Configuration management withChef
Collections of Resources                 • Routes                 • Users• Networking     • Groups• Files          • Tasks...
Declarative Interface to Resources➔ Define policy➔ Say what, not how➔ Pull not Push
Search➔ Search for nodes with Roles➔ Find configuration data➔ IP addresses➔ Hostnames➔ FQDNs
Pass Results to Templatespool_members = search("node","role:webserver”)template "/etc/haproxy/haproxy.cfg" dosource "hapro...
Pass Results to Templates# Set up application listeners here.listen application 0.0.0.0:80balance roundrobin<% @pool_membe...
Attributes➔ OS attributes provided by ohai➔ Other attributes are configured by the installedcookbooks Attributes are mutab...
recipes/default.rbtemplate “/tmp/hello_world.txt” dosource “hello_world.txt.erb”variables :my_name => node[:my_name]mode 0...
When chef-client runs• Node authenticates with server• Libraries, attributes, definitions & recipesare synchronized• Libra...
Resources• The steps that make up a recipepackage “git-core” doaction :installend• Resources are implemented via Providers...
Remote files• Copying remote files is easyremote_file “/tmp/foo.png” dosource “foo.png”owner “root”group “root”mode 0444ac...
Files and templates are searched for in thefollowing order: FQDN, platform-version,platform, default• For Ubuntu 12.10:myh...
Useful thingsControl existence and attributes of a file,not its contentsfile “/tmp/whatever” doowner “root”group “root”mod...
Useful thingsControl system services from /etc/init.d and friends• We can en/disable, start, stop & restartservice “my_dae...
Useful thingsExecute arbitrary commandcommand “mysql-stuff” doexecute “/usr/bin/mysql </tmp/foo.sql”creates “/tmp/outfile....
Useful thingsbash, perl, python, ruby, cshbash “install_foo” douser “root”cwd “/tmp”code <<-EOCwget http://example.org/foo...
Notifies• Chain actionstemplate “/etc/my_daemon/my.cnf” dosource “my.cnf.erb”notifies :restart,resources(:service => “my_d...
NotifiesUseful for connecting to existing serviceshttp_request “say_hello” dourl “http://myserv.local/check_in”message :no...
Overriding attributes• In cookbook, easy enough to set a default• Per-node customizations can be made in the UI• To set ne...
Chef attributes can be overridden at multiple levels of organization, andwe can normalize our configuration items (e.g. no...
Data BagA data bag stores arbitrary information about the infrastructure in anested hash structure. Just like any other Ch...
Example: The Dev Environment{ "name": "dev","default_attributes": {   "apache2":{   "listen_ports": [     "80",        "44...
Example: The Dev Environment{ "name": "webserver","default_attributes": { },"json_class": "Chef::Role","env_run_lists": { ...
Using environments within recipesTo have different behaviour depending on the environment, usethe "chef_environment" metho...
Author●    Juan Vicente Herrera Ruiz de Alejo●    Juan.herrera@lumatagroup.com●    http://juanvicenteherrera.eu●    @jvice...
Upcoming SlideShare
Loading in …5
×

Configuration management with Chef

995 views

Published on

Practices examples of how to manage software configuration with Chef

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
995
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
1
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Configuration management with Chef

  1. 1. Configuration management withChef
  2. 2. Collections of Resources • Routes • Users• Networking • Groups• Files • Tasks• Directories • Packages• Symlinks • Software• Mounts • Services • Configurations • Other Stuff
  3. 3. Declarative Interface to Resources➔ Define policy➔ Say what, not how➔ Pull not Push
  4. 4. Search➔ Search for nodes with Roles➔ Find configuration data➔ IP addresses➔ Hostnames➔ FQDNs
  5. 5. Pass Results to Templatespool_members = search("node","role:webserver”)template "/etc/haproxy/haproxy.cfg" dosource "haproxy-app_lb.cfg.erb"owner "root"group "root"mode 0644variables :pool_members => pool_members.uniqnotifies :restart, "service[haproxy]"end
  6. 6. Pass Results to Templates# Set up application listeners here.listen application 0.0.0.0:80balance roundrobin<% @pool_members.each do |member| -%>server <%= member[:hostname] %> <%=member[:ipaddress] %>:> weight 1 maxconn 1check<% end -%><% if node["haproxy"]["enable_admin"] -%>listen admin 0.0.0.0:22002mode httpstats uri /<% end -%>
  7. 7. Attributes➔ OS attributes provided by ohai➔ Other attributes are configured by the installedcookbooks Attributes are mutable➔ attributes — variables➔ recipes — list of instructions (“resources”)➔ files — files used by resources➔ templates — ERB templates➔ definitions — macros of resources➔ libraries — Ruby to extend Chef DSL
  8. 8. recipes/default.rbtemplate “/tmp/hello_world.txt” dosource “hello_world.txt.erb”variables :my_name => node[:my_name]mode 00664action :createendSimple attributeattributes/my_name.rbmy_name “Juan Vicente”templates/default/hello_world.txt.erbHello, <%= @my_name %>, how are youtoday?Add the recipe to the node’s recipe list• Invoke chef-client• Default chef-client setup has client invokedperiodically
  9. 9. When chef-client runs• Node authenticates with server• Libraries, attributes, definitions & recipesare synchronized• Libraries, attributes, definitions & recipescompiled• Node state is converged• Everything happens on the node May be simply defined, e.g.my_name “Juan Vicente”• Allow overriding, e.g. unless attribute?my_name “Juan Vicente”(“my_name”)• List values are regular array
  10. 10. Resources• The steps that make up a recipepackage “git-core” doaction :installend• Resources are implemented via ProvidersPackagepackage "tar" doversion "1.16.1-1"action :installend• Action can be install, upgrade, remove,purge• Version is optional
  11. 11. Remote files• Copying remote files is easyremote_file “/tmp/foo.png” dosource “foo.png”owner “root”group “root”mode 0444action :createend• Where does the file live?
  12. 12. Files and templates are searched for in thefollowing order: FQDN, platform-version,platform, default• For Ubuntu 12.10:myhost.example.comubuntu-9.04ubuntuDefaultMore remote file fun• File source can be a URLsource “http://warez.com/thing.tgz”• Provide SHA256 hash to prevent needlessdownloading from chef-server each timechecksum “08da0021”
  13. 13. Useful thingsControl existence and attributes of a file,not its contentsfile “/tmp/whatever” doowner “root”group “root”mode “0644”action :createend• Other actions are touch, deletedirectory— analog of the File resourceremote_directory— recursive remotecopy
  14. 14. Useful thingsControl system services from /etc/init.d and friends• We can en/disable, start, stop & restartservice “my_daemon” dosupports :restart => trueaction [ :enable, :start ]EndUser• Group• Cron• Route• Mount
  15. 15. Useful thingsExecute arbitrary commandcommand “mysql-stuff” doexecute “/usr/bin/mysql </tmp/foo.sql”creates “/tmp/outfile.sql”environment {‘FOO’ => “bar”}action :runend
  16. 16. Useful thingsbash, perl, python, ruby, cshbash “install_foo” douser “root”cwd “/tmp”code <<-EOCwget http://example.org/foo.tgztar xvf foo.tgz && cd foo./configure && make installEOCend
  17. 17. Notifies• Chain actionstemplate “/etc/my_daemon/my.cnf” dosource “my.cnf.erb”notifies :restart,resources(:service => “my_daemon”)end• By default, notification postponed until end of run, add :immediately asfinal argument to overrideAction :nothing• If you want a resource to run only on a notify, specify action:nothingexecute "index-gem-repository" docommand "gem generate_index -d /srv/gems"action :nothingend
  18. 18. NotifiesUseful for connecting to existing serviceshttp_request “say_hello” dourl “http://myserv.local/check_in”message :node => node[:fqdn]action :postend
  19. 19. Overriding attributes• In cookbook, easy enough to set a default• Per-node customizations can be made in the UI• To set new defaults, override selectively in site-cookbooks Conditional resources• Use only_if and not_if to control resource execution• Takes either shell commands or Rubyblocks, e.g.only_if doIO.read(“/tmp/foo”).chomp == ‘bar’end
  20. 20. Chef attributes can be overridden at multiple levels of organization, andwe can normalize our configuration items (e.g. node attributes in Chef)into cookbook, environment, role or node defaults and overrides. Hereis the actual node attribute precedence from low to high:cookbook default < environment default < role default < node default <cookbook set < node set < cookbook override < role override <environment override < node overrideBy using this precedence rule, we can configure node attributes acrossour entire Chef environment with a single configuration change, oroverride one specific node’s attribute without making changes to therest of the environment.
  21. 21. Data BagA data bag stores arbitrary information about the infrastructure in anested hash structure. Just like any other Chef objects, it can beaccessed via RESTful API. A data bag does not belong to a specificChef environment, so it should be used to store truly globalconfiguration items. You can also encrypt a data bag to storesensitive information that you need to keep out of your source coderepository.For example root path for jboss, mysql, tomcat, applications... tohave the same path in all of the nodes
  22. 22. Example: The Dev Environment{ "name": "dev","default_attributes": { "apache2":{ "listen_ports": [ "80", "443" ] } },"json_class": "Chef::Environment","description": "","cookbook_versions": { "couchdb": "= 11.0.0" },"chef_type": "environment"}
  23. 23. Example: The Dev Environment{ "name": "webserver","default_attributes": { },"json_class": "Chef::Role","env_run_lists": { "_default": [ ], "production": [ ], "preprod":[ ], "test": [ "role[base]", "recipe[apache]" ], "dev":[ "role[base]", "recipe[apache]", "recipe[apache::copy_dev_configs]" ] },"run_list": [ "role[base]", "recipe[apache]" ], "description": "Thewebserver role", "chef_type": "role", "override_attributes": { }}
  24. 24. Using environments within recipesTo have different behaviour depending on the environment, usethe "chef_environment" method of the node object. This is aRuby method, not a Chef attribute. For example:file "/opt/data/testfile1.txt" domode "0644"content "A sample file."only_if { node.chef_environment == "dev"}end
  25. 25. Author● Juan Vicente Herrera Ruiz de Alejo● Juan.herrera@lumatagroup.com● http://juanvicenteherrera.eu● @jvicenteherrera● Skype: jvherrera.quimerus.es

×