds production: password: tFVn9GvpIOUcmIIt username: prod_user staging: password: notS0$ecret username: user @nathenharvey

12. Encrypted Databags $ knife data bag edit db creds --secret-file

    ~/.chef/secret { "id": "creds", "production": { "username": "prod_user", "password": "tFVn9GvpIOUcmIIt" }, "staging": { "username": "user", "password": "notS0$ecret" } } @nathenharvey

13. Encrypted Databags @nathenharvey

14. Encrypted Databags $ knife data bag show db creds -Fj

    > data_bags/db/creds.json { "id": "creds", "production": "txt+gIEznZPl1r2KNXL918I7CsYjkU3xuSFRZq99MhSFQWrO0F "staging": "4qMvWb2xEYPeOBSluW1zuBKANKXYn0c2D9arUA6Oj3VNvMN3Ojbbm } @nathenharvey

15. Encrypted Databags Use the data in a recipe creds =

    Chef::EncryptedDataBagItem.load("db" env_db_creds = db_creds[node["rails_env"]] template "#{app_dir}/shared/config/database.ym source "database.yml.erb" variables( :rails_env => node["rails_env"], :username => env_db_creds["username"], :password => env_db_creds["password"] ) end @nathenharvey

16. LWRP Light-Weight Resources and Providers Resources: Basic unit, representation of

    something, like Packages Providers: Allow you to manipulate resources LWRPs: Allow you to define your own resources and their providers @nathenharvey

17. Resource and Provider Example directory "/tmp/monkey" do owner "root" group

    "root" mode 0755 action :create end @nathenharvey

18. LWRP Example pre-LWRP # recipe file: # Add alias for

    myrailsapp template "/etc/profile.d/myrailsapp.sh" do mode "0644" source "myrailsapp.sh.erb" end # template file: alias current='cd /opt/myrailsapp/current' @nathenharvey

19. LWRP Example The resource file actions :add, :remove attribute :alias_name,

    :kind_of => String, :name_attribute => true attribute :command, :kind_of => String, :default => nil @nathenharvey

20. LWRP Example action :add do command_name = sanitize_to_command new_resou if

    !new_resource.command.nil? Chef::Log.info("Adding #{command_name}.sh file_contents = "# This alias was generate file_contents += "alias #{command_name}='# file "/etc/profile.d/#{command_name}.sh" owner "root" group "root" mode "0755" content file_contents end new_resource.updated_by_last_action(true end end @nathenharvey

21. LWRP Example include_recipe "magic_shell" magic_shell_alias "current" do command "cd /opt/myrailsapp/current"

    action :add end @nathenharvey

22. Exception and Report Handlers Allow you to run code when

    chef run starts, ends, fails or succeeds The most obvious use is to notify when a Chef run fails Can be used to gather rich data about your chef runs @nathenharvey

23. Exception and Report Handlers success? / failed? backtrace exception formatted_exception

    @nathenharvey

24. Exception and Report Handlers node all_resources updated_resources elapsed_time @nathenharvey

25. Exception and Report Handlers start_time / end_time run_context @nathenharvey

26. Community Based Handlers Airbrake exceptions Campfire handler chef-handler-graphite Mail report

    handler ...and more @nathenharvey

27. Exception and Report Handlers At a minimum, send an email

    when a chef run fails. @nathenharvey

28. DATADOG Handler @nathenharvey

29. Capistrano vs. Chef Deploy resource or Capistrano? Why use cap?

    How do I integrate the two? @nathenharvey

30. Deploying with Capistrano Without Chef: role :web, "web01","web02","web03" Update every

    time something changes @nathenharvey

31. Deploying with Capistrano With Chef search webservers = [] web_query

    = Chef::Search::Query.new web_query.search(:node, 'role:chefconf_web') do |h| websevers << h["fqdn"] end role :web, *webservers @nathenharvey

32. Thank You! @nathenharvey http://nathenharvey.com [email protected] http://foodfightshow.org http://bit.ly/LXdc0s @nathenharvey