Chef

Chef
Introduction and overview to managing your
systems
Adrian Moisey

Why Chef (or puppet or Bcfg2 or
CFEngine)?
- Infrastructure as code

CFEngine)?
- Reproducible

CFEngine)?
- Reproducible
- Version control (SCM)

CFEngine)?
- Reproducible
- Removes the human factor

CFEngine)?
- Reproducible
- Removes the human factor
- Tests

Basic Chef Architecture
- Executes various "recipes" which configure
your system in the desired way

- A node definition is required in order for chef
to know which recipes to run and with which
attributes to run them

- A node definition is required in order for chef
to know which recipes to run and with which
attributes to run them
- Allows you to decide what and how
components are configured using attributes,
environment definitions and node definitions.

Server/client:
- chef-server stores all your cookbooks,
environments, roles and nodes

Server/client:
- chef-client connects and gets given the
relevant cookbooks and attributes from chef-
server and executes them

Server/client:
- chef-client connects and gets given the
relevant cookbooks and attributes from chef-
server and executes them
You can run your own server or use the
opscode hosted chef (for a fee)

Chef-solo:
- Standalone, doesn't connect to a server

Chef-solo:
- Uses static cookbooks and nodes on the local
filesystem

Chef-solo:
- Uses static cookbooks and nodes on the local
filesystem
- Unable to perform searches (because nodes
are stand-alone with no central directory)

Cookbook
From the wiki:
A cookbook is the fundamental unit of
configuration and policy distribution in Chef.
Each cookbook defines a scenario, such as
everything needed to install and configure
MySQL, and then it contains all of the
components that are required to support that
scenario.

Cookbook
Can contain:
- recipes
- attributes
- providers
- definitions
- templates
- files
- metadata
http://docs.opscode.
com/essentials_cookbooks.html

Cookbook
$ cat cookbooks/ntp/recipe/default.rb
['openntpd','ntpdate'].each do |p|
package p do
action :install
end
end
template 'ntpd.conf' do
path '/etc/openntpd/ntpd.conf'
source 'ntpd.conf.erb'
owner 'root'
group 'root'
mode 0600
notifies :restart, 'service[openntpd]'
end

Cookbook
$ cat cookbooks/ntp/attributes/default.rb
default[:ntp][:servers] = [
"0.pool.ntp.org",
"1.pool.ntp.org",
"2.pool.ntp.org",
"3.pool.ntp.org"
]

Role
$ cat roles/ntp.rb
name "ntp"
description "Install openntpd"
run_list("recipe[ntp]")

Environment
$ cat environments/cluster01.rb
name "cluster01"
description "Cluster 01"
default_attributes({
:ntp => {
:servers => [
"ntp01.mycorp.com",
"ntp02.mycorp.com"
]
}
})
cookbook_versions({
"ntp" => "0.0.1"
})

Nodes
$ cat nodes/server01.mycorp.com.json
{
"chef_type": "node",
"name": "server01.mycorp.com",
"normal": {},
"default": {},
"chef_environment": "cluster01",
"run_list": [ "role[ntp]" ],
"override": {},
"json_class": "Chef::Node",
"automatic": {}
}

Knife
Knife is a command-line tool that provides an
interface between a local Chef repository and
the Chef Server.
Examples:
knife cookbook upload apache2
knife node edit web1.mycorp.com
knife list clients
knife search node 'role:web' -a fqdn

Upload all of this to the chef-server
$ knife cookbook upload ntp -o cookbooks/
$ knife role from file roles/ntp.rb
$ knife environment from file environment/cluster01.rb

Data bags
- global variable
- stored in JSON
- accessible from the chef server
- can be searched
- can also be encrypted
For example: to store all your users

Community cookbooks
https://github.com/opscode-cookbooks/
apache, chef-server, chef-client, mysql, build-
essential, cron, php, nagios, logrotate, erlang,
python, jenkins, squid, iptables, samba,
unicorn, munin, jira, screen, tftp

Community cookbooks - tips
- Use the community cookbooks unmodified

- Write wrapper cookbooks around them - most
of them were designed with this in mind

- Write wrapper cookbooks around them - most
of them were designed with this in mind
- Send bug fixes upstream

Cookbook versioning
- Cookbooks can contain versions

Cookbook versioning
- Cookbooks can depend on specific versions
of other cookbooks

Cookbook versioning
- Cookbooks can depend on specific versions
of other cookbooks
- Different environments can depend on
different versions of cookbooks (allows you to
have 0.0.2 in testing and 0.0.1 in production)

Tests
- foodcritic: linting tool which checks against a
community list of rules

Tests
- chef-spec: unit tests for recipe code (not
functional)

Tests
- chef-spec: unit tests for recipe code (not
functional)
- test-kitchen: Framework for running
integration tests in an isolated environment (<3
vagrant)

Live demo!
- Remove a Yola employee
- Create a pull request
- Push it to the chef-server
- Ensure that it has been done
- Take a look at some things that knife can do

Some cool things
- chef-solo can run the chef-server cookbook in
order to bootstrap your chef-server
- knife ec2 allows you to create an EC2
instance and configure it as a chef-client

The End
Questions?
Thanks to Jonathan for help with the slides

Chef

Recomendados

Recomendados

Mais conteúdo relacionado

Mais procurados

Mais procurados (20)

Semelhante a Chef

Semelhante a Chef (20)

Último

Último (20)

Chef