Chef 0.10 Overview

Environments - Ruby DSL # name and description are what youd expect name "development" description "The development environment" # use version 11.0.0 *only* cookbook_versions "couchdb" => "= 11.0.0", # use versions greater than 0.99.0 # and less than 0.100.0 "application" => "~> 0.99" # default attributes for this environment attributes "apache2" => { "listen_ports" => [ "80", "443" ] } Copyright © 2011 Opscode, Inc. – Creative Commons Attribution-ShareAlike 3.0 Unported 4

Environments - JSON { "name": "development", "default_attributes": { "apache2": { "listen_ports": [ "80", "443" ] } }, "json_class": "Chef::Environment", "description": "The development environment", "cookbook_versions": { "couchdb" => "11.0.0", "application" => "~> 0.99" }, "chef_type": "environment" } Copyright © 2011 Opscode, Inc. – Creative Commons Attribution-ShareAlike 3.0 Unported 5

Environments - knife environment $ knife environment ** ENVIRONMENT COMMANDS ** knife environment list (options) knife environment show ENVIRONMENT (options) knife environment edit ENVIRONMENT (options) knife environment create ENVIRONMENT (options) knife environment from file FILE (options) knife environment delete ENVIRONMENT (options) $ knife environment list development preproduction production qa $ knife environment create dev Copyright © 2011 Opscode, Inc. – Creative Commons Attribution-ShareAlike 3.0 Unported 6

Environments - knife node $ knife node create --help| grep environment -E, --environment ENVIRONMENT Set the Chef environment $ knife bootstrap --help | grep environment -E, --environment ENVIRONMENT Set the Chef environment Copyright © 2011 Opscode, Inc. – Creative Commons Attribution-ShareAlike 3.0 Unported 7

Environments - knife cookbook $ knife cookbook upload redis --freeze Uploading redis... upload complete $ knife cookbook show redis 0.1.6 |grep frozen frozen?:! true $ knife cookbook upload redis Uploading redis... ERROR: Version 0.1.6 of cookbook redis is frozen. Use --force to override. Copyright © 2011 Opscode, Inc. – Creative Commons Attribution-ShareAlike 3.0 Unported 8

Environments - Run Lists in Roles { "name": "webserver", "default_attributes": { }, "json_class": "Chef::Role", "run_list": [ "role[base]", "recipe[apache]" ], "env_run_lists" : { "production" : [], "preprod" : [], "dev": [ "role[base]", "recipe[apache]", "recipe[apache::copy_dev_configs]", ], "test": [ "role[base]", "recipe[apache]" ] }, "description": "The webserver role", "chef_type": "role", "override_attributes": {} } Copyright © 2011 Opscode, Inc. – Creative Commons Attribution-ShareAlike 3.0 Unported 9

Environments - WorkflowsHow important is it to keep your environment files in source control? Only edit source files Everything in version controlDo you want to edit environments in the management console (Web UI)? Use role-based access controls to restrict changes Copyright © 2011 Opscode, Inc. – Creative Commons Attribution-ShareAlike 3.0 Unported 10

Knife Plugins require chef/knife module Kallistec class Grep < Chef::Knife deps do require chef/knife/search end banner "knife grep QUERY" def run unless @query = name_args.first ui.error "You need to specify a query term" exit 1 end fuzzier_query = "tags:*#{@query}* OR roles:*#{@query}* OR fqdn" knife_search = Chef::Knife::Search.new knife_search.name_args = [node, fuzzier_query] knife_search.run end end end Copyright © 2011 Opscode, Inc. – Creative Commons Attribution-ShareAlike 3.0 Unported 12

Knife Plugins $ knife grep ghost 1 items found Node Name: ghost.local Environment: production FQDN: ghost.local IP: 172.16.185.135 Run List: recipe[tmux] Roles: Recipes tmux Platform: ubuntu 10.04 Copyright © 2011 Opscode, Inc. – Creative Commons Attribution-ShareAlike 3.0 Unported 16

Knife PluginsCloud commands are now knife plugins knife-ec2 knife-rackspace knife-bluebox knife-slicehost knife-terremark knife-openstack knife-windows Copyright © 2011 Opscode, Inc. – Creative Commons Attribution-ShareAlike 3.0 Unported 17

Knife Output$ knife node show crushinator.localdomainNode Name: crushinator.localdomainEnvironment: _defaultFQDN: crushinator.localdomainIP: 192.168.11.64Run List: recipe[apt::cacher-client], role[nova-ami-urls],role[nova-multi-controller]Roles: nova-ami-urls, nova-super-user-setup, nova-cloud-controller, nova-head, nova-mysql-server, nova-rabbitmq-server,nova-support-server, nova-multi-controllerRecipes apt::cacher-client, build-essential, nova::mysql,apt, rabbitmq, nova::rabbit, nova::api, nova::objectstore,nova::scheduler, nova::network, nova::setup, nova::creds,nova::finalizePlatform: ubuntu 10.10 Copyright © 2011 Opscode, Inc. – Creative Commons Attribution-ShareAlike 3.0 Unported 18

Knife Updates knife cookbook site install was "knife cookbook site vendor" knife help greatly expanded, each subcommand covered Copyright © 2011 Opscode, Inc. – Creative Commons Attribution-ShareAlike 3.0 Unported 19

Encrypted Data BagsCreate a new encrypted data bag item $ openssl rand -base64 512 > /tmp/my_data_bag_key $ knife data bag create --secret_file /tmp/my_data_bag_key passwords mysql # Enter user and password credentials in the editor and save Copyright © 2011 Opscode, Inc. – Creative Commons Attribution-ShareAlike 3.0 Unported 21

Encrypted Data BagsVerify that the data bag has been createdand encrypted $ knife data bag show passwords mysql { "id": "mysql", "pass": "trywgFA6R70NO28PNhMpGhEvKBZuxouemnbnAUQsUyo=n", "user": "e/p+8WJYVHY9fHcEgAAReg==n" } Copyright © 2011 Opscode, Inc. – Creative Commons Attribution-ShareAlike 3.0 Unported 22

Encrypted Data BagsDecrypt an encrypted data bag item $ knife data bag show --secret_ﬁle /tmp/my_data_bag_key passwords mysql { "id": "mysql", "pass": "thesecret123", "user": "fred" } Copyright © 2011 Opscode, Inc. – Creative Commons Attribution-ShareAlike 3.0 Unported 23

WindowsManaging your infrastructure with knife from Windows Install Ruby Ruby Dev Kit Git gem install ruby-wmi windows-api windows-pr chef Create a Chef repository $ knife node list http://devopscloud.net/2011/04/17/managing-chef-from-windows-7/ Copyright © 2011 Opscode, Inc. – Creative Commons Attribution-ShareAlike 3.0 Unported 25

WindowsChef-client Installation on Windows Install Ruby Dev Kit (via VB script) Ruby Installer gem install win32-open3 ruby-wmi windows-api windows-pr chef chef-client -c c:chefclient.rb Copyright © 2011 Opscode, Inc. – Creative Commons Attribution-ShareAlike 3.0 Unported 26

WindowsChef-client Installation on Windows Ohai! Resources/Providers Environment User Group Gem Package Remote File Cookbook File Mount Service Ruby Block Execute Copyright © 2011 Opscode, Inc. – Creative Commons Attribution-ShareAlike 3.0 Unported 27

WindowsChef-client Installation on Windows Cookbooks https://github.com/dougm/site-cookbooks/tree/master/windows registry provider shortcut provider unzip provider windows_privileged library proxy recipe activate recipe update recipe rdp recipe dotnetfx recipe sysinternals recipe bginfo recipe git recipe ant recipe maven recipe java recipe lua recipe Copyright © 2011 Opscode, Inc. – Creative Commons Attribution-ShareAlike 3.0 Unported 28

Windows knife winrm $ knife winrm "role:web" "net stats srv" -x Administrator -P password $ knife winrm ec2-50-xx-xx-124.compute-1.amazonaws.com chef-client -c c:/chef/client.rb -m -x Administrator -P password ec2-50-xx-xx-124.compute-1.amazonaws.com [Fri, 04 Mar 2011 22:00:49 +0000] INFO: Starting Chef Run (Version 0.9.12) ec2-50-xx-xx-124.compute-1.amazonaws.com [Fri, 04 Mar 2011 22:00:50 +0000] WARN: Node ip-0A502FFB has an empty run list. ec2-50-xx-xx-124.compute-1.amazonaws.com [Fri, 04 Mar 2011 22:00:53 +0000] INFO: Chef Run complete in 4.383966 seconds ec2-50-xx-xx-124.compute-1.amazonaws.com [Fri, 04 Mar 2011 22:00:53 +0000] INFO: cleaning the checksum cache ec2-50-xx-xx-124.compute-1.amazonaws.com [Fri, 04 Mar 2011 22:00:53 +0000] INFO: Running report handlers ec2-50-xx-xx-124.compute-1.amazonaws.com [Fri, 04 Mar 2011 22:00:53 +0000] INFO: Report handlers complete Copyright © 2011 Opscode, Inc. – Creative Commons Attribution-ShareAlike 3.0 Unported 29

Windows knife winrm bootstrap $ knife winrm bootstrap ec2-50-xx- xx-124.compute-1.amazonaws.com -r role [webserver],role[production] -x Administrator -P password Copyright © 2011 Opscode, Inc. – Creative Commons Attribution-ShareAlike 3.0 Unported 30

Chef 0.10 Overview

by Matt Ray

Accessibility

Categories

Upload Details

Usage Rights

Statistics

Chef 0.10 Overview Presentation Transcript