Chef
1 like•1,715 views
This document provides an introduction to using Chef for infrastructure configuration management. It describes key aspects of the Chef architecture including cookbooks, recipes, attributes, roles, environments, nodes, and the chef-client/server model. Cookbooks contain configuration code and metadata to describe scenarios like installing MySQL. Recipes define specific configuration steps. Attributes customize configurations. Roles assign recipes to nodes. Environments define attribute configurations. The chef-server stores all configuration data and the chef-client executes configurations. The document also discusses community cookbooks, versioning, testing tools, and performing a live demo.
![Cookbook
$ cat cookbooks/ntp/recipe/default.rb
['openntpd','ntpdate'].each do |p|
package p do
action :install
end
end
template 'ntpd.conf' do
path '/etc/openntpd/ntpd.conf'
source 'ntpd.conf.erb'
owner 'root'
group 'root'
mode 0600
notifies :restart, 'service[openntpd]'
end](https://image.slidesharecdn.com/chef-130724035202-phpapp01/85/Chef-18-320.jpg)
![Cookbook
$ cat cookbooks/ntp/attributes/default.rb
default[:ntp][:servers] = [
"0.pool.ntp.org",
"1.pool.ntp.org",
"2.pool.ntp.org",
"3.pool.ntp.org"
]](https://image.slidesharecdn.com/chef-130724035202-phpapp01/85/Chef-19-320.jpg)
![Role
$ cat roles/ntp.rb
name "ntp"
description "Install openntpd"
run_list("recipe[ntp]")](https://image.slidesharecdn.com/chef-130724035202-phpapp01/85/Chef-20-320.jpg)
![Environment
$ cat environments/cluster01.rb
name "cluster01"
description "Cluster 01"
default_attributes({
:ntp => {
:servers => [
"ntp01.mycorp.com",
"ntp02.mycorp.com"
]
}
})
cookbook_versions({
"ntp" => "0.0.1"
})](https://image.slidesharecdn.com/chef-130724035202-phpapp01/85/Chef-21-320.jpg)
![Nodes
$ cat nodes/server01.mycorp.com.json
{
"chef_type": "node",
"name": "server01.mycorp.com",
"normal": {},
"default": {},
"chef_environment": "cluster01",
"run_list": [ "role[ntp]" ],
"override": {},
"json_class": "Chef::Node",
"automatic": {}
}](https://image.slidesharecdn.com/chef-130724035202-phpapp01/85/Chef-22-320.jpg)
Chef
- 1. Chef Introduction and overview to managing your systems Adrian Moisey
- 2. Why Chef (or puppet or Bcfg2 or CFEngine)? - Infrastructure as code
- 3. Why Chef (or puppet or Bcfg2 or CFEngine)? - Infrastructure as code - Reproducible
- 4. Why Chef (or puppet or Bcfg2 or CFEngine)? - Infrastructure as code - Reproducible - Version control (SCM)
- 5. Why Chef (or puppet or Bcfg2 or CFEngine)? - Infrastructure as code - Reproducible - Version control (SCM) - Removes the human factor
- 6. Why Chef (or puppet or Bcfg2 or CFEngine)? - Infrastructure as code - Reproducible - Version control (SCM) - Removes the human factor - Tests
- 7. Basic Chef Architecture - Executes various "recipes" which configure your system in the desired way
- 8. Basic Chef Architecture - Executes various "recipes" which configure your system in the desired way - A node definition is required in order for chef to know which recipes to run and with which attributes to run them
- 9. Basic Chef Architecture - Executes various "recipes" which configure your system in the desired way - A node definition is required in order for chef to know which recipes to run and with which attributes to run them - Allows you to decide what and how components are configured using attributes, environment definitions and node definitions.
- 10. Basic Chef Architecture Server/client: - chef-server stores all your cookbooks, environments, roles and nodes
- 11. Basic Chef Architecture Server/client: - chef-server stores all your cookbooks, environments, roles and nodes - chef-client connects and gets given the relevant cookbooks and attributes from chef- server and executes them
- 12. Basic Chef Architecture Server/client: - chef-server stores all your cookbooks, environments, roles and nodes - chef-client connects and gets given the relevant cookbooks and attributes from chef- server and executes them You can run your own server or use the opscode hosted chef (for a fee)
- 13. Basic Chef Architecture Chef-solo: - Standalone, doesn't connect to a server
- 14. Basic Chef Architecture Chef-solo: - Standalone, doesn't connect to a server - Uses static cookbooks and nodes on the local filesystem
- 15. Basic Chef Architecture Chef-solo: - Standalone, doesn't connect to a server - Uses static cookbooks and nodes on the local filesystem - Unable to perform searches (because nodes are stand-alone with no central directory)
- 16. Cookbook From the wiki: A cookbook is the fundamental unit of configuration and policy distribution in Chef. Each cookbook defines a scenario, such as everything needed to install and configure MySQL, and then it contains all of the components that are required to support that scenario.
- 17. Cookbook Can contain: - recipes - attributes - providers - definitions - templates - files - metadata http://docs.opscode. com/essentials_cookbooks.html
- 18. Cookbook $ cat cookbooks/ntp/recipe/default.rb ['openntpd','ntpdate'].each do |p| package p do action :install end end template 'ntpd.conf' do path '/etc/openntpd/ntpd.conf' source 'ntpd.conf.erb' owner 'root' group 'root' mode 0600 notifies :restart, 'service[openntpd]' end
- 19. Cookbook $ cat cookbooks/ntp/attributes/default.rb default[:ntp][:servers] = [ "0.pool.ntp.org", "1.pool.ntp.org", "2.pool.ntp.org", "3.pool.ntp.org" ]
- 20. Role $ cat roles/ntp.rb name "ntp" description "Install openntpd" run_list("recipe[ntp]")
- 21. Environment $ cat environments/cluster01.rb name "cluster01" description "Cluster 01" default_attributes({ :ntp => { :servers => [ "ntp01.mycorp.com", "ntp02.mycorp.com" ] } }) cookbook_versions({ "ntp" => "0.0.1" })
- 22. Nodes $ cat nodes/server01.mycorp.com.json { "chef_type": "node", "name": "server01.mycorp.com", "normal": {}, "default": {}, "chef_environment": "cluster01", "run_list": [ "role[ntp]" ], "override": {}, "json_class": "Chef::Node", "automatic": {} }
- 23. Knife Knife is a command-line tool that provides an interface between a local Chef repository and the Chef Server. Examples: knife cookbook upload apache2 knife node edit web1.mycorp.com knife list clients knife search node 'role:web' -a fqdn
- 24. Upload all of this to the chef-server $ knife cookbook upload ntp -o cookbooks/ $ knife role from file roles/ntp.rb $ knife environment from file environment/cluster01.rb
- 25. Data bags - global variable - stored in JSON - accessible from the chef server - can be searched - can also be encrypted For example: to store all your users
- 26. Community cookbooks https://github.com/opscode-cookbooks/ apache, chef-server, chef-client, mysql, build- essential, cron, php, nagios, logrotate, erlang, python, jenkins, squid, iptables, samba, unicorn, munin, jira, screen, tftp
- 27. Community cookbooks - tips - Use the community cookbooks unmodified
- 28. Community cookbooks - tips - Use the community cookbooks unmodified - Write wrapper cookbooks around them - most of them were designed with this in mind
- 29. Community cookbooks - tips - Use the community cookbooks unmodified - Write wrapper cookbooks around them - most of them were designed with this in mind - Send bug fixes upstream
- 30. Cookbook versioning - Cookbooks can contain versions
- 31. Cookbook versioning - Cookbooks can contain versions - Cookbooks can depend on specific versions of other cookbooks
- 32. Cookbook versioning - Cookbooks can contain versions - Cookbooks can depend on specific versions of other cookbooks - Different environments can depend on different versions of cookbooks (allows you to have 0.0.2 in testing and 0.0.1 in production)
- 33. Tests - foodcritic: linting tool which checks against a community list of rules
- 34. Tests - foodcritic: linting tool which checks against a community list of rules - chef-spec: unit tests for recipe code (not functional)
- 35. Tests - foodcritic: linting tool which checks against a community list of rules - chef-spec: unit tests for recipe code (not functional) - test-kitchen: Framework for running integration tests in an isolated environment (<3 vagrant)
- 36. Live demo! - Remove a Yola employee - Create a pull request - Push it to the chef-server - Ensure that it has been done - Take a look at some things that knife can do
- 37. Some cool things - chef-solo can run the chef-server cookbook in order to bootstrap your chef-server - knife ec2 allows you to create an EC2 instance and configure it as a chef-client
- 38. The End Questions? Thanks to Jonathan for help with the slides