• Save
Configuration management with Chef
Upcoming SlideShare
Loading in...5

Like this? Share it with your network


Configuration management with Chef



Practices examples of how to manage software configuration with Chef

Practices examples of how to manage software configuration with Chef



Total Views
Views on SlideShare
Embed Views



1 Embed 1

http://www.linkedin.com 1



Upload Details

Uploaded via as OpenOffice

Usage Rights

CC Attribution License

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

Configuration management with Chef Presentation Transcript

  • 1. Configuration management withChef
  • 2. Collections of Resources • Routes • Users• Networking • Groups• Files • Tasks• Directories • Packages• Symlinks • Software• Mounts • Services • Configurations • Other Stuff
  • 3. Declarative Interface to Resources➔ Define policy➔ Say what, not how➔ Pull not Push
  • 4. Search➔ Search for nodes with Roles➔ Find configuration data➔ IP addresses➔ Hostnames➔ FQDNs
  • 5. Pass Results to Templatespool_members = search("node","role:webserver”)template "/etc/haproxy/haproxy.cfg" dosource "haproxy-app_lb.cfg.erb"owner "root"group "root"mode 0644variables :pool_members => pool_members.uniqnotifies :restart, "service[haproxy]"end
  • 6. Pass Results to Templates# Set up application listeners here.listen application roundrobin<% @pool_members.each do |member| -%>server <%= member[:hostname] %> <%=member[:ipaddress] %>:> weight 1 maxconn 1check<% end -%><% if node["haproxy"]["enable_admin"] -%>listen admin httpstats uri /<% end -%>
  • 7. Attributes➔ OS attributes provided by ohai➔ Other attributes are configured by the installedcookbooks Attributes are mutable➔ attributes — variables➔ recipes — list of instructions (“resources”)➔ files — files used by resources➔ templates — ERB templates➔ definitions — macros of resources➔ libraries — Ruby to extend Chef DSL
  • 8. recipes/default.rbtemplate “/tmp/hello_world.txt” dosource “hello_world.txt.erb”variables :my_name => node[:my_name]mode 00664action :createendSimple attributeattributes/my_name.rbmy_name “Juan Vicente”templates/default/hello_world.txt.erbHello, <%= @my_name %>, how are youtoday?Add the recipe to the node’s recipe list• Invoke chef-client• Default chef-client setup has client invokedperiodically
  • 9. When chef-client runs• Node authenticates with server• Libraries, attributes, definitions & recipesare synchronized• Libraries, attributes, definitions & recipescompiled• Node state is converged• Everything happens on the node May be simply defined, e.g.my_name “Juan Vicente”• Allow overriding, e.g. unless attribute?my_name “Juan Vicente”(“my_name”)• List values are regular array
  • 10. Resources• The steps that make up a recipepackage “git-core” doaction :installend• Resources are implemented via ProvidersPackagepackage "tar" doversion "1.16.1-1"action :installend• Action can be install, upgrade, remove,purge• Version is optional
  • 11. Remote files• Copying remote files is easyremote_file “/tmp/foo.png” dosource “foo.png”owner “root”group “root”mode 0444action :createend• Where does the file live?
  • 12. Files and templates are searched for in thefollowing order: FQDN, platform-version,platform, default• For Ubuntu 12.10:myhost.example.comubuntu-9.04ubuntuDefaultMore remote file fun• File source can be a URLsource “http://warez.com/thing.tgz”• Provide SHA256 hash to prevent needlessdownloading from chef-server each timechecksum “08da0021”
  • 13. Useful thingsControl existence and attributes of a file,not its contentsfile “/tmp/whatever” doowner “root”group “root”mode “0644”action :createend• Other actions are touch, deletedirectory— analog of the File resourceremote_directory— recursive remotecopy
  • 14. Useful thingsControl system services from /etc/init.d and friends• We can en/disable, start, stop & restartservice “my_daemon” dosupports :restart => trueaction [ :enable, :start ]EndUser• Group• Cron• Route• Mount
  • 15. Useful thingsExecute arbitrary commandcommand “mysql-stuff” doexecute “/usr/bin/mysql </tmp/foo.sql”creates “/tmp/outfile.sql”environment {‘FOO’ => “bar”}action :runend
  • 16. Useful thingsbash, perl, python, ruby, cshbash “install_foo” douser “root”cwd “/tmp”code <<-EOCwget http://example.org/foo.tgztar xvf foo.tgz && cd foo./configure && make installEOCend
  • 17. Notifies• Chain actionstemplate “/etc/my_daemon/my.cnf” dosource “my.cnf.erb”notifies :restart,resources(:service => “my_daemon”)end• By default, notification postponed until end of run, add :immediately asfinal argument to overrideAction :nothing• If you want a resource to run only on a notify, specify action:nothingexecute "index-gem-repository" docommand "gem generate_index -d /srv/gems"action :nothingend
  • 18. NotifiesUseful for connecting to existing serviceshttp_request “say_hello” dourl “http://myserv.local/check_in”message :node => node[:fqdn]action :postend
  • 19. Overriding attributes• In cookbook, easy enough to set a default• Per-node customizations can be made in the UI• To set new defaults, override selectively in site-cookbooks Conditional resources• Use only_if and not_if to control resource execution• Takes either shell commands or Rubyblocks, e.g.only_if doIO.read(“/tmp/foo”).chomp == ‘bar’end
  • 20. Chef attributes can be overridden at multiple levels of organization, andwe can normalize our configuration items (e.g. node attributes in Chef)into cookbook, environment, role or node defaults and overrides. Hereis the actual node attribute precedence from low to high:cookbook default < environment default < role default < node default <cookbook set < node set < cookbook override < role override <environment override < node overrideBy using this precedence rule, we can configure node attributes acrossour entire Chef environment with a single configuration change, oroverride one specific node’s attribute without making changes to therest of the environment.
  • 21. Data BagA data bag stores arbitrary information about the infrastructure in anested hash structure. Just like any other Chef objects, it can beaccessed via RESTful API. A data bag does not belong to a specificChef environment, so it should be used to store truly globalconfiguration items. You can also encrypt a data bag to storesensitive information that you need to keep out of your source coderepository.For example root path for jboss, mysql, tomcat, applications... tohave the same path in all of the nodes
  • 22. Example: The Dev Environment{ "name": "dev","default_attributes": { "apache2":{ "listen_ports": [ "80", "443" ] } },"json_class": "Chef::Environment","description": "","cookbook_versions": { "couchdb": "= 11.0.0" },"chef_type": "environment"}
  • 23. Example: The Dev Environment{ "name": "webserver","default_attributes": { },"json_class": "Chef::Role","env_run_lists": { "_default": [ ], "production": [ ], "preprod":[ ], "test": [ "role[base]", "recipe[apache]" ], "dev":[ "role[base]", "recipe[apache]", "recipe[apache::copy_dev_configs]" ] },"run_list": [ "role[base]", "recipe[apache]" ], "description": "Thewebserver role", "chef_type": "role", "override_attributes": { }}
  • 24. Using environments within recipesTo have different behaviour depending on the environment, usethe "chef_environment" method of the node object. This is aRuby method, not a Chef attribute. For example:file "/opt/data/testfile1.txt" domode "0644"content "A sample file."only_if { node.chef_environment == "dev"}end
  • 25. Author● Juan Vicente Herrera Ruiz de Alejo● Juan.herrera@lumatagroup.com● http://juanvicenteherrera.eu● @jvicenteherrera● Skype: jvherrera.quimerus.es