(A Very Quick) Intro to Chef for PICConf '12. A technical look at the building blocks of Chef.

1. (A Very Quick) Intro To Chef
PICConf ’12
Mandi Walls
mandi@opscode.com

2. whoami
• Mandi Walls
• mandi@opscode.com
• @lnxchk

3. Chef is Configuration Management
A technical domain
revolving around
building and
managing
infrastructure
programmatically http://www.flickr.com/photos/neilt/530198191/

4. Enable the reconstruction
of the business from
nothing but a source code
repository, an application
data backup, and bare
metal resources.

5. Avoiding Snowflakes
• “That one host” you know you can’t rebuild if
it dies
• Untracked changes to systems, new
configurations
• Collections of bash, perl, python, whatever
• Cheatsheets, wiki pages, folklore on how to
build systems

6. Infrastructure as Code
• Logically group all the changes needed
to get systems into working order
• All the bits and pieces that you have to
remember to do after the OS is loaded
• 1.. N.. infinity
• Integrate systems programmatically

7. Managing the Various Pieces of Your
Environment
•Provision
•Configure
•Integrate

8. Managing the Various Pieces of Your
Environment
Load Balancer
•Provision
App Server { { App Server
•Configure
•Integrate
Database Master

9. What to Configure?

10. Goals!
• Idempotence
• Reasonability
• Sane Defaults
• Coordination
• Flexibility

11. Chef is Ruby
• Internal DSL
• Chef resources look like Ruby objects
• Chef can be extended using Ruby
• Chef tools like ohai and knife can also
be extended using Ruby

12. Chef Architecture
•Chef Server
•Chef Users
•Chef Nodes
•Knife
•chef-client

13. Chef Nodes
• Your hosts are “nodes” in Chef
• They are the authority on all info about
themselves
• This info is stored in a Ruby object
called “node” too
• Characteristics about the node are
called attributes

14. Node Object
{
"name": "www1.example.com", • JSON
"json_class": "Chef::Node", • Pushed to
"chef_type": "node", Chef Server
"chef_environment": "_default", • Indexed for
Searching
"automatic": { ... },
"default": { ... },
"normal": { ... },
"override": { ... },
"run_list": [ ... ]
}

15. Chef Building Blocks
• Resources
• Recipes
• Cookbooks
• Roles
• Environments

16. Chef Resources
package "haproxy" do
action :install
end
template "/etc/haproxy/haproxy.cfg" do
source "haproxy.cfg.erb"
owner "root"
group "root"
mode 0644
notifies :restart, "service[haproxy]"
end
service "haproxy" do
supports :restart => true
action [:enable, :start]
end

17. Chef Resources
package "haproxy" do
action :install
end
• Have a type. template "/etc/haproxy/haproxy.cfg" do
source "haproxy.cfg.erb"
owner "root"
group "root"
mode 0644
notifies :restart, "service[haproxy]"
end
service "haproxy" do
supports :restart => true
action [:enable, :start]
end

18. Chef Resources
package "haproxy" do
action :install
end
• Have a type. template "/etc/haproxy/haproxy.cfg" do
• Have a name. source "haproxy.cfg.erb"
owner "root"
group "root"
mode 0644
notifies :restart, "service[haproxy]"
end
service "haproxy" do
supports :restart => true
action [:enable, :start]
end

19. Chef Resources
package "haproxy" do
action :install
end
• Have a type. template "/etc/haproxy/haproxy.cfg" do
• Have a name. source "haproxy.cfg.erb"
• Have parameters.
owner "root"
group "root"
mode 0644
notifies :restart, "service[haproxy]"
end
service "haproxy" do
supports :restart => true
action [:enable, :start]
end

20. Chef Resources
package "haproxy" do
action :install
end
• Have a type. template "/etc/haproxy/haproxy.cfg" do
• Have a name. source "haproxy.cfg.erb"
• Have parameters.
owner "root"
group "root"
• Take action to put the
mode 0644
notifies :restart, "service[haproxy]"
resource in the declared end
state. service "haproxy" do
supports :restart => true
action [:enable, :start]
end

21. Chef Resources
package "haproxy" do
action :install
end
• Have a type. template "/etc/haproxy/haproxy.cfg" do
• Have a name. source "haproxy.cfg.erb"
• Have parameters.
owner "root"
group "root"
• Take action to put the
mode 0644
notifies :restart, "service[haproxy]"
resource in the declared end
state. service "haproxy" do
• Can send notifications to supports :restart => true
action [:enable, :start]
other resources. end

22. Resources and Providers
Resources take action
through Providers

23. Providers are Behind the Scenes
package “haproxy”
{ yum install haproxy
apt-get install haproxy
pacman sync haproxy
pkg_add -r haproxy

24. Recipes

25. Recipes are Collections of Resources
package "hadoop-#{hadoop_version}-namenode" do
action :install
end
template "/usr/lib/hadoop/conf/core-site.xml" do
source "core-site_xml.erb"
owner "hadoop"
group "hadoop"
mode 0644
end
service "hadoop-#{hadoop_version}-namenode" do
supports :restart => true, :start => true, :stop => true
end

26. Cookbooks are Collections of Recipes
• Each cookbook can have multiple
recipes
• namenode, datanode, jobtracker,
worker
• solr_master, solr_slave
• Configuration files, templates, libraries
• server.xml
• hdfs-site.xml
http://www.flickr.com/photos/pinkpollyanna/222517565/sizes/m/in/photostream/

27. Run Lists
• Tell the nodes what recipes to run
Node Name: ip-10-93-42-234.ec2.internal
Environment: _default
FQDN: ip-10-93-42-234.ec2.internal
IP: 23.22.80.76
Run List: role[base], role[webserver]
Roles: base, webserver
Recipes: apt, chef-client, apache2, webserver
Platform: ubuntu 10.04

28. Attributes
• Information about the node, the
applications, etc
• Set by ohai!
• Set by cookbooks, roles, environments,
or directly in recipes
• Applied with specific precedence

29. Node Attributes
$ knife node show ip-10-93-42-234.ec2.internal -a ec2
ec2:
...
hostname: ip-10-93-42-234.ec2.internal
instance_id: i-75b16813
instance_type: m1.small
kernel_id: aki-407d9529
local_hostname: ip-10-93-42-234.ec2.internal
local_ipv4: 10.93.42.234
placement_availability_zone: us-east-1b
profile: default-paravirtual
public_hostname: ec2-23-22-80-76.compute-1.amazonaws.com
public_ipv4: 23.22.80.76

30. Non-ohai Attributes
• Attributes can also come from roles, cookbooks,
and recipes
• Used for settings needed by the configuration
set['apache']['package'] = "httpd"
set['apache']['dir'] = "/etc/httpd"
set['apache']['log_dir'] = "/var/log/httpd"
set['apache']['error_log'] = "error.log"
set['apache']['user'] = "apache"
set['apache']['group'] = "apache"
set['apache']['binary'] = "/usr/sbin/httpd"
set['apache']['icondir'] = "/var/www/icons"
set['apache']['cache_dir'] = "/var/cache/httpd"

31. Roles
name "base"
description "Base role for all
servers"
run_list(
! "recipe[apt]",
! "recipe[fail2ban]",
! "recipe[chef-client]"
)
http://www.flickr.com/photos/ulteriorepicure/177506395/sizes/m/in/photostream/

32. Basic Resources

33. Basic Resources: package
package "tar" do
version "1.16.1-1"
action :install
end
package "portmap" do
action :remove
end
• Providers determine how to manage the
packages on every platform

34. Basic Resources: template
• Templates are rendered when the Chef client
runs on the node
• Interprets the values of variables, search
results, etc, to create dynamic configurations
template "/tmp/config.conf" do
source "config.conf.erb"
variables(
:config_var => node[:configs][:config_var]
)
end

35. Basic Resources: cookbook_file
cookbook_file "/tmp/testfile" do
source "testfile"
owner “root”
group “root”
mode "0644"
end

36. Basic Resources: directory
directory "/tmp/something" do
owner "root"
group "root"
mode "0755"
action :create
end
directory "C:tmpsomething.txt" do
rights :full_control, "DOMAINUser"
inherits false
action :create
end

37. Basic Resources: service
service "apache2" do
supports :restart => true
action :enable
end
template "/etc/apache2/apache2.conf" do
# ... other parameters
notifies :restart, "service[apache2]"
end

38. Other Common Resources
• User, Group
• Cron
• Execute: run arbitrary commands
• File: files already on the node
• Env (on Windows)
• HTTP Request
• Link

39. Reasoning About
Infrastructure

40. Reflection of Reality

41. Deciding on Cookbooks and Roles
• Each service in your infrastructure usually has its own
cookbook, or may have a collection of cookbooks in a
role
• A set of Tomcat servers may have a cookbook for java,
a cookbook for Tomcat, and a cookbook for application
code
• The java and tomcat cookbooks can be reused in
multiple applications
• A common practice is to include a base role for
universal configurations that should apply to all of your
nodes
• Security settings, DNS servers, local file repositories
• Members of the Chef community share cookbooks at

42. Environments
• Environments allow you to think about not just
groups of nodes running applications, but also
the larger infrastructure
• Every node belongs to only one environment
• Environments can be used to specify which
version of a cookbook to use on any node
assigned to the environment
• A common use of environments is assigning
nodes to “dev”, “qa”, “staging”, and “production”
• Each environment can be configured to use a
different version of the available cookbooks
• Attributes allow you to change settings based on
the environment

43. Reusability
Dev Environment
Node Name: devhost1
Environment: dev
FQDN: devhost1.mydomain.com
IP: 192.168.1.100
Run List: role[base], role[solr_master]
Roles: base, solr_master
Recipes: apt, fail2ban, chef-client, solr, solr::master
Platform: ubuntu 10.04
Prod Environment
Node Name: solr1
Environment: prod
FQDN: solr1.mydomain.com
IP: 192.168.10.50
Run List: role[base], role[solr_master]
Roles: base, solr_master
Recipes: apt, fail2ban, chef-client, solr, solr::master
Platform: ubuntu 10.04

44. Search
• All node data is indexed on the Chef server
• These indexes are available for searching from
knife and recipes
• Use search results to dynamically configure
integrated resources
search(:node, "role:webserver") do |match|
puts match["ipaddress"]
end

45. Managing
Infrastructure as Code

46. Chef Code Workflow
• You build recipes, cookbooks, roles, environments,
etc as files in your local Chef repository
• Check your code into source code control
• Upload your infrastructure to the Chef server with
knife
• Nodes get their configuration information when
they run chef-client
• Nodes can run chef-client as often or as rarely as
you need
• You can test in a variety of ways that suit your
infrastructure best

47. Incorporating Version Control System
• Employ the distributed version control
system of your choice
• Use what your team already knows! Chef
doesn’t require a specific system
• Git is popular, but SVN, Perforce, others
are used as well
• Decide on your testing, versioning, code
review practices as suit your team’s
needs

48. Try It Out

49. How to Get Chef
• Hosted Chef is a SaaS product hosted by
Opscode
• http://manage.opscode.com
• You can create an account and add up to five
nodes for free to try out chef
• Our new installer makes installing Chef on
nodes super easy!
• http://www.opscode.com/chef/install
• Provides a full stack, don’t worry about Ruby
version issues

50. More Info on Getting Started
• Our wiki: http://wiki.opscode.com
• Fast start guide:
• http://wiki.opscode.com/display/chef/Fast+Start
+Guide
• Our Community site: http://community.opscode.com
• Cookbooks in our Github account: http://github.com/
opscode/cookbooks
• The materials for our 3-day Chef Fundamentals class are
online:
• https://github.com/opscode/chef-fundamentals

51. Supported Platforms
Ubuntu (10.04, 10.10, 11.04, 11.10)
•Debian (5.0, 6.0)
•RHEL & CentOS (5.x, 6.x)
•Fedora 10+
•Mac OS X (10.4, 10.5, 10.6)
•Windows 7
•Windows Server 2003 R2, 2008 R2

52. Thanks, PICConf!!
• mandi walls
• mandi@opscode.com
• @lnxchk

53. Questions?
• On freenode: #chef and #chef-hacking
• http://lists.opscode.com
• http://tickets.opscode.com
• http://help.opscode.com
• @opscode and @opscode_status on Twitter