Cooking with Chef

Cooking with ChefServer management made easy

Me?Ken RobertsonSenior Software Engineer at InvolverInvolver builds a social media marketing platformSpecialize in our platform’s reliability,performance, and scalability

Our Chef Usage10 separate environments120+ serversAll managed with ChefOne Operations Engineer, Two Developers

What is Chef?Server management and configuration in RubyDeveloped by OpsCodeAdopted by Engine Yard, 37signals, and moreApache License

Chef isn’t aloneCFEngine: http://cfengine.com/Puppet: http://www.puppetlabs.com/http://en.wikipedia.org/wiki/Comparison_of_open_source_configuration_management_software

Why use Chef?Repeatable system provisioningManual tweaks are not repeatableEase scalingAvoid vendor lock-in

Chef is RepeatableContinuous configuration managementEnsure system complianceRecovery from failures

Chef Flavorschef-solo Single instancechef-server Cluster, centrally managed

Chef’s ToolkitCookbooks RecipesAttributes

Recipes areeverywhere!Open source - Engine Yard, 37signals, OpsCodeOne offs for specific configurationsApproach with caution

Recipe ingredients:Sub-recipesResourcesAttributesDefinitionsStatic resourcesTemplates

Resources

Resources - Examplesexecute "some-descriptive-text" do command "uptime"end

Resources - Exampleslink "/usr/local/bin/foo" do to "/usr/src/foo-#{version}/bin/foo"end

Resources - Examplesdirectory "/home/foo/apps/bar" do owner "foobar" group "foobar" recursive trueend

Resources - Examplespackage "mongodb" version "1.2.3" action :installend

Resources - Examplespackage "mongodb" action :install, :upgradeend

Resources - Examplesservice "nginx" do supports :status => false, :start => true, :restart => true, :reload => true action [ :enable, :start ]end

Resources - Examplescookbook_file "/etc/profile" do owner "root" group "root" mode 644 source "profile"end

Resources - Examplescookbook_file "/etc/profile" do owner "root" group "root" mode 644 source "http://safesite.com/files/profile"end

Resources - Examplestemplate "/etc/hosts" do owner "root" group "root" mode 644 source "hosts.erb" variables(:one => 1, :two => 2)end

Resources - Examplescron "clear_tmp_files_older_than_a_day" do hour 0 minute 0 user "root" command "do_something"end

Resources - Conditionsexecute "install-rubygems-for-jruby" do command %Q{ curl http://production.cf.rubygems.org/rubygems/rubygems-1.3.7.tgz -O && tar xvzf rubygems-1.3.7.tgz && pushd rubygems-1.3.7 && jruby ./setup.rb && popd && rm rubygems-1.3.7.tgz && rm -r rubygems-1.3.7 } only_if { %x{jruby -S gem --version}.chomp !=1.3.7 }end

Results/Expectationsexecute install passenger and nginx do command %Q{ wget -N http://site/file.tar.gz && tar -xvvf file.tar.gz && passenger-install-nginx-module ... } creates /data/nginx/sbin/nginxend

Triggerstemplate "/etc/nginx/apps/#{params[:name]}.conf" do source "#{params[:name]}.nginx.erb" owner node[:user] group node[:user] mode 0644 variables( :stage => params[:stage], :name => params[:name] ) notifies :reload, "service[nginx]", :delayedend

Triggersexecute "mysql-create-database" do ... action :nothingendtemplate "/tmp/mysql-#{params[:name]}.sql" do source "create-database.sql.erb" variables(:params => params) notifies :run, resources(:execute => "mysql-create-database"), :immediatelyend

AttributesRuntime configuration valuesDefine defaultsPass in at runtime (as JSON)Available through through the ‘node’ variable

Default Attributescookbooks/myrecipe/attributes/*.rb:nginx_user "www-data"nginx_port "80" => node[:nginx_user] => node[:nginx_port]nginx { :user => www-data, :port => 80 } => node[:nginx][:user] => node[:nginx][:port]

Merging Attributesdefault.mysql[:bindir] = /usr/local/mysql,default.mysql[:root] = /data/mysql,default.mysql[:uid] = mysql,default.mysql[:gid] = mysql,default.mysql[:group_name] = mysql,default.mysql[:version] = 5.1.47node[:mysql][:version]

Runtime Attributes{ "nginx_user": "www-data", "nginx_port": 80, "nginx": { "user": "www-data", "port": 80 }}

Runtime Attributes{ "mysql": { "version": "5.1.47", "config": { "log_slave_updates": true, "auto_increment_increment": "2" } }}

DefinitionsMini-recipesRepeatable blocks or sub-functionsDefinitions sub-directory of recipecookbooks/myrecipe/definitions

Definitionslink "/usr/local/bin/foo" do to "/usr/src/foo-#{version}/bin/foo"end

Definitionsfor db in node[:mysql][:databases] do mysql_database db[:name] do root_user node[:mysql][:root_user] || root root_password node[:mysql][:root_password] dbuser db[:user] || db[:name] dbpassword db[:password] endend

Definitionsdefine :mysql_database do execute "mysql-create-database" do ... action :nothing end template "/tmp/mysql-#{params[:name]}.sql" do source "create-database.sql.erb" variables(:params => params) notifies :run, "execute[mysql-create-database]", :immediately endend

Definitionsdefine :nginx_site do include_recipe "nginx" template "/etc/nginx/apps/#{params[:name]}.conf" do source "#{params[:name]}.nginx.erb" owner node[:user] group node[:user] mode 0644 variables( :stage => params[:stage], :name => params[:name] ) notifies :reload, "service[nginx]", :delayed endend

Recipe GotchasIdempotency

Idempotencyexecute "install-jruby" do command %Q{ curl http://urlto/#{version}/jruby-src-#{version}.tar.gz -O && tar xvzf jruby-src-#{version}.tar.gz && pushd jruby-#{version} && ant && popd && mv jruby-#{version} /usr && rm jruby-src-#{version}.tar.gz && ln -snf /usr/jruby-#{version}/bin/jruby /usr/local/bin/jruby } creates "/usr/jruby-#{version}"end

Idempotency - Fixedexecute "install-jruby" do command %Q{ curl http://urlto/#{version}/jruby-src-#{version}.tar.gz -O && tar xvzf jruby-src-#{version}.tar.gz && pushd jruby-#{version} && ant && popd && mv jruby-#{version} /usr && rm jruby-src-#{version}.tar.gz } creates "/usr/jruby-#{version}/bin/jruby"endlink "/usr/local/bin/jruby" do to "/usr/jruby-#{version}/bin/jruby"end

Recipe GotchasIdempotencyPackage sources

Recipe GotchasIdempotencyPackage sourcesInstall vs upgrade

Install vs Upgradepackage “git-core” do action :installendpackage “git-core” do action :install, :upgradeend

Recipe GotchasIdempotencyPackage sourcesInstall vs upgradeAttribute abuse

Recipe GotchasIdempotencyPackage sourcesInstall vs upgradeAttribute abuseCowboys and Homers

Homerpackages.each do |pkg| package pkgendexecute "Nuke existing installs" do command "rm -rf /etc/tinydns /etc/dnscache"end...

CowboysOne offsLack of testingManual, undocumented changes

Much more!Chef-serverSearchingTaggingLibraries

ResourcesOpsCode: http://www.opscode.com/Chef Wiki: http://wiki.opscode.com/37signals recipes:http://github.com/37signals/37s_cookbooksEngine Yard recipes:http://github.com/engineyard/ey-cloud-recipes

Me!Twitter: @krobertsonBlog: http://invalidlogic.com/Email: ken@invalidlogic.com

Questions?

http://invalidlogic.com	1691
http://www.scoop.it	105
http://localhost	80
http://ken-blog.paas.io	11
http://invalidlogic.paas.io	4
http://translate.googleusercontent.com	3
http://inv2.paas.io	2
http://duckduckgo.com	2
https://twitter.com	1

Cooking with Chef

by Ken Robertson

Accessibility

Categories

Upload Details

Usage Rights

9 Embeds 1,899

Statistics