Automate your Infrastructure with Chef

Slide 1

Slide 1 text

Slide 2

Slide 2 text

cjoudrey   @

Slide 3

Slide 3 text

No content

Slide 4

Slide 4 text

c #

Slide 5

Slide 5 text

c # # # # # # # in minutes

Slide 6

Slide 6 text

# d # d c # # # # # d in minutes

Slide 7

Slide 7 text

w Manual setup takes time

Slide 8

Slide 8 text

# ruby 1.9.3 # ruby 1.9.2 != and error-prone

Slide 9

Slide 9 text

# ruby 1.9.3 # ruby 1.9.2 != Oops! and error-prone

Slide 10

Slide 10 text

What is ?! Chef

Slide 11

Slide 11 text

1 Manage servers with ruby code

Slide 12

Slide 12 text

instead of $ ssh root@app1 Last login: Thu Feb 28 ... # apt-get install nginx ... # vim /etc/nginx/nginx.conf ... # apt-get install ruby ...

Slide 13

Slide 13 text

client server

Slide 14

Slide 14 text

# node # node # node # chef server (server1 to server3.example.com) (chef.example.com) knife ! (local machine)

Slide 15

Slide 15 text

# node # node # node # chef server (server1 to server3.example.com) (chef.example.com) knife ! (local machine)

Slide 16

Slide 16 text

# node # node # node # chef server (server1 to server3.example.com) (chef.example.com) knife ! (local machine)

Slide 17

Slide 17 text

# node # node # node # chef server chef-client (server1 to server3.example.com) knife ! (local machine)

Slide 18

Slide 18 text

2terminology Chef

Slide 19

Slide 19 text

2recipe Ruby file that contains Chef commands

Slide 20

Slide 20 text

2cookbook Collection of Chef recipes

Slide 21

Slide 21 text

Getting started with Chef 2

Slide 22

Slide 22 text

git clone opscode/chef-repo https://github.com/opscode/chef-repo !

Slide 23

Slide 23 text

! $ ls confoo ... cookbooks/ data_bags/ environments/ roles/

Slide 24

Slide 24 text

Install Chef on local machine !

Slide 25

Slide 25 text

! gem install chef

Slide 26

Slide 26 text

# Hosted* Chef server from Opscode * free up to 5 nodes

Slide 27

Slide 27 text

Slide 28

Slide 28 text

Slide 29

Slide 29 text

Setup Knife on local machine !

Slide 30

Slide 30 text

# node # node # node # chef server (server1 to server3.example.com) (chef.example.com) knife ! (local machine)

Slide 31

Slide 31 text

! $ ls confoo/.chef confoo-demo-validator.pem confoo-demo.pem knife.rb Copy files to REPO/.chef

Slide 32

Slide 32 text

! $ cd confoo $ knife user list confoo-demo Test Knife

Slide 33

Slide 33 text

8 Create your first cookbook $ cd confoo $ knife cookbook create nginx

Slide 34

Slide 34 text

8 $ ls cookbooks/nginx ... attributes/ providers/ recipes/ resources/ templates/

Slide 35

Slide 35 text

package "nginx" cookbooks/nginx/recipes/default.rb

Slide 36

Slide 36 text

package installs using system’s package mgr

Slide 37

Slide 37 text

cookbooks/nginx/recipes/default.rb package "nginx" service "nginx"

Slide 38

Slide 38 text

service defines an available service

Slide 39

Slide 39 text

cookbooks/nginx/recipes/default.rb package "nginx" service "nginx" do supports :status => true, :restart => true, :reload => true end

Slide 40

Slide 40 text

cookbooks/nginx/recipes/default.rb package "nginx" service "nginx" do supports :status => true, :restart => true, :reload => true action [:enable, :start] end

Slide 41

Slide 41 text

:enable start on server boot

Slide 42

Slide 42 text

:start start when Chef runs

Slide 43

Slide 43 text

8 Upload cookbook $ knife cookbook upload nginx Uploading nginx [0.1.0]

Slide 44

Slide 44 text

Let’s test it on a node #

Slide 45

Slide 45 text

! $ knife bootstrap \ server1.example.com Bootstrap a node

Slide 46

Slide 46 text

Slide 47

Slide 47 text

2run list Ordered list of recipes and roles that get run on the node

Slide 48

Slide 48 text

! $ knife node edit \ server1.example.com Edit a node

Slide 49

Slide 49 text

{ "name": "server1.example.com", "run_list": [ ] }

Slide 50

Slide 50 text

{ "name": "server1.example.com", "run_list": [ "recipe[nginx::default]" ] }

Slide 51

Slide 51 text

recipe[nginx::default] means default recipe of nginx cookbook

Slide 52

Slide 52 text

$ ssh server1.example.com server1:~# chef-client Run Chef on the node #

Slide 53

Slide 53 text

Slide 54

Slide 54 text

Slide 55

Slide 55 text

# Let’s configure nginx

Slide 56

Slide 56 text

copy from server to nginx cookbook templates/default/nginx.conf.erb /etc/nginx/nginx.conf !

Slide 57

Slide 57 text

cookbooks/nginx/recipes/default.rb package "nginx" service "nginx" do supports :status => true, :restart => true, :reload => true action [:enable, :start] end template "/etc/nginx/nginx.conf" do source "nginx.conf.erb" notifies :reload, "service[nginx]" end

Slide 58

Slide 58 text

Slide 59

Slide 59 text

Slide 60

Slide 60 text

Slide 61

Slide 61 text

! Upload the cookbook and run chef-client on node

Slide 62

Slide 62 text

Slide 63

Slide 63 text

2 Chef is idempotent

Slide 64

Slide 64 text

! What if we edit templates/default/nginx.conf.erb and run Chef

Slide 65

Slide 65 text

Slide 66

Slide 66 text

Slide 67

Slide 67 text

Slide 68

Slide 68 text

Let’s run Chef one more time #

Slide 69

Slide 69 text

Slide 70

Slide 70 text

2Attributes

Slide 71

Slide 71 text

nginx/templates/default/nginx.conf.erb user www-data; worker_processes 2; pid /var/run/nginx.pid; ...

Slide 72

Slide 72 text

nginx/attributes/nginx.rb default['nginx']['worker_processes'] = 2

Slide 73

Slide 73 text

nginx/templates/default/nginx.conf.erb user www-data; worker_processes <%= node['nginx'] ['worker_processes'] %>; pid /var/run/nginx.pid; ...

Slide 74

Slide 74 text

# Override for a specific node

Slide 75

Slide 75 text

{ "name": "server1.example.com", "run_list": [ "recipe[nginx::default]" ] }

Slide 76

Slide 76 text

{ "name": "server1.example.com", "normal": { "nginx": { "worker_processes": 4 }, }, "run_list": [ "recipe[nginx::default]" ] }

Slide 77

Slide 77 text

2Roles

Slide 78

Slide 78 text

roles/app-server.rb name 'app-server' description 'app-server stuff' run_list( 'recipe[nginx::default]' ) override_attributes( 'nginx' => { 'worker_processes' => 2 } )

Slide 79

Slide 79 text

! $ knife role from file \ app-server.rb Upload a role

Slide 80

Slide 80 text

Apply the role on a node #

Slide 81

Slide 81 text

{ "name": "server1.example.com", "run_list": [ "role[app-server]" ] }

Slide 82

Slide 82 text

Slide 83

Slide 83 text

{ "name": "server1.example.com", "run_list": [ "role[base]", "role[app-server]" ] }

Slide 84

Slide 84 text

2 Environments

Slide 85

Slide 85 text

environments/production.rb name 'production' cookbook_versions 'nginx' => '= 0.1.0'

Slide 86

Slide 86 text

{ "name": "server1.example.com", "chef_environment": "production", "run_list": [ "recipe[nginx::default]" ] }

Slide 87

Slide 87 text

! Searching for nodes $ knife search node \ role:app-server

Slide 88

Slide 88 text

Slide 89

Slide 89 text

8 Searching can be done in recipes too!

Slide 90

Slide 90 text

8 Searching can be done in recipes too! OMFG!

Slide 91

Slide 91 text

backend app balance roundrobin server app1 10.10.0.1 check port 80 server app2 10.10.0.2 check port 80 server app3 10.10.0.3 check port 80

Slide 92

Slide 92 text

nodes = search( :node, 'role:app-server' ) template "/etc/haproxy.conf" do source "haproxy.conf.erb" variables :nodes => nodes end

Slide 93

Slide 93 text

backend www balance roundrobin <% @nodes.each do |n| %> server <%= n[:hostname] %> <%= n[:ipaddress] %> check port <% end %>