Upgrade to Pro — share decks privately, control downloads, hide ads and more …

chef talk at DevOps Singapore

chef talk at DevOps Singapore

claudiomettler

May 15, 2014
Tweet

More Decks by claudiomettler

Other Decks in Programming

Transcript

  1. ME ME ME ME • In Singapore since mid-2013 •

    CtrlM • Focusing on: ruby/rails, objC, JS and PHP • [email protected] 2
  2. use cases • distributed development environments (with vagrant) • large

    server infrastructure, physical or IaaS • Phoenix Servers: http://martinfowler.com/bliki/ PhoenixServer.html and http://martinfowler.com/ bliki/SnowflakeServer.html 3
  3. 4

  4. chef in general • ist mostly ruby • makes use

    of domain specific languages • partly open source (apache license) • in active development 5
  5. chef server • stores cookbooks, roles, node data • can

    be queried • hosted: enterprise chef • self-hosted: enterprise chef, open source chef (64 bit only) • differences: ACL, organizations, LDAP, nicer UI and obviously less hassle 6
  6. chef client • runs on instance to be provisioned (called

    a node) • communicates with server • self-registers node • has a run list • gets cookbooks and other configuration information • idempotently brings node into desired state 8
  7. chef-client: how does it get there? • knife bootstrap •

    knife ec2, knife do etc. • manual installation/deliver with image • new: chef metal 9
  8. ohai • part of chef-client • finds out useful things

    about the node it runs on • information will then be stored in the node object 10
  9. chef workstation • used for: • authoring cookbooks • managing

    cookbooks, roles, databags etc. • bootstrapping nodes (ssh) • uploading cookbooks etc. to server • main tool: knife • state kept in scm (most likely git) 11
  10. cookbooks • collection of recipes, attributes and metadata (and other

    stuff) • can have dependencies • usually has a “default” recipe • community cookbooks and home made cookbooks • examples: apache2, mysql, mywebapp 12
  11. community cookbooks vs. DIY • community cookbooks try to run

    everywhere • try running apache cookbook on ubuntu 14.04 though… • lots of platform specific code • lots of configurability • decide on a case-by-case basis • do NOT automatically update 13
  12. roles • attributes + a run list • expands to

    attributes + a list of recipes 15
  13. chef-solo • server-less chef client mode • does not store

    node data • use case: simple (one-server) projects, development environments, testing, deploying chef-server 16
  14. chef-zero • in-memory chef server • does not do authentication

    • mainly for development and testing 17
  15. one more thing: berkshelf • downloads cookbooks • resolves dependencies

    • uploads to server • manages cookbooks locally • part of chef development kit (chef-dk) 18
  16. cloud services • knife ec2 server create -r "role[webserver]" -I

    ami-2d4aa444 --flavor m1.small -G www,default - x ubuntu -N server01 • knife digital_ocean droplet create --server-name awesome-vm2.chef.io --image 25306 --location 4 --size 66 --ssh-keys 1234,1235 --bootstrap --run- list "role[base],role[webserver]" 20
  17. 21

  18. resources • “A resource defines the desired state for a

    single configuration item present on a node that is under management by Chef.”
 (http://docs.opscode.com/resource.html) • Examples: system user, folders, files, packages, execute, deploy • has: attributes, actions, guards, guard interpreters 23
  19. providers • the code behind a resource • can depend

    on the OS (etc.) on the node • example: “package” resource may use: apt/ dpkg, rpm, gem etc. • sometimes you still need to handle different OS/ distributions (example: apache package) 24
  20. LWRP • lightweight resource/provider • a more declarative/DSL way to

    create resources/ providers • can be supplied by cookbooks 25
  21. attributes • in the end make up the node object

    • sources: ohai, attribute files, recipes, environments, roles • types: default, force_default, normal, override, force_override, automatic • become one big json-style tree 27
  22. attribute precedence • A default attribute located in a cookbook

    attribute file • A default attribute located in a recipe • A default attribute located in an environment • A default attribute located in role • A force_default attribute located in a cookbook attribute file • A force_default attribute located in a recipe • A normal attribute located in a cookbook attribute file • A normal attribute located in a recipe • An override attribute located in a cookbook attribute file • An override attribute located in a recipe • An override attribute located in a role • An override attribute located in an environment • A force_override attribute located in a cookbook attribute file • A force_override attribute located in a recipe • An automatic attribute identified by Ohai at the start of the chef-client run 28
  23. attribute precedence, simplified • default, force_default, normal, override, force_override, automatic

    • cookbook, recipe, role, environment • automatic comes from ohai only 29
  24. my little cookbook • deploy a static website • use

    the webapp definition from the apache cookbook • configurable via attribute 30
  25. let’s iterate • we want 2 different sites. or maybe

    3? • maybe we should have a dev environment? 32
  26. data bags • have a name • contain named items

    • items are JSON style data • globally available • can be encrypted 33
  27. environments • default environment is called _default • _default can’t

    really be modified • other environments can contain attributes and cookbook version constraints 34
  28. chef metal • very new (version 0.10.2) • machine resource

    • abstracts cloud, VMs, Containers etc. • allows you to put a cluster configuration into a file 38
  29. what else? • testing: • test-kitchen for integration testing across

    various platforms (using vagrant, usually) • ChefSpec: RSpec based unit testing • both are part of chef-dk • querying the server 39