GeekAustin DevOps

Developer, SysAdmin, Hacker,Community ManagerMany biz & dev environmentsOpscode: Training, Services &Evangelism Copyright © 2011 Opscode, Inc - All Rights Reserved http://www.ﬂickr.com/photos/anotherphotograph/2100904507/sizes/o/ 3

Chef enables infrastructure as code Manage conﬁguration as idempotent Resources. Put them together in Recipes. Track it like Source Code. Conﬁgure your servers. package "haproxy" do action :install end template "/etc/haproxy/haproxy.cfg" do source "haproxy.cfg.erb" owner "root" group "root" mode 0644 notifies :restart, "service[haproxy]" end service "haproxy" do action [:enable, :start] end Copyright © 2011 Opscode, Inc - All Rights Reserved 8

At a High Level...‣ A library for configuration management‣ A configuration management system‣ A systems integration platform‣ An API for your entire Infrastructure http://www.flickr.com/photos/asten/2159525309/sizes/l/

option :json_attribs, :short => "-j JSON_ATTRIBS", :long => "--json-attributes JSON_ATTRIBS", :description => "Load attributes from aJSON file or URL", :proc => nil option :node_name, :short => "-N NODE_NAME", :long => "--node-name NODE_NAME", :description => "The node name for thisclient", Defaults are sane, but :proc => nil easily changed Copyright © 2011 Opscode, Inc - All Rights Reserved 14

Nodes have Attributes Kernel info!{ "kernel": { "machine": "x86_64", "name": "Darwin", "os": "Darwin", "version": "Darwin Kernel Version 10.4.0: Fri Apr 23 18:28:53 PDT 2010;root:xnu-1504.7.4~1/RELEASE_I386", "release": "10.4.0" }, "platform_version": "10.6.4", "platform": "mac_os_x", "platform_build": "10F569", "domain": "local", Platform info! "os": "darwin", "current_user": "mray", "ohai_time": 1278602661.60043, "os_version": "10.4.0", "uptime": "18 days 17 hours 49 minutes 18 seconds", "ipaddress": "10.13.37.116", "hostname": "morbo", "fqdn": "morbomorbo.local", Hostname and IP! "uptime_seconds": 1619358} Copyright © 2011 Opscode, Inc - All Rights Reserved 31

name "webserver"description "Systems that serve HTTP traffic"run_list( "role[base]", Can include "recipe[apache2]", other roles! "recipe[apache2::mod_ssl]")default_attributes( "apache" => { "listen_ports" => [ "80", "443" ] })override_attributes( "apache" => { "max_children" => "50" }) Copyright © 2011 Opscode, Inc - All Rights Reserved 38

% knife role show webserver{ "name": "webserver", "default_attributes": { "apache": { Uploading roles to "listen_ports": [ the Chef Server "80", "443" converts Ruby DSL ] } to JSON! }, "json_class": "Chef::Role", "run_list": [ "role[base]", "recipe[apache2]", "recipe[apache2::mod_ssl]" ], "description": "Systems that serve HTTP traffic", "chef_type": "role", "override_attributes": { "apache2": { "max_children": "50" } }} Copyright © 2011 Opscode, Inc - All Rights Reserved 39

Resources... Declare a description of the state a part of the node should be in‣ Have a type package "apache2" do version "2.2.11-2ubuntu2.6" action :install‣ Have a name end template "/etc/apache2/apache2.conf" do‣ Have parameters source "apache2.conf.erb" owner "root"‣ Take action to put the group "root" mode 0644 resource in the action :create declared state end

Providers... Know how to actually perform the actions speciﬁed by a resource. Apt, Yum, Rubygems, Multiple providers per resource type. Portage, Macports, FreeBSD Ports, etc. Can beoverridden with package "apache2" do provider "Chef::Provider::Package::Dpkg" the provider action :installparameter on a end resource. http://www.ﬂickr.com/photos/affableslinky/562950216/

ResourcesPlatformProvider http://www.ﬂickr.com/photos/acurbelo/2628837104/sizes/o/

Chef::Platform:ubuntu => { :default => { :package => Chef::Provider::Package::Apt, :service => Chef::Provider::Service::Debian, :cron => Chef::Provider::Cron, :mdadm => Chef::Provider::Mdadm }}, Copyright © 2011 Opscode, Inc - All Rights Reserved 46

Recipes... Apply resources in the order they are speciﬁed package "apache2" do version "2.2.11-2ubuntu2.6" action :install 1‣ Evaluates resources in [ end 1 the order they appear "package[apache2]", "template[/etc/apache2/apache2.conf]" template "/etc/apache2/apache2.conf" do 2 ] source "apache2.conf.erb"‣ Adds each resource to owner "root" the Resource Collection group "root" mode 0644 action :create 2 end http://www.ﬂickr.com/photos/roadsidepictures/2478953342/sizes/o/

Recipes are just Ruby! extra_packages = case node[:platform] when "ubuntu","debian" %w{ ruby1.8 ruby1.8-dev rdoc1.8 ri1.8 libopenssl-ruby } end extra_packages.each do |pkg| package pkg do action :install end end Copyright © 2011 Opscode, Inc - All Rights Reserved 50

CookbooksAttributes ‣ Node attributes ‣ default, normal, override default[:apache][:listen_ports] = [ "80","443" ] default[:apache][:keepalive] = "On" default[:apache][:contact] = "ops@example.com" default[:apache][:timeout] = 300 set[:apache][:log_dir] = "/var/log/apache2" set[:apache][:user] = "www-data" override[:apache][:dir] = "/etc/apache2" Copyright © 2011 Opscode, Inc - All Rights Reserved 55

Cookbooks Metadatacookbooks/django/metadata.rbmaintainer "Opscode, Inc."maintainer_email "cookbooks@opscode.com"license "Apache 2.0"description "Installs DJango"long_description IO.read(File.join(File.dirname(__FILE__),README.rdoc))version "0.8.0"recipe "django", "Installs django and apache2 with mod_python"%w{ ubuntu debian }.each do |os| supports osend%w{ apache2 python }.each do |cb| depends cbend Copyright © 2011 Opscode, Inc - All Rights Reserved 56

A user data bag item...% knife data bag show users mray{ "comment": "Matt Ray", "groups": "sysadmin", "ssh_keys": "ssh-rsa SUPERSEKRATS mray@morbo", "files": { ".bashrc": { "mode": "0644", "source": "dot-bashrc" }, ".emacs": { "mode": "0644", "source": "dot-emacs" } }, "id": "mray", "uid": 7004, "shell": "/usr/bin/bash" } Copyright © 2011 Opscode, Inc - All Rights Reserved

bash_users = search(:users, shell:/bin/bash) bash_users.each do |u| user u[id] do uid u[id] shell "/usr/bin/zsh" comment u[comment] supports :manage_home => trueData bags make recipes home "/home/#{u[id]}" end awesome-r (that’s directory "/home/#{u[id]}/.ssh" do owner u[id] group u[id] mode 0700 totally a word) end template "/home/#{u[id]}/.ssh/authorized_keys" do source "authorized_keys.erb" owner u[id] group u[id] mode 0600 variables :ssh_keys => u[ssh_keys] end end Copyright © 2011 Opscode, Inc - All Rights Reserved 61

JSON or Ruby DSL and Versionedname "dev"description "The development environment"cookbook_versions "couchdb" => "11.0.0"attributes "apache2" => { "listen_ports" => [ "80", "443" ] } Copyright © 2011 Opscode, Inc - All Rights Reserved 63

RubyGems Installationcd /tmpwget http://production.cf.rubygems.org/rubygems/rubygems-1.3.7.tgz -O- | tar zxf -cd rubygems-1.3.7 && sudo ruby setup.rbln -svf /usr/bin/gem1.8 /usr/bin/gemsudo gem install chef Copyright © 2011 Opscode, Inc - All Rights Reserved 72

Create Chef Repository% git clone git://github.com/opscode/chef-repo.git% cd chef-repo% ls -ladrwxr-xr-x 13 mray staff 442 Jul 7 16:48 ./drwxr-xr-x 3 mray staff 102 Jul 7 15:54 ../drwxr-xr-x 5 mray staff 170 Jul 7 17:55 .chef/drwxr-xr-x 12 mray staff 408 Jul 7 16:48 .git/-rw-r--r-- 1 mray staff 23 Jul 7 16:48 .gitignore-rw-r--r-- 1 mray staff 269 Jul 7 15:54 README-rw-r--r-- 1 mray staff 2171 Jul 7 15:54 Rakefiledrwxr-xr-x 3 mray staff 102 Jul 7 15:54 certificates/drwxr-xr-x 7 mray staff 238 Jul 7 17:03 config/drwxr-xr-x 3 mray staff 102 Jul 7 15:54 cookbooks/drwxr-xr-x 3 mray staff 102 Jul 7 15:54 data_bags/drwxr-xr-x 3 mray staff 102 Jul 7 15:54 roles/drwxr-xr-x 3 mray staff 102 Jul 7 15:54 site-cookbooks/ Copyright © 2011 Opscode, Inc - All Rights Reserved 75

Conﬁgure Knife% cat .chef/knife.rbcurrent_dir = File.dirname(__FILE__)log_level :infolog_location STDOUTnode_name "oscon"client_key "#{current_dir}/oscon.pem"validation_client_name "oscon-validator"validation_key "#{current_dir}/oscon-validator.pem"chef_server_url "https://api.opscode.com/organizations/oscon"cache_type BasicFilecache_options( :path => "#{ENV[HOME]}/.chef/checksums" )cookbook_path ["#{current_dir}/../cookbooks"] Per-directory conﬁguration! Copyright © 2011 Opscode, Inc - All Rights Reserved 78

Knife Sub-commandsknife NOUN verb NOUN (options) knife client list knife node show morbo.local knife role show webserver knife search node “*:*” -i knife --help Copyright © 2011 Opscode, Inc - All Rights Reserved 80

Conﬁgure Chef on workstation% knife configure client /etc/chefINFO: Creating client configurationINFO: Writing client.rbINFO: Writing validation.pem% ls -l /etc/chef/total 24-rw-r--r-- 1 mray staff 151 Jul 8 21:29 client.rb-rw-r--r--@ 1 mray staff 1679 Jul 8 21:29 validation.pem Copyright © 2011 Opscode, Inc - All Rights Reserved 81

Chef::Conﬁglog_level :infolog_location STDOUTchef_server_url https://api.opscode.com/organizations/osconvalidation_client_name oscon-validatorhttp://wiki.opscode.com/display/chef/Chef+Conﬁguration+Settings Copyright © 2011 Opscode, Inc - All Rights Reserved 82

Download getting- started cookbook% knife cookbook site vendor getting-startedINFO: Downloading getting-started from the cookbooks site at version0.2.0...INFO: Cookbook getting-started version 0.2.0 successfully vendored! Copyright © 2011 Opscode, Inc - All Rights Reserved 83

Upload getting-started to Chef Server% knife cookbook upload getting-startedINFO: Saving getting-startedINFO: Validating ruby filesINFO: Validating templatesINFO: Syntax OKINFO: Generating MetadataINFO: Uploading files...INFO: Upload complete! Copyright © 2011 Opscode, Inc - All Rights Reserved 86

Apply getting-started Recipe to workstation% knife node run list add morbo.local "recipe[getting-started]"{ "run_list": [ "recipe[getting-started]" ]} Copyright © 2011 Opscode, Inc - All Rights Reserved 87

Run chef-client!% sudo chef-client[Thu, 08 Jul 2010 21:35:49 -0600] INFO: Starting Chef Run[Thu, 08 Jul 2010 21:35:55 -0600] INFO: Writing updated content fortemplate[/tmp/chef-getting-started.txt] to /tmp/chef-getting-started.txt[Thu, 08 Jul 2010 21:35:56 -0600] INFO: Chef Run complete in 6.650602seconds% cat /tmp/chef-getting-started.txtWelcome to Chef!This is Chef version 0.9.14.beta.1Running on mac_os_x.Version 10.6.6. Copyright © 2011 Opscode, Inc - All Rights Reserved 88

remote_ﬁleremote_file "/tmp/nginx-0.7.67.tar.gz" do source "http://sysoev.ru/nginx/nginx-0.7.67.tar.gz" action :create_if_missingend Actions: create, create_if_missing Copyright © 2011 Opscode, Inc - All Rights Reserved 101

cookbook_ﬁlecookbook_file "/etc/perl/CPAN/Config.pm" do source "Config-5.10.1.pm" owner "root" group "root" mode 0644end Actions: create, create_if_missing, delete Copyright © 2011 Opscode, Inc - All Rights Reserved 102

preferences = [ File.join("host-#{fqdn}", "#{file_name}"), File.join("#{platform}-#{version}", "#{file_name}"), File.join("#{platform}", "#{file_name}"), File.join("default", "#{file_name}")] host-node[:fqdn] node[:platform]-node[:version] node[:platform] default files/web1prod.example.com files/ubuntu-9.10 files/ubuntu files/default Copyright © 2011 Opscode, Inc - All Rights Reserved 107

scriptbash "compile_nginx_source" do cwd "/tmp" code <<-EOH tar zxf nginx-0.7.67.tar.gz cd nginx-0.7.67 && ./configure make && make install EOHendInterpreters: bash, ruby, python, perl, csh Copyright © 2011 Opscode, Inc - All Rights Reserved 109

scm: git...git "/srv/apps/chef" do repository "git://github.com/opscode/chef.git" reference "0.9.6" action :checkoutend Actions: sync, checkout, export Copyright © 2011 Opscode, Inc - All Rights Reserved 111

...and subversionsubversion "/srv/couchdb" do repository "http://svn.apache.org/repos/asf/couchdb/trunk" revision "HEAD" action :syncend Actions: sync, checkout, export Copyright © 2011 Opscode, Inc - All Rights Reserved 112

deploy "/srv/radiant" do repo "git://github.com/radiant/radiant.git" revision "HEAD" user "railsdev" migrate true migration_command "rake db:migrate" environment "production" restart_command "touch tmp/restart.txt" action :deployend Copyright © 2011 Opscode, Inc - All Rights Reserved 114

execute "runit-hup-init" do command "telinit q" only_if "grep ^SV /etc/inittab" action :nothingendexecute "rabbitmqctl add_vhost /chef" do not_if "rabbitmqctl list_vhosts| grep /chef"end Enclose in quotes for shell commands or use a do..end or { } style ruby block Copyright © 2011 Opscode, Inc - All Rights Reserved 118

Resource notiﬁcationtemplate "nginx.conf" do path "/etc/nginx/nginx.conf" source "nginx.conf.erb" owner "root" group "root" mode "0644" notifies :restart, resources(:service =>"nginx")end Copyright © 2011 Opscode, Inc - All Rights Reserved 119

Add your Cloud credentials to knife.rb vi ~/chef-repo/.chef/knife.rb# Cloud credentialsknife[:aws_access_key_id] = ENV[AWS_ACCESS_KEY_ID]knife[:aws_secret_access_key] = ENV[AWS_SECRET_ACCESS_KEY] Copyright © 2011 Opscode, Inc - All Rights Reserved 129

Download some cookbooks% knife cookbook site vendor nagios -dINFO: Downloading nagios from the cookbooks site at version 0.3.3...INFO: Cookbook nagios version 0.3.3 successfully vendored!INFO: Downloading apache2 from the cookbooks site at version 0.12.0INFO: Cookbook apache2 version 0.12.0 successfully vendored! Uses the “vendor branch” pattern, so you can make changes and track the upstream Copyright © 2011 Opscode, Inc - All Rights Reserved 130

Build some roles% vi roles/monitoring.rbname "monitoring"description "Nagios monitoring server"run_list( "role[base]”, “recipe[nagios::server]")override_attributes( "apache" => { "allowed_openids" => "http://mray.myopenid.com/" }) Copyright © 2011 Opscode, Inc - All Rights Reserved 132

Upload Roles% knife role from file roles/monitoring.rbWARN: HTTP Request Returned 404 Not Found: Cannot load role monitoringWARN: Updated Role monitoring!% ls rolesREADME base.rb monitoring.rb production.rb webserver.rb% rake roles(in /Users/mray/Development/oscon/chef-repo)WARN: HTTP Request Returned 404 Not Found: Cannot load role baseWARN: Updated Role base!WARN: Updated Role monitoring!WARN: HTTP Request Returned 404 Not Found: Cannot load role productionWARN: Updated Role production!WARN: HTTP Request Returned 404 Not Found: Cannot load role webserverWARN: Updated Role webserver! Copyright © 2011 Opscode, Inc - All Rights Reserved 133

Resources/Questionswww.opscode.comIRC and Mailing lists ‣ irc.freenode.net #chef ‣ lists.opscode.comTwitter: ‣ @opscode, #opschef ‣ @mattrayQuestions? Copyright © 2011 Opscode, Inc - All Rights Reserved 137

GeekAustin DevOps

by Matt Ray

Accessibility

Categories

Upload Details

Usage Rights

1 Embed 3

Statistics

GeekAustin DevOps Presentation Transcript