geekaustin devops
DESCRIPTION
Chef 101 presentation from GeekAustin DevOps Series #1. Only about the first 60 of the slides were covered before we switched to Q&A.TRANSCRIPT
Copyright © 2011 Opscode, Inc - All Rights Reserved
Speaker:
‣ [email protected]‣ @mattray
Matt Ray Senior Technical Evangelist
1
Let’s Get Cooking with Chef
Copyright © 2011 Opscode, Inc - All Rights Reserved
Agenda
Chef 101Getting StartedCooking with Chef
2
Copyright © 2011 Opscode, Inc - All Rights Reserved 3http://www.flickr.com/photos/anotherphotograph/2100904507/sizes/o/
Developer, SysAdmin, Hacker, Community Manager
Many biz & dev environments
Opscode: Training, Services & Evangelism
Copyright © 2011 Opscode, Inc - All Rights Reserved
Developers?Systems Administrators?
http://www.flickr.com/photos/timyates/2854357446/sizes/l/
4
Copyright © 2011 Opscode, Inc - All Rights Reserved
The Opscode Platform is our Chef Server
5
http://www.opscode.com
Copyright © 2011 Opscode, Inc - All Rights Reserved 6http://www.brooklynstreetart.com/theBlog/wp-content/uploads/2008/12/swedish_chef_bork-sleeper-cell.jpg
Copyright © 2011 Opscode, Inc - All Rights Reserved 7
Copyright © 2011 Opscode, Inc - All Rights Reserved
Chef enables infrastructure as code
Manage configuration as idempotent Resources.Put them together in Recipes.Track it like Source Code.Configure your servers.
8
package "haproxy" do action :installend
template "/etc/haproxy/haproxy.cfg" do source "haproxy.cfg.erb" owner "root" group "root" mode 0644 notifies :restart, "service[haproxy]"end
service "haproxy" do action [:enable, :start]end
At a High Level...
‣ A library for configuration management
‣ A configuration management system
‣ A systems integration platform
‣ An API for your entire Infrastructure
http://www.flickr.com/photos/asten/2159525309/sizes/l/
Copyright © 2011 Opscode, Inc - All Rights Reserved
Fully automated Infrastructure
10
Copyright © 2011 Opscode, Inc - All Rights Reserved 11
Principles
IdempotentData-drivenSane defaultsHackabilityTMTOWTDI
Copyright © 2011 Opscode, Inc - All Rights Reserved
Multiple applications of an operation do not change the result
12http://www.flickr.com/photos/redjar/360111326/
Copyright © 2011 Opscode, Inc - All Rights Reserved
We start with APIs, you supply data
13http://www.flickr.com/photos/ninjanoodles/153893226/
Copyright © 2011 Opscode, Inc - All Rights Reserved
option :json_attribs, :short => "-j JSON_ATTRIBS", :long => "--json-attributes JSON_ATTRIBS", :description => "Load attributes from a JSON file or URL", :proc => nil
option :node_name, :short => "-N NODE_NAME", :long => "--node-name NODE_NAME", :description => "The node name for this client", :proc => nilDefaults are sane, but
easily changed14
Copyright © 2011 Opscode, Inc - All Rights Reserved
Open source and community
15
Copyright © 2011 Opscode, Inc - All Rights Reserved 16
Copyright © 2011 Opscode, Inc - All Rights Reserved
Tim Toady is a Perl motto
17http://www.flickr.com/photos/lidarose/225156612
Copyright © 2011 Opscode, Inc - All Rights Reserved
The world moves pretty fast
PrimitivesEnable YOUKnow your systems
18http://www.flickr.com/photos/gi/518613153/sizes/o/
Copyright © 2011 Opscode, Inc - All Rights Reserved
You better be ready!
Sysadmins are programmers You need a 3GL
19http://www.flickr.com/photos/gi/518613153/sizes/o/
Copyright © 2011 Opscode, Inc - All Rights Reserved
Do I need to know Ruby?
20
A littleSimple syntaxComplex as you scale
Copyright © 2011 Opscode, Inc - All Rights Reserved
A Tour of Chef
21
Copyright © 2011 Opscode, Inc - All Rights Reserved
Chef Client runs on your systems
22
Copyright © 2011 Opscode, Inc - All Rights Reserved
Chef Client runs on your systems
23
ohai!
Copyright © 2011 Opscode, Inc - All Rights Reserved
Clients talk to a Chef Server
24
Copyright © 2011 Opscode, Inc. – Confidential – Do Not Redistribute 25
Opscode Platformthe central, highly scalable, multi-tenant
configuration service from Opscode... a hosted Chef Server
Copyright © 2011 Opscode, Inc - All Rights Reserved
Clients authenticate with RSA keys
26http://www.flickr.com/photos/debbcollins/3401944550/
Copyright © 2011 Opscode, Inc - All Rights Reserved
Chef Server
27
CouchDB
API
SOLRAMQPIndexer
Chef Server
ClientInteraction
Search
Datastore
Copyright © 2011 Opscode, Inc - All Rights Reserved
RESTful API w/ JSON responses
28
Copyright © 2011 Opscode, Inc - All Rights Reserved
Chef can also stand alone - Chef Solo
29
Copyright © 2011 Opscode, Inc - All Rights Reserved http://www.flickr.com/photos/peterrosbjerg/3913766224/ 30
We call each system you configure a Node
Copyright © 2011 Opscode, Inc - All Rights Reserved
Nodes have Attributes
31
{ "kernel": { "machine": "x86_64", "name": "Darwin", "os": "Darwin", "version": "Darwin Kernel Version 10.4.0: Fri Apr 23 18:28:53 PDT 2010; root:xnu-1504.7.4~1/RELEASE_I386", "release": "10.4.0" }, "platform_version": "10.6.4", "platform": "mac_os_x", "platform_build": "10F569", "domain": "local", "os": "darwin", "current_user": "mray", "ohai_time": 1278602661.60043, "os_version": "10.4.0", "uptime": "18 days 17 hours 49 minutes 18 seconds", "ipaddress": "10.13.37.116", "hostname": "morbo", "fqdn": "morbomorbo.local", "uptime_seconds": 1619358 }
Kernel info!
Platform info!
Hostname and IP!
Copyright © 2011 Opscode, Inc - All Rights Reserved
Attributes are Searchable
32
$ knife search node ‘platform:mac_os_x’
search(:node, ‘platform:mac_os_x’)
Copyright © 2011 Opscode, Inc - All Rights Reserved
Nodes have a Run List
33
What Roles or Recipes to applyin Order
Copyright © 2011 Opscode, Inc - All Rights Reserved
Nodes have a Run List
34
% knife node show web01-prod.example.com -r{ "run_list": [ "role[production]", "role[webserver]" ]}
Copyright © 2011 Opscode, Inc - All Rights Reserved 35http://www.flickr.com/photos/laenulfean/374398044/
Nodes have Roles
Copyright © 2011 Opscode, Inc - All Rights Reserved
Roles
Describe the node
‣ webserver‣ dbserver‣ monitoring‣ ... etc
36
Copyright © 2011 Opscode, Inc - All Rights Reserved
Roles have a Run List
37
What Roles or Recipes to applyin Order
Copyright © 2011 Opscode, Inc - All Rights Reserved 38
name "webserver"description "Systems that serve HTTP traffic"
run_list( "role[base]", "recipe[apache2]", "recipe[apache2::mod_ssl]")
default_attributes( "apache" => { "listen_ports" => [ "80", "443" ] })
override_attributes( "apache" => { "max_children" => "50" })
Can includeother roles!
Copyright © 2011 Opscode, Inc - All Rights Reserved 39
% knife role show webserver { "name": "webserver", "default_attributes": { "apache": { "listen_ports": [ "80", "443" ] } }, "json_class": "Chef::Role", "run_list": [ "role[base]", "recipe[apache2]", "recipe[apache2::mod_ssl]" ], "description": "Systems that serve HTTP traffic", "chef_type": "role", "override_attributes": { "apache2": { "max_children": "50" } } }
Uploading roles tothe Chef Server
converts Ruby DSLto JSON!
Copyright © 2011 Opscode, Inc - All Rights Reserved
Roles are Searchable
40
$ knife search role ‘max_children:50’
search(:role, ‘max_children:50’)
Copyright © 2011 Opscode, Inc - All Rights Reserved
Chef manages Resources on Nodes
41
Resources...
‣ Have a type
‣ Have a name
‣ Have parameters
‣ Take action to put the resource in the declared state
package "apache2" do version "2.2.11-2ubuntu2.6" action :installend
template "/etc/apache2/apache2.conf" do source "apache2.conf.erb" owner "root" group "root" mode 0644 action :createend
Declare a description of the state a part of the node should be in
Copyright © 2011 Opscode, Inc - All Rights Reserved
Resources take action through Providers
43
Providers...
Multiple providers per resource type.
Know how to actually perform the actions specified by a resource.
Apt, Yum, Rubygems, Portage, Macports, FreeBSD Ports, etc.
http://www.flickr.com/photos/affableslinky/562950216/
Can be overridden with
the provider parameter on a
resource.
package "apache2" do provider "Chef::Provider::Package::Dpkg" action :installend
Resources
http://www.flickr.com/photos/acurbelo/2628837104/sizes/o/
Platform
Provider
Copyright © 2011 Opscode, Inc - All Rights Reserved 46
:ubuntu => { :default => { :package => Chef::Provider::Package::Apt, :service => Chef::Provider::Service::Debian, :cron => Chef::Provider::Cron, :mdadm => Chef::Provider::Mdadm }},
Chef::Platform
Copyright © 2011 Opscode, Inc - All Rights Reservedhttp://www.flickr.com/photos/roadsidepictures/2478953342/sizes/o/ 47
Recipes are lists of Resources
Recipes...Apply resources in the order they are specified
http://www.flickr.com/photos/roadsidepictures/2478953342/sizes/o/
package "apache2" do version "2.2.11-2ubuntu2.6" action :installend
template "/etc/apache2/apache2.conf" do source "apache2.conf.erb" owner "root" group "root" mode 0644 action :createend
1
2
‣ Evaluates resources in the order they appear
‣ Adds each resource to the Resource Collection
[ "package[apache2]", "template[/etc/apache2/apache2.conf]"]
1
2
Copyright © 2011 Opscode, Inc - All Rights Reserved
Order Matters
49
Copyright © 2011 Opscode, Inc - All Rights Reserved
Recipes are just Ruby!
50
extra_packages = case node[:platform] when "ubuntu","debian" %w{ ruby1.8 ruby1.8-dev rdoc1.8 ri1.8 libopenssl-ruby } end
extra_packages.each do |pkg| package pkg do action :install endend
Copyright © 2011 Opscode, Inc - All Rights Reserved
Cookbooks are packages for Recipes
51
Copyright © 2011 Opscode, Inc - All Rights Reserved
Cookbooks
DistributableInfrastructure as CodeVersion control repository
52
Copyright © 2011 Opscode, Inc - All Rights Reserved 53
Common Cookbook Components
RecipesAssets (files/templates)AttributesMetadata
Copyright © 2011 Opscode, Inc - All Rights Reserved
Cookbook assets
Files
‣ Static assets‣ Downloaded via cookbook_file‣ File specificity
Templates
‣ Dynamic assets‣ ERB (erubis)‣ File specificity
54
Copyright © 2011 Opscode, Inc - All Rights Reserved
Cookbooks
Attributes
‣ Node attributes‣ default, normal, override
55
default[:apache][:listen_ports] = [ "80","443" ]default[:apache][:keepalive] = "On"default[:apache][:contact] = "[email protected]"default[:apache][:timeout] = 300
set[:apache][:log_dir] = "/var/log/apache2"set[:apache][:user] = "www-data"
override[:apache][:dir] = "/etc/apache2"
Copyright © 2011 Opscode, Inc - All Rights Reserved
Metadatacookbooks/django/metadata.rbmaintainer "Opscode, Inc."maintainer_email "[email protected]"license "Apache 2.0"description "Installs DJango"long_description IO.read(File.join(File.dirname(__FILE__), 'README.rdoc'))version "0.8.0"
recipe "django", "Installs django and apache2 with mod_python"
%w{ ubuntu debian }.each do |os| supports osend
%w{ apache2 python }.each do |cb| depends cbend
56
Cookbooks
Copyright © 2011 Opscode, Inc - All Rights Reserved 57
Cookbooks are shareable!
cookbooks.opscode.com
Copyright © 2011 Opscode, Inc - All Rights Reserved
Data bags store arbitrary data
58
Copyright © 2011 Opscode, Inc - All Rights Reserved
% knife data bag show users mray{ "comment": "Matt Ray", "groups": "sysadmin", "ssh_keys": "ssh-rsa SUPERSEKRATS mray@morbo", "files": { ".bashrc": { "mode": "0644", "source": "dot-bashrc" }, ".emacs": { "mode": "0644", "source": "dot-emacs" } }, "id": "mray", "uid": 7004, "shell": "/usr/bin/bash" }
A user data bag item...
Copyright © 2011 Opscode, Inc - All Rights Reserved
Data Bags are Searchable
60
$ knife search users ‘shell:/bin/bash’
search(:users, ‘/bin/bash’)
Copyright © 2011 Opscode, Inc - All Rights Reserved
Data bags make recipes awesome-r (that’s
totally a word)
61
bash_users = search(:users, 'shell:/bin/bash')
bash_users.each do |u| user u['id'] do uid u['id'] shell "/usr/bin/zsh" comment u['comment'] supports :manage_home => true home "/home/#{u['id']}" end
directory "/home/#{u['id']}/.ssh" do owner u['id'] group u['id'] mode 0700 end
template "/home/#{u['id']}/.ssh/authorized_keys" do source "authorized_keys.erb" owner u['id'] group u['id'] mode 0600 variables :ssh_keys => u['ssh_keys'] endend
Copyright © 2011 Opscode, Inc - All Rights Reserved
Environments manage versioned infrastructure
62
Copyright © 2011 Opscode, Inc - All Rights Reserved
JSON or Ruby DSL and Versioned
63
name "dev"description "The development environment"cookbook_versions "couchdb" => "11.0.0"attributes "apache2" => { "listen_ports" => [ "80", "443" ] }
Copyright © 2011 Opscode, Inc - All Rights Reserved
Command-line API utility, Knife
64http://www.flickr.com/photos/myklroventine/3474391066/
Copyright © 2011 Opscode, Inc - All Rights Reserved
Nodes, Roles, Data Bags are Searchable
65
% knife search node “role:webserver”
search(:users, “group:sysadmins”)
Copyright © 2011 Opscode, Inc - All Rights Reserved 66http://www.flickr.com/photos/38299630@N05/3635356091/
Copyright © 2011 Opscode, Inc - All Rights Reserved
Getting Started
67http://www.flickr.com/photos/rowens27/3163470179/
Copyright © 2011 Opscode, Inc - All Rights Reserved
Platforms
68
Debian
Ubuntu
Gentoo
SuSEMac OS X
Solaris
Red Hat Fedora
CentOS
Windows
ArchLinux
Scientific
OpenBSD
FreeBSD
Copyright © 2011 Opscode, Inc - All Rights Reserved
Ruby
69http://www.flickr.com/photos/thisisbossi/3526698689/
Copyright © 2011 Opscode, Inc - All Rights Reserved
Today’s Examples
70
Opscode PlatformMac OS X 10.6.6Ubuntu 10.04RubyGems
Copyright © 2011 Opscode, Inc - All Rights Reserved
The Opscode Platform is our Chef Server
71
http://www.opscode.com
Copyright © 2011 Opscode, Inc - All Rights Reserved
RubyGems Installation
72
cd /tmpwget http://production.cf.rubygems.org/\rubygems/rubygems-1.3.7.tgz -O- | tar zxf -cd rubygems-1.3.7 && sudo ruby setup.rbln -svf /usr/bin/gem1.8 /usr/bin/gem
sudo gem install chef
Copyright © 2011 Opscode, Inc - All Rights Reserved
apt.opscode.com
73
Copyright © 2011 Opscode, Inc - All Rights Reserved
ELFF Yum Repo
74
Copyright © 2011 Opscode, Inc - All Rights Reserved 75
Create Chef Repository
% git clone git://github.com/opscode/chef-repo.git % cd chef-repo% ls -ladrwxr-xr-x 13 mray staff 442 Jul 7 16:48 ./drwxr-xr-x 3 mray staff 102 Jul 7 15:54 ../drwxr-xr-x 5 mray staff 170 Jul 7 17:55 .chef/drwxr-xr-x 12 mray staff 408 Jul 7 16:48 .git/-rw-r--r-- 1 mray staff 23 Jul 7 16:48 .gitignore-rw-r--r-- 1 mray staff 269 Jul 7 15:54 README-rw-r--r-- 1 mray staff 2171 Jul 7 15:54 Rakefiledrwxr-xr-x 3 mray staff 102 Jul 7 15:54 certificates/drwxr-xr-x 7 mray staff 238 Jul 7 17:03 config/drwxr-xr-x 3 mray staff 102 Jul 7 15:54 cookbooks/drwxr-xr-x 3 mray staff 102 Jul 7 15:54 data_bags/drwxr-xr-x 3 mray staff 102 Jul 7 15:54 roles/drwxr-xr-x 3 mray staff 102 Jul 7 15:54 site-cookbooks/
Copyright © 2011 Opscode, Inc - All Rights Reserved 76
Copyright © 2011 Opscode, Inc - All Rights Reserved
Setup User Environment
77
cp USERNAME.pem ~/chef-repo/.chefcp ORG-validator.pem ~/chef-repo/.chefcp knife.rb ~/chef-repo/.chef
Copyright © 2011 Opscode, Inc - All Rights Reserved
Configure Knife
78
% cat .chef/knife.rbcurrent_dir = File.dirname(__FILE__)log_level :infolog_location STDOUTnode_name "oscon"client_key "#{current_dir}/oscon.pem"validation_client_name "oscon-validator"validation_key "#{current_dir}/oscon-validator.pem"chef_server_url "https://api.opscode.com/organizations/oscon"cache_type 'BasicFile'cache_options( :path => "#{ENV['HOME']}/.chef/checksums" )cookbook_path ["#{current_dir}/../cookbooks"]
Per-directory configuration!
Copyright © 2011 Opscode, Inc - All Rights Reserved 79
Explore Knife’s sub-commands
Copyright © 2011 Opscode, Inc - All Rights Reserved
Knife Sub-commands
80
knife NOUN verb NOUN (options)
knife client listknife node show morbo.localknife role show webserverknife search node “*:*” -iknife --help
Copyright © 2011 Opscode, Inc - All Rights Reserved
Configure Chef on workstation
81
% knife configure client /etc/chefINFO: Creating client configurationINFO: Writing client.rbINFO: Writing validation.pem
% ls -l /etc/chef/total 24-rw-r--r-- 1 mray staff 151 Jul 8 21:29 client.rb-rw-r--r--@ 1 mray staff 1679 Jul 8 21:29 validation.pem
Copyright © 2011 Opscode, Inc - All Rights Reserved
Chef::Config
82
log_level :infolog_location STDOUTchef_server_url 'https://api.opscode.com/organizations/oscon'validation_client_name 'oscon-validator'
http://wiki.opscode.com/display/chef/Chef+Configuration+Settings
Copyright © 2011 Opscode, Inc - All Rights Reserved
Download getting-started cookbook
83
% knife cookbook site vendor getting-startedINFO: Downloading getting-started from the cookbooks site at version 0.2.0...INFO: Cookbook getting-started version 0.2.0 successfully vendored!
Copyright © 2011 Opscode, Inc - All Rights Reserved 84
Copyright © 2011 Opscode, Inc - All Rights Reserved 85
git checkout -b \chef-vendor-#{name_args[0]}
Copyright © 2011 Opscode, Inc - All Rights Reserved
Upload getting-started to Chef Server
86
% knife cookbook upload getting-startedINFO: Saving getting-startedINFO: Validating ruby filesINFO: Validating templatesINFO: Syntax OKINFO: Generating MetadataINFO: Uploading files...INFO: Upload complete!
Copyright © 2011 Opscode, Inc - All Rights Reserved
Apply getting-started Recipe to workstation
87
% knife node run list add morbo.local "recipe[getting-started]"{ "run_list": [ "recipe[getting-started]" ]}
Copyright © 2011 Opscode, Inc - All Rights Reserved
Run chef-client!
88
% sudo chef-client[Thu, 08 Jul 2010 21:35:49 -0600] INFO: Starting Chef Run[Thu, 08 Jul 2010 21:35:55 -0600] INFO: Writing updated content for template[/tmp/chef-getting-started.txt] to /tmp/chef-getting-started.txt[Thu, 08 Jul 2010 21:35:56 -0600] INFO: Chef Run complete in 6.650602 seconds
% cat /tmp/chef-getting-started.txtWelcome to Chef!
This is Chef version 0.9.14.beta.1Running on mac_os_x.Version 10.6.6.
Copyright © 2011 Opscode, Inc - All Rights Reserved
Inside the getting-started cookbook
89
Copyright © 2011 Opscode, Inc - All Rights Reserved 90http://www.flickr.com/photos/38299630@N05/3635356091/
Copyright © 2011 Opscode, Inc - All Rights Reserved
Cooking with Chef
91http://www.flickr.com/photos/mr_t_in_dc/3305638738/
Copyright © 2011 Opscode, Inc - All Rights Reserved
Chef Resources in Depth
92
cookbook_file
template
service
packagedeploy
git
http_request
link
ruby_block
logbash
execute
remote_file
user
Copyright © 2011 Opscode, Inc - All Rights Reserved
Resources have parameters and actions
93
Copyright © 2011 Opscode, Inc - All Rights Reserved
Resource Parameters and Actions
94
Most resources have defaultsDefaults are sane
‣ http://wiki.opscode.com/display/chef/Resources
Copyright © 2011 Opscode, Inc - All Rights Reserved
packages
95
package "apache2" do action :installend
Actions: install, upgrade, remove, purge
Copyright © 2011 Opscode, Inc - All Rights Reserved
Package shortcuts
96
Map to providersgem_packagedpkg_packagerpm_packageAnd more!
Copyright © 2011 Opscode, Inc - All Rights Reserved
services
97
Actions: enable, disable, start, stop, restart, reload
service "apache2" do action [ :enable, :start ]end
Copyright © 2011 Opscode, Inc - All Rights Reserved
init script capabilities
98
service "apache2" do supports( :status => true, :restart => true, :reload => true ) action [ :enable, :start ]end
Copyright © 2011 Opscode, Inc - All Rights Reserved
files
99
Actions: create, delete, touch
file "/etc/chef/client.rb" do owner "root" group "root" mode 0644 action :createend
Copyright © 2011 Opscode, Inc - All Rights Reserved
file content!
100
file "/tmp/example" do content "This is a file!"end
file "/tmp/example2" do content IO.read("/etc/hosts")end
Content is a string
Copyright © 2011 Opscode, Inc - All Rights Reserved
remote_file
101
Actions: create, create_if_missing
remote_file "/tmp/nginx-0.7.67.tar.gz" do source "http://sysoev.ru/nginx/nginx-0.7.67.tar.gz" action :create_if_missingend
Copyright © 2011 Opscode, Inc - All Rights Reserved
cookbook_file
102
cookbook_file "/etc/perl/CPAN/Config.pm" do source "Config-5.10.1.pm" owner "root" group "root" mode 0644end
Actions: create, create_if_missing, delete
Copyright © 2011 Opscode, Inc - All Rights Reserved
template
103
template "/etc/apache2/ports.conf" do source "ports.conf.erb" owner "root" group "root" mode 0644end
Actions: create
Copyright © 2011 Opscode, Inc - All Rights Reserved
local templates
104
template "/tmp/config.conf" do local true source "/tmp/config.conf.erb"end
Copyright © 2011 Opscode, Inc - All Rights Reserved
templates are ERB
105
<% node[:apache][:listen_ports].each do |port| -%>Listen <%= port %>NameVirtualHost *:<%= port %>
<% end -%>
Copyright © 2011 Opscode, Inc - All Rights Reserved
Cookbook and Template File Specificity
106
Copyright © 2011 Opscode, Inc - All Rights Reserved 107
preferences = [ File.join("host-#{fqdn}", "#{file_name}"), File.join("#{platform}-#{version}", "#{file_name}"), File.join("#{platform}", "#{file_name}"), File.join("default", "#{file_name}")]
host-node[:fqdn] node[:platform]-node[:version] node[:platform] default
files/web1prod.example.com files/ubuntu-9.10 files/ubuntu files/default
Copyright © 2011 Opscode, Inc - All Rights Reserved
execute
108
execute "apt-get update" do action :runend
Actions: run
Copyright © 2011 Opscode, Inc - All Rights Reserved 109
bash "compile_nginx_source" do cwd "/tmp" code <<-EOH tar zxf nginx-0.7.67.tar.gz cd nginx-0.7.67 && ./configure make && make install EOHend
Interpreters: bash, ruby, python, perl, csh
script
Copyright © 2011 Opscode, Inc - All Rights Reserved
ruby_block
110
Action: create
ruby_block "save the node" do block do node.save endend
Copyright © 2011 Opscode, Inc - All Rights Reserved
scm: git...
111
git "/srv/apps/chef" do repository "git://github.com/opscode/chef.git" reference "0.9.6" action :checkoutend
Actions: sync, checkout, export
Copyright © 2011 Opscode, Inc - All Rights Reserved 112
...and subversionsubversion "/srv/couchdb" do repository "http://svn.apache.org/repos/asf/couchdb/trunk" revision "HEAD" action :syncend
Actions: sync, checkout, export
Copyright © 2011 Opscode, Inc - All Rights Reserved
deploy
113
http://wiki.opscode.com/display/chef/Deploy+Resource
Actions: deploy, force_deploy, rollback
Copyright © 2011 Opscode, Inc - All Rights Reserved 114
deploy "/srv/radiant" do repo "git://github.com/radiant/radiant.git" revision "HEAD" user "railsdev" migrate true migration_command "rake db:migrate" environment "production" restart_command "touch tmp/restart.txt" action :deployend
Copyright © 2011 Opscode, Inc - All Rights Reserved
Meta-parameter madness!
115
Copyright © 2011 Opscode, Inc - All Rights Reserved
action :nothing
116
Copyright © 2011 Opscode, Inc - All Rights Reserved
not_if & only_if
117
Copyright © 2011 Opscode, Inc - All Rights Reserved 118
execute "runit-hup-init" do command "telinit q" only_if "grep ^SV /etc/inittab" action :nothingend
execute "rabbitmqctl add_vhost /chef" do not_if "rabbitmqctl list_vhosts| grep /chef"end
Enclose in quotes for shell commands or use a do..end or { } style ruby block
Copyright © 2011 Opscode, Inc - All Rights Reserved 119
Resource notificationtemplate "nginx.conf" do path "/etc/nginx/nginx.conf" source "nginx.conf.erb" owner "root" group "root" mode "0644" notifies :restart, resources(:service => "nginx")end
Copyright © 2011 Opscode, Inc - All Rights Reserved
supports
120
Copyright © 2011 Opscode, Inc - All Rights Reserved
Anatomy of a Chef Run
121
Copyright © 2011 Opscode, Inc - All Rights Reserved
Anatomy of a Chef Run
122
Node discoverySet the node nameRegister with server
Copyright © 2011 Opscode, Inc - All Rights Reserved
Anatomy of a Chef Run
Build node object‣ node.save
Synchronize cookbooks‣ node.save
Converge‣ node.save
123
Copyright © 2011 Opscode, Inc - All Rights Reserved
Chef Run Convergence
CompileExecute
124
Copyright © 2011 Opscode, Inc - All Rights Reserved
Development workflow with Chef
125http://www.flickr.com/photos/kylemay/1393258810/
Copyright © 2011 Opscode, Inc - All Rights Reserved
Development workflow
Gather requirementsWrite recipesCommit to repositoryRun Chef in testingRun Chef in production
126
Copyright © 2011 Opscode, Inc - All Rights Reserved 127http://www.flickr.com/photos/38299630@N05/3635356091/
Copyright © 2011 Opscode, Inc - All Rights Reserved
Automating the Cloud with Chef
128http://www.flickr.com/photos/46183897@N00/3442880227/sizes/l/
Copyright © 2011 Opscode, Inc - All Rights Reserved
Add your Cloud credentials to knife.rb
129
vi ~/chef-repo/.chef/knife.rb
# Cloud credentialsknife[:aws_access_key_id] = ENV['AWS_ACCESS_KEY_ID']knife[:aws_secret_access_key] = ENV['AWS_SECRET_ACCESS_KEY']
Copyright © 2011 Opscode, Inc - All Rights Reserved 130
Download some cookbooks
Uses the “vendor branch” pattern, so you can make changes and track the upstream
% knife cookbook site vendor nagios -dINFO: Downloading nagios from the cookbooks site at version 0.3.3...INFO: Cookbook nagios version 0.3.3 successfully vendored!INFO: Downloading apache2 from the cookbooks site at version 0.12.0INFO: Cookbook apache2 version 0.12.0 successfully vendored!
Copyright © 2011 Opscode, Inc - All Rights Reserved 131
Upload Cookbooks!
knife cookbook upload -a
These run as root, kids.Let’s not blindly trust the upstream too much!
Copyright © 2011 Opscode, Inc - All Rights Reserved 132
Build some roles
% vi roles/monitoring.rb
name "monitoring"description "Nagios monitoring server"
run_list( "role[base]”, “recipe[nagios::server]")
override_attributes( "apache" => { "allowed_openids" => "http://mray.myopenid.com/" })
Copyright © 2011 Opscode, Inc - All Rights Reserved 133
Upload Roles
% knife role from file roles/monitoring.rbWARN: HTTP Request Returned 404 Not Found: Cannot load role monitoringWARN: Updated Role monitoring!% ls rolesREADME base.rb monitoring.rb production.rb webserver.rb% rake roles(in /Users/mray/Development/oscon/chef-repo)WARN: HTTP Request Returned 404 Not Found: Cannot load role baseWARN: Updated Role base!WARN: Updated Role monitoring!WARN: HTTP Request Returned 404 Not Found: Cannot load role productionWARN: Updated Role production!WARN: HTTP Request Returned 404 Not Found: Cannot load role webserverWARN: Updated Role webserver!
Copyright © 2011 Opscode, Inc - All Rights Reserved
Launch a new Monitoring Server
134
knife ec2 server create ‘role[monitoring]’
Copyright © 2011 Opscode, Inc - All Rights Reserved
Chef runs on your new server
135
sudo chef-client
INFO: Starting Chef Run...INFO: Chef Run complete in 211.852033 seconds
Automatically.
Copyright © 2011 Opscode, Inc - All Rights Reserved
Shef is Chef in IRB
136
Copyright © 2011 Opscode, Inc - All Rights Reserved
www.opscode.comIRC and Mailing lists
‣ irc.freenode.net #chef‣ lists.opscode.com
Twitter:‣ @opscode, #opschef‣ @mattray
Questions?
Resources/Questions
137