Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Introduction to Chef - LISA11

someara
December 09, 2011
10
6k

Introduction to Chef - LISA11

Slides from my talk at the CloudStack Build a Cloud Day at LISA 2011

someara

December 09, 2011
Tweet

More Decks by someara

See All by someara
Docker Docker Docker Chef
someara
0
260
Hand Crafted Artisinal Chef Resources
someara
0
350
Configuration Management Camp 2015
someara
1
340
Cookbook Reusability
someara
0
300
TDI with ChefDK 0.0.1
someara
2
380
Configuration Management 101 @ Scale12x
someara
2
650
Configuration Management 101
someara
3
560
Introduction to Chef - Scale 10x
someara
2
350
Introduction to Chef - NYLUG Jan 2012
someara
2
240

Featured

See All Featured
Designing on Purpose - Digital PM Summit 2013
jponch
108
6k
Docker and Python
trallard
31
2.1k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
658
120k
Three Pipe Problems
jasonvnalue
89
9.1k
Agile that works and the tools we love
rasmusluckow
322
20k
Making Projects Easy
brettharned
102
5k
jQuery: Nuts, Bolts and Bling
dougneiner
57
6.7k
Into the Great Unknown - MozCon
thekraken
6
480
How STYLIGHT went responsive
nonsquared
89
4.3k
In The Pink: A Labor of Love
frogandcode
133
21k
Art Directing for the Web. Five minutes with CSS Template Areas
malarkey
197
11k
What's new in Ruby 2.0
geeforr
336
30k

Transcript

  1. Introduction to Chef
    [email protected]
    www.opscode.com
    @someara

    View Slide

  2. View Slide

  3. • U has a cloud
    • Now what?
    http://www.flickr.com/photos/ian_munroe/4758240536/
    Congratulations!!!

    View Slide

  4. APIs are awesome
    • You can provision
    compute resources in
    seconds
    • You can provision
    storage resources in
    seconds
    • That’s cool.
    http://www.flickr.com/photos/jdhancock/3634246981/

    View Slide

  5. Chef can help with that
    • knife ec2 server
    create
    • knife rackspace
    server create
    • knife terremark
    server create
    • knife voxel
    server create
    • knife gandi
    server create
    • knife cloudstack
    server create
    • knife vsphere
    server create
    • knife eucalyptus
    server create
    • knife openstack
    server create
    http://www.flickr.com/photos/kyz/3122499444/

    View Slide

  6. But then what?
    http://www.flickr.com/photos/doctorow/2698336843

    View Slide

  7. You need to configure them

    View Slide

  8. http://www.flickr.com/photos/sbh/462754460/
    Infrastructure

    View Slide

  9. Collection of Resources
    • Nodes
    • Networking
    • Files
    • Directories
    • Symlinks
    • Mounts
    • Routes
    • Users
    • Groups
    • Tasks
    • Packages
    • Software
    • Services
    • Configurations
    • Stuff
    http://www.flickr.com/photos/stevekeys/3123167585/

    View Slide

  10. Acting in concert
    http://www.flickr.com/photos/glowjangles/4081048126/

    View Slide

  11. http://www.flickr.com/photos/[email protected]/3743455858/
    To provide a Service

    View Slide

  12. http://www.flickr.com/photos/[email protected]/2681435235/
    And it evolves

    View Slide

  13. Application
    See Node

    View Slide

  14. Application
    Application Database
    See Nodes

    View Slide

  15. Application
    App Databases
    See Nodes Grow

    View Slide

  16. App Servers
    App Databases
    See Nodes Grow

    View Slide

  17. App LB
    App Servers
    App Databases
    See Nodes Grow

    View Slide

  18. App LBs
    App Servers
    App Databases
    See Nodes Grow

    View Slide

  19. App LBs
    App Servers
    App DB Cache
    App DBs
    See Nodes Grow

    View Slide

  20. App LBs
    App Servers
    App DB Cache
    App DBs
    Stitched together with configs

    View Slide

  21. App LB
    App Servers
    App DB Cache
    App DBs
    Floating IP?
    Your Infrastructure is a snow flake

    View Slide

  22. App LBs
    App Servers
    NoSQL
    DB slaves
    Cache
    DB Cache
    DBs
    Complexity increases quickly

    View Slide

  23. Complexity increases very quickly
    DC1
    DC3
    DC2

    View Slide

  24. Configuration Management
    http://www.flickr.com/photos/philliecasablanca/3354734116/

    View Slide

  25. Golden Images are not the answer
    • Gold is heavy
    • Hard to transport
    • Hard to mold
    • Easy to lose
    configuration detail
    http://www.flickr.com/photos/garysoup/2977173063/

    View Slide

  26. Jboss App
    Memcache
    Postgres Slaves
    Postgres Master
    Typical Boring Infrastructure
    Nagios
    Graphite

    View Slide

  27. Jboss App
    Memcache
    Postgres Slaves
    Postgres Master
    New Compliance Mandate
    Nagios
    Graphite
    • Move SSH off port 22
    • Lets put it on 2022

    View Slide

  28. Jboss App
    Memcache
    Postgres Slaves
    Postgres Master
    6 Golden Image Updates
    Nagios
    Graphite
    • edit /etc/ssh/sshd_config
    1 2
    3
    4
    5
    6

    View Slide

  29. Jboss App
    Memcache
    Postgres Slaves
    Postgres Master
    12 Instance Replacements
    Nagios
    Graphite
    • Delete, launch
    1 2
    3 4 5 6 7
    8 9
    10 11
    12
    • Repeat
    • Typically manually

    View Slide

  30. Done in Maintenance Windows
    • Don’t break anything!
    • Bob just got fired =(
    5
    Jboss App
    Memcache
    Postgres Slaves
    Postgres Master
    Nagios
    Graphite 1 2
    4 5 6 7
    8 9
    10 11
    12
    3

    View Slide

  31. Jboss App
    Memcache
    Postgres Slaves
    Postgres Master
    Different IP Addresses?
    Nagios
    Graphite
    • Invalid configs!

    View Slide

  32. http://www.flickr.com/photos/francoforeshock/5716969942/
    Configuration Desperation

    View Slide

  33. Chef Solves This Problem
    • But you already
    guessed that, didn’t
    you?

    View Slide

  34. • Generate
    configurations directly
    on nodes
    • Reduce management
    complexity
    • Version control the
    programs
    http://www.flickr.com/photos/ssoosay/5126146763/
    Programs!

    View Slide

  35. Declarative Interface to Resources
    • Define policy
    • Say what, not how
    • Pull not Push
    http://www.flickr.com/photos/bixentro/2591838509/

    View Slide

  36. Chef is Infrastructure as Code
    http://www.flickr.com/photos/louisb/4555295187/
    • Programmatically
    provision and configure
    • Treat like any other code
    base
    • Reconstruct business from
    code repository, data
    backup, and bare metal
    resources.

    View Slide

  37. package "ntp" do
    action :install
    end
    service "ntpd" do
    action [:enable,:start]
    end
    template "/etc/ntpd.conf" do
    source "ntpd.conf.erb"
    owner "root"
    group "root"
    mode 0644
    action :create
    variables(:time_server => “time.example.com”)
    notifies :restart, “service[ntpd]”
    end
    That looks like this

    View Slide

  38. package "net-snmp" do
    action :install
    end
    service "snmpd" do
    action [:enable,:start]
    end
    template "/etc/snmpd.conf" do
    source "snmpd.conf.erb"
    owner "root"
    group "root"
    mode 0644
    action :create
    variables(:community_string => “not_public”)
    notifies :restart, “service[snmpd]”
    end
    Or this

    View Slide

  39. Recipes and Cookbooks
    • Recipes are collections of
    Resources
    • Cookbooks contain
    recipes, templates, files,
    custom resources, etc
    • Code re-use and
    modularity
    http://www.flickr.com/photos/shutterhacks/4474421855/

    View Slide

  40. Run Lists
    Server
    Server
    Server
    Server
    chef-server
    API
    chef-client
    recipe[ntp::client]
    node
    ntp
    client.rb

    View Slide

  41. Run Lists
    Server
    Server
    Server
    Server
    chef-server
    API
    chef-client “ntp::client”,
    “openssh::server”
    node
    ntp
    client.rb
    openssh
    server.rb

    View Slide

  42. Run Lists
    Server
    Server
    Server
    Server
    chef-server
    API
    chef-client
    “recipe[ntp::client]”,
    “recipe[openssh::server]”,
    “recipe[apache]”,
    “recipe[php]”
    node
    ntp
    client.rb
    openssh
    server.rb
    apache
    default.rb
    php
    default.rb

    View Slide

  43. Roles
    Role
    Recipe
    Recipe
    Recipe
    Role
    Role
    Recipe
    Recipe
    Recipe
    Role
    Recipe
    Server
    Server
    Server
    Server
    chef-server
    API
    Knife

    View Slide

  44. Run Lists
    Server
    Server
    Server
    Server
    chef-server
    API
    chef-client
    “recipe[ntp::client]”,
    “recipe[openssh::server]”,
    “recipe[apache]”,
    “recipe[php]”
    node
    ntp
    client.rb
    openssh
    server.rb
    apache
    default.rb
    php
    default.rb

    View Slide

  45. Server
    Server
    Server
    Server
    chef-server
    API
    chef-client
    “role[base]”,
    “role[webserver]”
    node
    ntp
    client.rb
    openssh
    server.rb
    apache
    default.rb
    php
    default.rb
    Roles

    View Slide

  46. Server
    Server
    Server
    Server
    chef-server
    API
    chef-client
    “role[webserver]”
    node
    ntp
    client.rb
    openssh
    server.rb
    apache
    default.rb
    php
    default.rb
    Roles
    chef-client
    “role[database]”
    node
    ntp
    client.rb
    openssh
    server.rb
    mysql
    server.rb

    View Slide

  47. http://www.flickr.com/photos/kathycsus/2686772625
    Search
    • IP addresses
    • Hostnames
    • FQDNs
    • Search for nodes
    with Roles
    • Find configuration
    data

    View Slide

  48. pool_members = search("node","role:webserver”)
    template "/etc/haproxy/haproxy.cfg" do
    source "haproxy-app_lb.cfg.erb"
    owner "root"
    group "root"
    mode 0644
    variables :pool_members => pool_members.uniq
    notifies :restart, "service[haproxy]"
    end
    Pass results into Templates

    View Slide

  49. # Set up application listeners here.
    listen application 0.0.0.0:80
    balance roundrobin
    <% @pool_members.each do |member| -%>
    server <%= member[:hostname] %> <%= member[:ipaddress] %>:> weight 1 maxconn 1
    check
    <% end -%>
    <% if node["haproxy"]["enable_admin"] -%>
    listen admin 0.0.0.0:22002
    mode http
    stats uri /
    <% end -%>
    Pass results into Templates

    View Slide

  50. Jboss App
    Memcache
    Postgres Slaves
    Postgres Master
    So when this
    Nagios
    Graphite

    View Slide

  51. Jboss App
    Memcache
    Postgres Slaves
    Postgres Master
    Nagios
    Graphite
    Becomes this

    View Slide

  52. Jboss App
    Memcache
    Postgres Slaves
    Postgres Master
    Nagios
    Graphite
    This can happen automatically

    View Slide

  53. Nagios
    Graphite
    Count the resources
    Jboss App
    Memcache
    Postgres Slaves
    • Load balancer config
    • Nagios host ping
    • Nagios host ssh
    • Nagios host HTTP
    • Nagios host app health
    • Graphite CPU
    • Graphite Memory
    • Graphite Disk
    • Graphite SNMP
    • Memcache firewall
    • Postgres firewall
    Postgres authZ config
    • 12+ resource changes for 1 node addition

    View Slide

  54. http://www.flickr.com/photos/evelynishere/2798236471/
    CLONING CANNOT COPE WITH THIS
    • Chef can.

    View Slide

  55. Build anything
    • Simple internal applications
    • Complex internal applications
    • Workstations
    • Hadoop clusters
    • IaaS applications
    • PaaS applications
    • SaaS applications
    • Storage systems
    • You name it
    http://www.flickr.com/photos/hyku/245010680/

    View Slide

  56. And manage it simply
    http://www.flickr.com/photos/helico/404640681/
    • Automatically reconfigure
    everything
    • Load balancers
    • Metrics collection
    systems
    • Monitoring systems
    • Whatever
    • Cloud migrations
    become trivial

    View Slide

  57. Questions?
    [email protected]
    www.opscode.com

    View Slide