Let’s Get Cooking with ChefSpeaker:Matt Ray Senior Technical Evangelist  ‣ matt@opscode.com  ‣ @mattray                   ...
AgendaChef 101Getting StartedCooking with Chef           Copyright © 2011 Opscode, Inc - All Rights Reserved   2
Developer, SysAdmin, Hacker,Community ManagerMany biz & dev environmentsOpscode: Training, Services &Evangelism           ...
Developers?Systems Administrators?                                                                 http://www.flickr.com/ph...
The Opscode Platform  is our Chef Server    http://www.opscode.com          Copyright © 2011 Opscode, Inc - All Rights Res...
Copyright © 2011 Opscode, Inc - All Rights Reserved                            6http://www.brooklynstreetart.com/theBlog/w...
Copyright © 2011 Opscode, Inc - All Rights Reserved   7
Chef enables infrastructure as code  Manage configuration as idempotent Resources.  Put them together in Recipes.  Track it...
At a High Level...‣ A library for configuration management‣ A configuration management system‣ A systems integration platfor...
Fully automated Infrastructure    Copyright © 2011 Opscode, Inc - All Rights Reserved   10
PrinciplesIdempotentData-drivenSane defaultsHackabilityTMTOWTDI             Copyright © 2011 Opscode, Inc - All Rights Res...
Multiple applications of an operation do not  change the result         Copyright © 2011 Opscode, Inc - All Rights Reserve...
We start with APIs, you     supply data        Copyright © 2011 Opscode, Inc - All Rights Reserved   http://www.flickr.com/...
option :json_attribs,    :short => "-j JSON_ATTRIBS",    :long => "--json-attributes JSON_ATTRIBS",    :description => "Lo...
Open source and  community     Copyright © 2011 Opscode, Inc - All Rights Reserved   15
Copyright © 2011 Opscode, Inc - All Rights Reserved   16
Tim Toady is a Perl      motto      Copyright © 2011 Opscode, Inc - All Rights Reserved   http://www.flickr.com/photos/lida...
The world moves pretty fastPrimitivesEnable YOUKnow your systems                http://www.flickr.com/photos/gi/518613153/s...
You better be ready!Sysadmins are programmersYou need a 3GL                http://www.flickr.com/photos/gi/518613153/sizes/...
Do I need to know Ruby?A littleSimple syntaxComplex as you scale              Copyright © 2011 Opscode, Inc - All Rights R...
A Tour of Chef    Copyright © 2011 Opscode, Inc - All Rights Reserved   21
Chef Client runs on your        systems         Copyright © 2011 Opscode, Inc - All Rights Reserved   22
Chef Client runs on your        systems                         ohai!         Copyright © 2011 Opscode, Inc - All Rights R...
Clients talk to a Chef       Server        Copyright © 2011 Opscode, Inc - All Rights Reserved   24
Opscode Platformthe central, highly scalable, multi-tenant configuration service from Opscode...         a hosted Chef Serv...
Clients authenticate   with RSA keys       Copyright © 2011 Opscode, Inc - All Rights Reserved   http://www.flickr.com/phot...
Chef Server                    Chef Server                                         API                                    ...
RESTful API w/ JSON    responses       Copyright © 2011 Opscode, Inc - All Rights Reserved   28
Chef can also stand alone - Chef Solo      Copyright © 2011 Opscode, Inc - All Rights Reserved   29
We call each system you   configure a Node        Copyright © 2011 Opscode, Inc - All Rights Reserved   http://www.flickr.co...
Nodes have Attributes                                          Kernel info!{  "kernel": {    "machine": "x86_64",    "name...
Attributes are         Searchable$ knife search node ‘platform:mac_os_x’  search(:node, ‘platform:mac_os_x’)              ...
Nodes have a Run ListWhat Roles or Recipes to apply          in Order           Copyright © 2011 Opscode, Inc - All Rights...
Nodes have a Run List% knife node show web01-prod.example.com -r{  "run_list": [    "role[production]",    "role[webserver...
Nodes have Roles     Copyright © 2011 Opscode, Inc - All Rights Reserved   http://www.flickr.com/photos/laenulfean/37439804...
RolesDescribe the node  ‣   webserver  ‣   dbserver  ‣   monitoring  ‣   ... etc                   Copyright © 2011 Opscod...
Roles have a Run ListWhat Roles or Recipes to apply          in Order           Copyright © 2011 Opscode, Inc - All Rights...
name "webserver"description "Systems that serve HTTP traffic"run_list(  "role[base]",                                     ...
% knife role show webserver{  "name": "webserver",  "default_attributes": {    "apache": {                                ...
Roles are Searchable$ knife search role ‘max_children:50’  search(:role, ‘max_children:50’)              Copyright © 2011 ...
Chef managesResources on Nodes      Copyright © 2011 Opscode, Inc - All Rights Reserved   41
Resources...   Declare a description of the state a part of the node should be in‣ Have a type                 package "ap...
Resources take action  through Providers       Copyright © 2011 Opscode, Inc - All Rights Reserved   43
Providers...    Know how to actually perform the actions specified by a resource.                                         A...
ResourcesPlatformProvider http://www.flickr.com/photos/acurbelo/2628837104/sizes/o/
Chef::Platform:ubuntu    => {   :default => {     :package => Chef::Provider::Package::Apt,     :service => Chef::Provider...
Recipes are lists of   Resources      http://www.flickr.com/photos/roadsidepictures/2478953342/sizes/o/           Copyright...
Recipes...              Apply resources in the order they are specified                                      package "apach...
Order Matters    Copyright © 2011 Opscode, Inc - All Rights Reserved   49
Recipes are just Ruby!    extra_packages = case node[:platform]      when "ubuntu","debian"        %w{          ruby1.8   ...
Cookbooks arepackages for Recipes       Copyright © 2011 Opscode, Inc - All Rights Reserved   51
CookbooksDistributableInfrastructure as CodeVersion control repository             Copyright © 2011 Opscode, Inc - All Rig...
Common Cookbook ComponentsRecipesAssets (files/templates)AttributesMetadata            Copyright © 2011 Opscode, Inc - All ...
Cookbook assetsFiles  ‣ Static assets  ‣ Downloaded via cookbook_file  ‣ File specificityTemplates  ‣ Dynamic assets  ‣ ERB ...
CookbooksAttributes ‣ Node attributes ‣ default, normal, override    default[:apache][:listen_ports] = [ "80","443" ]    d...
Cookbooks  Metadatacookbooks/django/metadata.rbmaintainer         "Opscode, Inc."maintainer_email   "cookbooks@opscode.com...
Cookbooks are  shareable! cookbooks.opscode.com      Copyright © 2011 Opscode, Inc - All Rights Reserved   57
Data bags store arbitrary data    Copyright © 2011 Opscode, Inc - All Rights Reserved   58
A user data bag item...% knife data bag show users mray{  "comment": "Matt Ray",  "groups": "sysadmin",  "ssh_keys": "ssh-...
Data Bags are        Searchable$ knife search users ‘shell:/bin/bash’     search(:users, ‘/bin/bash’)              Copyrig...
bash_users = search(:users, shell:/bin/bash)   bash_users.each do |u|     user u[id] do       uid u[id]       shell "/usr/...
Environments manageversioned infrastructure         Copyright © 2011 Opscode, Inc - All Rights Reserved   62
JSON or Ruby DSL and     Versionedname "dev"description "The development environment"cookbook_versions  "couchdb" => "11.0...
Command-line API  utility, Knife       http://www.flickr.com/photos/myklroventine/3474391066/     Copyright © 2011 Opscode,...
Nodes, Roles, DataBags are Searchable% knife search node “role:webserver” search(:users, “group:sysadmins”)             Co...
http://www.flickr.com/photos/38299630@N05/3635356091/   Copyright © 2011 Opscode, Inc - All Rights Reserved   66
Getting Started    Copyright © 2011 Opscode, Inc - All Rights Reserved   http://www.flickr.com/photos/rowens27/3163470179/ ...
Debian                                                                  Mac OS X                                 SuSE     ...
RubyCopyright © 2011 Opscode, Inc - All Rights Reserved   http://www.flickr.com/photos/thisisbossi/3526698689/   69
Today’s ExamplesOpscode PlatformMac OS X 10.6.6Ubuntu 10.04RubyGems             Copyright © 2011 Opscode, Inc - All Rights...
The Opscode Platform  is our Chef Server    http://www.opscode.com          Copyright © 2011 Opscode, Inc - All Rights Res...
RubyGems Installationcd /tmpwget http://production.cf.rubygems.org/rubygems/rubygems-1.3.7.tgz -O- | tar zxf -cd rubygems-...
apt.opscode.com     Copyright © 2011 Opscode, Inc - All Rights Reserved   73
ELFF Yum Repo    Copyright © 2011 Opscode, Inc - All Rights Reserved   74
Create Chef Repository% git clone git://github.com/opscode/chef-repo.git% cd chef-repo% ls -ladrwxr-xr-x 13 mray staff    ...
Copyright © 2011 Opscode, Inc - All Rights Reserved   76
Setup User Environment cp USERNAME.pem ~/chef-repo/.chef cp ORG-validator.pem ~/chef-repo/.chef cp knife.rb ~/chef-repo/.c...
Configure Knife% cat .chef/knife.rbcurrent_dir = File.dirname(__FILE__)log_level                :infolog_location          ...
Explore Knife’s sub-    commands       Copyright © 2011 Opscode, Inc - All Rights Reserved   79
Knife Sub-commandsknife NOUN verb NOUN (options) knife       client list knife       node show morbo.local knife       rol...
Configure Chef on           workstation% knife configure client /etc/chefINFO: Creating client configurationINFO: Writing c...
Chef::Configlog_level        :infolog_location     STDOUTchef_server_url https://api.opscode.com/organizations/osconvalidat...
Download getting-         started cookbook% knife cookbook site vendor getting-startedINFO: Downloading getting-started fr...
Copyright © 2011 Opscode, Inc - All Rights Reserved   84
git checkout -b chef-vendor-#{name_args[0]}         Copyright © 2011 Opscode, Inc - All Rights Reserved   85
Upload getting-started    to Chef Server% knife cookbook upload getting-startedINFO: Saving getting-startedINFO: Validatin...
Apply getting-started    Recipe to workstation% knife node run list add morbo.local "recipe[getting-started]"{  "run_list"...
Run chef-client!% sudo chef-client[Thu, 08 Jul 2010 21:35:49 -0600] INFO:                               Starting Chef Run[...
Inside the getting-started cookbook      Copyright © 2011 Opscode, Inc - All Rights Reserved   89
http://www.flickr.com/photos/38299630@N05/3635356091/   Copyright © 2011 Opscode, Inc - All Rights Reserved   90
Cooking with Chef      Copyright © 2011 Opscode, Inc - All Rights Reserved   http://www.flickr.com/photos/mr_t_in_dc/330563...
remote_file                                         linkcookbook_file                                                     ...
Resources haveparameters and actions        Copyright © 2011 Opscode, Inc - All Rights Reserved   93
Resource Parameters and ActionsMost resources have defaultsDefaults are sane  ‣ http://wiki.opscode.com/display/chef/Resou...
packages        package "apache2" do          action :install        endActions: install, upgrade, remove, purge          ...
Package shortcutsMap to providersgem_packagedpkg_packagerpm_packageAnd more!              Copyright © 2011 Opscode, Inc - ...
services         service "apache2" do           action [ :enable, :start ]         endActions: enable, disable, start, sto...
init script capabilities   service "apache2" do     supports(       :status => true,       :restart => true,       :reload...
filesfile "/etc/chef/client.rb" do  owner "root"  group "root"  mode 0644  action :createend  Actions: create, delete, touc...
file content!file "/tmp/example" do  content "This is a file!"endfile "/tmp/example2" do  content IO.read("/etc/hosts")end ...
remote_fileremote_file "/tmp/nginx-0.7.67.tar.gz" do  source "http://sysoev.ru/nginx/nginx-0.7.67.tar.gz"  action :create_i...
cookbook_filecookbook_file "/etc/perl/CPAN/Config.pm" do  source "Config-5.10.1.pm"  owner "root"  group "root"  mode 0644e...
templatetemplate "/etc/apache2/ports.conf" do  source "ports.conf.erb"  owner "root"  group "root"  mode 0644end          ...
local templatestemplate "/tmp/config.conf" do  local true  source "/tmp/config.conf.erb"end          Copyright © 2011 Opsc...
templates are ERB<% node[:apache][:listen_ports].each do |port| -%>Listen <%= port %>NameVirtualHost *:<%= port %><% end -...
Cookbook and Template    File Specificity        Copyright © 2011 Opscode, Inc - All Rights Reserved   106
preferences = [  File.join("host-#{fqdn}", "#{file_name}"),  File.join("#{platform}-#{version}", "#{file_name}"),  File.jo...
executeexecute "apt-get update" do  action :runend        Actions: run        Copyright © 2011 Opscode, Inc - All Rights R...
scriptbash "compile_nginx_source" do  cwd "/tmp"  code <<-EOH    tar zxf nginx-0.7.67.tar.gz    cd nginx-0.7.67 && ./confi...
ruby_blockruby_block "save the node" do  block do    node.save  endend        Action: create         Copyright © 2011 Opsc...
scm: git...git "/srv/apps/chef" do  repository "git://github.com/opscode/chef.git"  reference "0.9.6"  action :checkoutend...
...and subversionsubversion "/srv/couchdb" do  repository "http://svn.apache.org/repos/asf/couchdb/trunk"  revision "HEAD"...
deployhttp://wiki.opscode.com/display/chef/Deploy+Resource     Actions: deploy, force_deploy, rollback                    ...
deploy "/srv/radiant" do  repo "git://github.com/radiant/radiant.git"  revision "HEAD"  user "railsdev"  migrate true  mig...
Meta-parameter  madness!    Copyright © 2011 Opscode, Inc - All Rights Reserved   115
action :nothing    Copyright © 2011 Opscode, Inc - All Rights Reserved   116
not_if & only_if     Copyright © 2011 Opscode, Inc - All Rights Reserved   117
execute "runit-hup-init" do  command "telinit q"  only_if "grep ^SV /etc/inittab"  action :nothingendexecute "rabbitmqctl ...
Resource notificationtemplate "nginx.conf" do  path "/etc/nginx/nginx.conf"  source "nginx.conf.erb"  owner "root"  group "...
supports Copyright © 2011 Opscode, Inc - All Rights Reserved   120
Anatomy of a Chef Run        Copyright © 2011 Opscode, Inc - All Rights Reserved   121
Anatomy of a Chef RunNode discoverySet the node nameRegister with server              Copyright © 2011 Opscode, Inc - All ...
Anatomy of a Chef RunBuild node object  ‣ node.saveSynchronize cookbooks  ‣ node.saveConverge  ‣ node.save                ...
Chef Run ConvergenceCompileExecute             Copyright © 2011 Opscode, Inc - All Rights Reserved   124
Development workflow      with Chef       Copyright © 2011 Opscode, Inc - All Rights Reserved   http://www.flickr.com/photos...
Development workflowGather requirementsWrite recipesCommit to repositoryRun Chef in testingRun Chef in production          ...
http://www.flickr.com/photos/38299630@N05/3635356091/   Copyright © 2011 Opscode, Inc - All Rights Reserved   127
Automating the Cloud     with Chef      http://www.flickr.com/photos/46183897@N00/3442880227/sizes/l/                     C...
Add your Cloud    credentials to knife.rb          vi ~/chef-repo/.chef/knife.rb# Cloud credentialsknife[:aws_access_key_i...
Download some              cookbooks% knife cookbook site vendor nagios -dINFO: Downloading nagios from the cookbooks site...
Upload Cookbooks!      knife cookbook upload -a            These run as root, kids.Let’s not blindly trust the upstream to...
Build some roles% vi roles/monitoring.rbname "monitoring"description "Nagios monitoring server"run_list(  "role[base]”,  “...
Upload Roles% knife role from file roles/monitoring.rbWARN: HTTP Request Returned 404 Not Found: Cannot load role         ...
Launch a new    Monitoring Serverknife ec2 server create ‘role[monitoring]’                Copyright © 2011 Opscode, Inc -...
Chef runs on your new         server              sudo chef-clientINFO: Starting Chef Run...INFO: Chef Run complete in 211...
Shef is Chef in IRB      Copyright © 2011 Opscode, Inc - All Rights Reserved   136
Resources/Questionswww.opscode.comIRC and Mailing lists  ‣ irc.freenode.net #chef  ‣ lists.opscode.comTwitter:  ‣ @opscode...
Upcoming SlideShare
Loading in...5
×

GeekAustin DevOps

3,323

Published on

Chef 101 presentation from GeekAustin DevOps Series #1. Only about the first 60 of the slides were covered before we switched to Q&A.

Published in: Technology
0 Comments
4 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
3,323
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
110
Comments
0
Likes
4
Embeds 0
No embeds

No notes for slide

GeekAustin DevOps

  1. 1. Let’s Get Cooking with ChefSpeaker:Matt Ray Senior Technical Evangelist ‣ matt@opscode.com ‣ @mattray Copyright © 2011 Opscode, Inc - All Rights Reserved 1
  2. 2. AgendaChef 101Getting StartedCooking with Chef Copyright © 2011 Opscode, Inc - All Rights Reserved 2
  3. 3. Developer, SysAdmin, Hacker,Community ManagerMany biz & dev environmentsOpscode: Training, Services &Evangelism Copyright © 2011 Opscode, Inc - All Rights Reserved http://www.flickr.com/photos/anotherphotograph/2100904507/sizes/o/ 3
  4. 4. Developers?Systems Administrators? http://www.flickr.com/photos/timyates/2854357446/sizes/l/ Copyright © 2011 Opscode, Inc - All Rights Reserved 4
  5. 5. The Opscode Platform is our Chef Server http://www.opscode.com Copyright © 2011 Opscode, Inc - All Rights Reserved 5
  6. 6. Copyright © 2011 Opscode, Inc - All Rights Reserved 6http://www.brooklynstreetart.com/theBlog/wp-content/uploads/2008/12/swedish_chef_bork-sleeper-cell.jpg
  7. 7. Copyright © 2011 Opscode, Inc - All Rights Reserved 7
  8. 8. Chef enables infrastructure as code Manage configuration as idempotent Resources. Put them together in Recipes. Track it like Source Code. Configure your servers. package "haproxy" do action :install end template "/etc/haproxy/haproxy.cfg" do source "haproxy.cfg.erb" owner "root" group "root" mode 0644 notifies :restart, "service[haproxy]" end service "haproxy" do action [:enable, :start] end Copyright © 2011 Opscode, Inc - All Rights Reserved 8
  9. 9. At a High Level...‣ A library for configuration management‣ A configuration management system‣ A systems integration platform‣ An API for your entire Infrastructure http://www.flickr.com/photos/asten/2159525309/sizes/l/
  10. 10. Fully automated Infrastructure Copyright © 2011 Opscode, Inc - All Rights Reserved 10
  11. 11. PrinciplesIdempotentData-drivenSane defaultsHackabilityTMTOWTDI Copyright © 2011 Opscode, Inc - All Rights Reserved 11
  12. 12. Multiple applications of an operation do not change the result Copyright © 2011 Opscode, Inc - All Rights Reserved http://www.flickr.com/photos/redjar/360111326/ 12
  13. 13. We start with APIs, you supply data Copyright © 2011 Opscode, Inc - All Rights Reserved http://www.flickr.com/photos/ninjanoodles/153893226/ 13
  14. 14. option :json_attribs, :short => "-j JSON_ATTRIBS", :long => "--json-attributes JSON_ATTRIBS", :description => "Load attributes from aJSON file or URL", :proc => nil option :node_name, :short => "-N NODE_NAME", :long => "--node-name NODE_NAME", :description => "The node name for thisclient", Defaults are sane, but :proc => nil easily changed Copyright © 2011 Opscode, Inc - All Rights Reserved 14
  15. 15. Open source and community Copyright © 2011 Opscode, Inc - All Rights Reserved 15
  16. 16. Copyright © 2011 Opscode, Inc - All Rights Reserved 16
  17. 17. Tim Toady is a Perl motto Copyright © 2011 Opscode, Inc - All Rights Reserved http://www.flickr.com/photos/lidarose/225156612 17
  18. 18. The world moves pretty fastPrimitivesEnable YOUKnow your systems http://www.flickr.com/photos/gi/518613153/sizes/o/ Copyright © 2011 Opscode, Inc - All Rights Reserved 18
  19. 19. You better be ready!Sysadmins are programmersYou need a 3GL http://www.flickr.com/photos/gi/518613153/sizes/o/ Copyright © 2011 Opscode, Inc - All Rights Reserved 19
  20. 20. Do I need to know Ruby?A littleSimple syntaxComplex as you scale Copyright © 2011 Opscode, Inc - All Rights Reserved 20
  21. 21. A Tour of Chef Copyright © 2011 Opscode, Inc - All Rights Reserved 21
  22. 22. Chef Client runs on your systems Copyright © 2011 Opscode, Inc - All Rights Reserved 22
  23. 23. Chef Client runs on your systems ohai! Copyright © 2011 Opscode, Inc - All Rights Reserved 23
  24. 24. Clients talk to a Chef Server Copyright © 2011 Opscode, Inc - All Rights Reserved 24
  25. 25. Opscode Platformthe central, highly scalable, multi-tenant configuration service from Opscode... a hosted Chef Server Copyright © 2011 Opscode, Inc. – Confidential – Do Not Redistribute 25
  26. 26. Clients authenticate with RSA keys Copyright © 2011 Opscode, Inc - All Rights Reserved http://www.flickr.com/photos/debbcollins/3401944550/ 26
  27. 27. Chef Server Chef Server API Client InteractionSearch Indexer AMQP SOLR CouchDB Data store Copyright © 2011 Opscode, Inc - All Rights Reserved 27
  28. 28. RESTful API w/ JSON responses Copyright © 2011 Opscode, Inc - All Rights Reserved 28
  29. 29. Chef can also stand alone - Chef Solo Copyright © 2011 Opscode, Inc - All Rights Reserved 29
  30. 30. We call each system you configure a Node Copyright © 2011 Opscode, Inc - All Rights Reserved http://www.flickr.com/photos/peterrosbjerg/3913766224/ 30
  31. 31. Nodes have Attributes Kernel info!{ "kernel": { "machine": "x86_64", "name": "Darwin", "os": "Darwin", "version": "Darwin Kernel Version 10.4.0: Fri Apr 23 18:28:53 PDT 2010;root:xnu-1504.7.4~1/RELEASE_I386", "release": "10.4.0" }, "platform_version": "10.6.4", "platform": "mac_os_x", "platform_build": "10F569", "domain": "local", Platform info! "os": "darwin", "current_user": "mray", "ohai_time": 1278602661.60043, "os_version": "10.4.0", "uptime": "18 days 17 hours 49 minutes 18 seconds", "ipaddress": "10.13.37.116", "hostname": "morbo", "fqdn": "morbomorbo.local", Hostname and IP! "uptime_seconds": 1619358} Copyright © 2011 Opscode, Inc - All Rights Reserved 31
  32. 32. Attributes are Searchable$ knife search node ‘platform:mac_os_x’ search(:node, ‘platform:mac_os_x’) Copyright © 2011 Opscode, Inc - All Rights Reserved 32
  33. 33. Nodes have a Run ListWhat Roles or Recipes to apply in Order Copyright © 2011 Opscode, Inc - All Rights Reserved 33
  34. 34. Nodes have a Run List% knife node show web01-prod.example.com -r{ "run_list": [ "role[production]", "role[webserver]" ]} Copyright © 2011 Opscode, Inc - All Rights Reserved 34
  35. 35. Nodes have Roles Copyright © 2011 Opscode, Inc - All Rights Reserved http://www.flickr.com/photos/laenulfean/374398044/ 35
  36. 36. RolesDescribe the node ‣ webserver ‣ dbserver ‣ monitoring ‣ ... etc Copyright © 2011 Opscode, Inc - All Rights Reserved 36
  37. 37. Roles have a Run ListWhat Roles or Recipes to apply in Order Copyright © 2011 Opscode, Inc - All Rights Reserved 37
  38. 38. name "webserver"description "Systems that serve HTTP traffic"run_list( "role[base]", Can include "recipe[apache2]", other roles! "recipe[apache2::mod_ssl]")default_attributes( "apache" => { "listen_ports" => [ "80", "443" ] })override_attributes( "apache" => { "max_children" => "50" }) Copyright © 2011 Opscode, Inc - All Rights Reserved 38
  39. 39. % knife role show webserver{ "name": "webserver", "default_attributes": { "apache": { Uploading roles to "listen_ports": [ the Chef Server "80", "443" converts Ruby DSL ] } to JSON! }, "json_class": "Chef::Role", "run_list": [ "role[base]", "recipe[apache2]", "recipe[apache2::mod_ssl]" ], "description": "Systems that serve HTTP traffic", "chef_type": "role", "override_attributes": { "apache2": { "max_children": "50" } }} Copyright © 2011 Opscode, Inc - All Rights Reserved 39
  40. 40. Roles are Searchable$ knife search role ‘max_children:50’ search(:role, ‘max_children:50’) Copyright © 2011 Opscode, Inc - All Rights Reserved 40
  41. 41. Chef managesResources on Nodes Copyright © 2011 Opscode, Inc - All Rights Reserved 41
  42. 42. Resources... Declare a description of the state a part of the node should be in‣ Have a type package "apache2" do version "2.2.11-2ubuntu2.6" action :install‣ Have a name end template "/etc/apache2/apache2.conf" do‣ Have parameters source "apache2.conf.erb" owner "root"‣ Take action to put the group "root" mode 0644 resource in the action :create declared state end
  43. 43. Resources take action through Providers Copyright © 2011 Opscode, Inc - All Rights Reserved 43
  44. 44. Providers... Know how to actually perform the actions specified by a resource. Apt, Yum, Rubygems, Multiple providers per resource type. Portage, Macports, FreeBSD Ports, etc. Can beoverridden with package "apache2" do provider "Chef::Provider::Package::Dpkg" the provider action :installparameter on a end resource. http://www.flickr.com/photos/affableslinky/562950216/
  45. 45. ResourcesPlatformProvider http://www.flickr.com/photos/acurbelo/2628837104/sizes/o/
  46. 46. Chef::Platform:ubuntu => { :default => { :package => Chef::Provider::Package::Apt, :service => Chef::Provider::Service::Debian, :cron => Chef::Provider::Cron, :mdadm => Chef::Provider::Mdadm }}, Copyright © 2011 Opscode, Inc - All Rights Reserved 46
  47. 47. Recipes are lists of Resources http://www.flickr.com/photos/roadsidepictures/2478953342/sizes/o/ Copyright © 2011 Opscode, Inc - All Rights Reserved 47
  48. 48. Recipes... Apply resources in the order they are specified package "apache2" do version "2.2.11-2ubuntu2.6" action :install 1‣ Evaluates resources in [ end 1 the order they appear "package[apache2]", "template[/etc/apache2/apache2.conf]" template "/etc/apache2/apache2.conf" do 2 ] source "apache2.conf.erb"‣ Adds each resource to owner "root" the Resource Collection group "root" mode 0644 action :create 2 end http://www.flickr.com/photos/roadsidepictures/2478953342/sizes/o/
  49. 49. Order Matters Copyright © 2011 Opscode, Inc - All Rights Reserved 49
  50. 50. Recipes are just Ruby! extra_packages = case node[:platform] when "ubuntu","debian" %w{ ruby1.8 ruby1.8-dev rdoc1.8 ri1.8 libopenssl-ruby } end extra_packages.each do |pkg| package pkg do action :install end end Copyright © 2011 Opscode, Inc - All Rights Reserved 50
  51. 51. Cookbooks arepackages for Recipes Copyright © 2011 Opscode, Inc - All Rights Reserved 51
  52. 52. CookbooksDistributableInfrastructure as CodeVersion control repository Copyright © 2011 Opscode, Inc - All Rights Reserved 52
  53. 53. Common Cookbook ComponentsRecipesAssets (files/templates)AttributesMetadata Copyright © 2011 Opscode, Inc - All Rights Reserved 53
  54. 54. Cookbook assetsFiles ‣ Static assets ‣ Downloaded via cookbook_file ‣ File specificityTemplates ‣ Dynamic assets ‣ ERB (erubis) ‣ File specificity Copyright © 2011 Opscode, Inc - All Rights Reserved 54
  55. 55. CookbooksAttributes ‣ Node attributes ‣ default, normal, override default[:apache][:listen_ports] = [ "80","443" ] default[:apache][:keepalive] = "On" default[:apache][:contact] = "ops@example.com" default[:apache][:timeout] = 300 set[:apache][:log_dir] = "/var/log/apache2" set[:apache][:user] = "www-data" override[:apache][:dir] = "/etc/apache2" Copyright © 2011 Opscode, Inc - All Rights Reserved 55
  56. 56. Cookbooks Metadatacookbooks/django/metadata.rbmaintainer "Opscode, Inc."maintainer_email "cookbooks@opscode.com"license "Apache 2.0"description "Installs DJango"long_description IO.read(File.join(File.dirname(__FILE__),README.rdoc))version "0.8.0"recipe "django", "Installs django and apache2 with mod_python"%w{ ubuntu debian }.each do |os| supports osend%w{ apache2 python }.each do |cb| depends cbend Copyright © 2011 Opscode, Inc - All Rights Reserved 56
  57. 57. Cookbooks are shareable! cookbooks.opscode.com Copyright © 2011 Opscode, Inc - All Rights Reserved 57
  58. 58. Data bags store arbitrary data Copyright © 2011 Opscode, Inc - All Rights Reserved 58
  59. 59. A user data bag item...% knife data bag show users mray{ "comment": "Matt Ray", "groups": "sysadmin", "ssh_keys": "ssh-rsa SUPERSEKRATS mray@morbo", "files": { ".bashrc": { "mode": "0644", "source": "dot-bashrc" }, ".emacs": { "mode": "0644", "source": "dot-emacs" } }, "id": "mray", "uid": 7004, "shell": "/usr/bin/bash" } Copyright © 2011 Opscode, Inc - All Rights Reserved
  60. 60. Data Bags are Searchable$ knife search users ‘shell:/bin/bash’ search(:users, ‘/bin/bash’) Copyright © 2011 Opscode, Inc - All Rights Reserved 60
  61. 61. bash_users = search(:users, shell:/bin/bash) bash_users.each do |u| user u[id] do uid u[id] shell "/usr/bin/zsh" comment u[comment] supports :manage_home => trueData bags make recipes home "/home/#{u[id]}" end awesome-r (that’s directory "/home/#{u[id]}/.ssh" do owner u[id] group u[id] mode 0700 totally a word) end template "/home/#{u[id]}/.ssh/authorized_keys" do source "authorized_keys.erb" owner u[id] group u[id] mode 0600 variables :ssh_keys => u[ssh_keys] end end Copyright © 2011 Opscode, Inc - All Rights Reserved 61
  62. 62. Environments manageversioned infrastructure Copyright © 2011 Opscode, Inc - All Rights Reserved 62
  63. 63. JSON or Ruby DSL and Versionedname "dev"description "The development environment"cookbook_versions  "couchdb" => "11.0.0"attributes "apache2" => { "listen_ports" => [ "80", "443" ] } Copyright © 2011 Opscode, Inc - All Rights Reserved 63
  64. 64. Command-line API utility, Knife http://www.flickr.com/photos/myklroventine/3474391066/ Copyright © 2011 Opscode, Inc - All Rights Reserved 64
  65. 65. Nodes, Roles, DataBags are Searchable% knife search node “role:webserver” search(:users, “group:sysadmins”) Copyright © 2011 Opscode, Inc - All Rights Reserved 65
  66. 66. http://www.flickr.com/photos/38299630@N05/3635356091/ Copyright © 2011 Opscode, Inc - All Rights Reserved 66
  67. 67. Getting Started Copyright © 2011 Opscode, Inc - All Rights Reserved http://www.flickr.com/photos/rowens27/3163470179/ 67
  68. 68. Debian Mac OS X SuSE CentOS Gentoo Solaris ArchLinuxOpenBSD Platforms Windows FreeBSD Ubuntu Red Hat Fedora Scientific Copyright © 2011 Opscode, Inc - All Rights Reserved 68
  69. 69. RubyCopyright © 2011 Opscode, Inc - All Rights Reserved http://www.flickr.com/photos/thisisbossi/3526698689/ 69
  70. 70. Today’s ExamplesOpscode PlatformMac OS X 10.6.6Ubuntu 10.04RubyGems Copyright © 2011 Opscode, Inc - All Rights Reserved 70
  71. 71. The Opscode Platform is our Chef Server http://www.opscode.com Copyright © 2011 Opscode, Inc - All Rights Reserved 71
  72. 72. RubyGems Installationcd /tmpwget http://production.cf.rubygems.org/rubygems/rubygems-1.3.7.tgz -O- | tar zxf -cd rubygems-1.3.7 && sudo ruby setup.rbln -svf /usr/bin/gem1.8 /usr/bin/gemsudo gem install chef Copyright © 2011 Opscode, Inc - All Rights Reserved 72
  73. 73. apt.opscode.com Copyright © 2011 Opscode, Inc - All Rights Reserved 73
  74. 74. ELFF Yum Repo Copyright © 2011 Opscode, Inc - All Rights Reserved 74
  75. 75. Create Chef Repository% git clone git://github.com/opscode/chef-repo.git% cd chef-repo% ls -ladrwxr-xr-x 13 mray staff 442 Jul 7 16:48 ./drwxr-xr-x 3 mray staff 102 Jul 7 15:54 ../drwxr-xr-x 5 mray staff 170 Jul 7 17:55 .chef/drwxr-xr-x 12 mray staff 408 Jul 7 16:48 .git/-rw-r--r-- 1 mray staff 23 Jul 7 16:48 .gitignore-rw-r--r-- 1 mray staff 269 Jul 7 15:54 README-rw-r--r-- 1 mray staff 2171 Jul 7 15:54 Rakefiledrwxr-xr-x 3 mray staff 102 Jul 7 15:54 certificates/drwxr-xr-x 7 mray staff 238 Jul 7 17:03 config/drwxr-xr-x 3 mray staff 102 Jul 7 15:54 cookbooks/drwxr-xr-x 3 mray staff 102 Jul 7 15:54 data_bags/drwxr-xr-x 3 mray staff 102 Jul 7 15:54 roles/drwxr-xr-x 3 mray staff 102 Jul 7 15:54 site-cookbooks/ Copyright © 2011 Opscode, Inc - All Rights Reserved 75
  76. 76. Copyright © 2011 Opscode, Inc - All Rights Reserved 76
  77. 77. Setup User Environment cp USERNAME.pem ~/chef-repo/.chef cp ORG-validator.pem ~/chef-repo/.chef cp knife.rb ~/chef-repo/.chef Copyright © 2011 Opscode, Inc - All Rights Reserved 77
  78. 78. Configure Knife% cat .chef/knife.rbcurrent_dir = File.dirname(__FILE__)log_level :infolog_location STDOUTnode_name "oscon"client_key "#{current_dir}/oscon.pem"validation_client_name "oscon-validator"validation_key "#{current_dir}/oscon-validator.pem"chef_server_url "https://api.opscode.com/organizations/oscon"cache_type BasicFilecache_options( :path => "#{ENV[HOME]}/.chef/checksums" )cookbook_path ["#{current_dir}/../cookbooks"] Per-directory configuration! Copyright © 2011 Opscode, Inc - All Rights Reserved 78
  79. 79. Explore Knife’s sub- commands Copyright © 2011 Opscode, Inc - All Rights Reserved 79
  80. 80. Knife Sub-commandsknife NOUN verb NOUN (options) knife client list knife node show morbo.local knife role show webserver knife search node “*:*” -i knife --help Copyright © 2011 Opscode, Inc - All Rights Reserved 80
  81. 81. Configure Chef on workstation% knife configure client /etc/chefINFO: Creating client configurationINFO: Writing client.rbINFO: Writing validation.pem% ls -l /etc/chef/total 24-rw-r--r-- 1 mray staff 151 Jul 8 21:29 client.rb-rw-r--r--@ 1 mray staff 1679 Jul 8 21:29 validation.pem Copyright © 2011 Opscode, Inc - All Rights Reserved 81
  82. 82. Chef::Configlog_level :infolog_location STDOUTchef_server_url https://api.opscode.com/organizations/osconvalidation_client_name oscon-validatorhttp://wiki.opscode.com/display/chef/Chef+Configuration+Settings Copyright © 2011 Opscode, Inc - All Rights Reserved 82
  83. 83. Download getting- started cookbook% knife cookbook site vendor getting-startedINFO: Downloading getting-started from the cookbooks site at version0.2.0...INFO: Cookbook getting-started version 0.2.0 successfully vendored! Copyright © 2011 Opscode, Inc - All Rights Reserved 83
  84. 84. Copyright © 2011 Opscode, Inc - All Rights Reserved 84
  85. 85. git checkout -b chef-vendor-#{name_args[0]} Copyright © 2011 Opscode, Inc - All Rights Reserved 85
  86. 86. Upload getting-started to Chef Server% knife cookbook upload getting-startedINFO: Saving getting-startedINFO: Validating ruby filesINFO: Validating templatesINFO: Syntax OKINFO: Generating MetadataINFO: Uploading files...INFO: Upload complete! Copyright © 2011 Opscode, Inc - All Rights Reserved 86
  87. 87. Apply getting-started Recipe to workstation% knife node run list add morbo.local "recipe[getting-started]"{ "run_list": [ "recipe[getting-started]" ]} Copyright © 2011 Opscode, Inc - All Rights Reserved 87
  88. 88. Run chef-client!% sudo chef-client[Thu, 08 Jul 2010 21:35:49 -0600] INFO: Starting Chef Run[Thu, 08 Jul 2010 21:35:55 -0600] INFO: Writing updated content fortemplate[/tmp/chef-getting-started.txt] to /tmp/chef-getting-started.txt[Thu, 08 Jul 2010 21:35:56 -0600] INFO: Chef Run complete in 6.650602seconds% cat /tmp/chef-getting-started.txtWelcome to Chef!This is Chef version 0.9.14.beta.1Running on mac_os_x.Version 10.6.6. Copyright © 2011 Opscode, Inc - All Rights Reserved 88
  89. 89. Inside the getting-started cookbook Copyright © 2011 Opscode, Inc - All Rights Reserved 89
  90. 90. http://www.flickr.com/photos/38299630@N05/3635356091/ Copyright © 2011 Opscode, Inc - All Rights Reserved 90
  91. 91. Cooking with Chef Copyright © 2011 Opscode, Inc - All Rights Reserved http://www.flickr.com/photos/mr_t_in_dc/3305638738/ 91
  92. 92. remote_file linkcookbook_file service ruby_blocktemplate Chef Resources inexecute Depth user bash git package log deploy http_request Copyright © 2011 Opscode, Inc - All Rights Reserved 92
  93. 93. Resources haveparameters and actions Copyright © 2011 Opscode, Inc - All Rights Reserved 93
  94. 94. Resource Parameters and ActionsMost resources have defaultsDefaults are sane ‣ http://wiki.opscode.com/display/chef/Resources Copyright © 2011 Opscode, Inc - All Rights Reserved 94
  95. 95. packages package "apache2" do action :install endActions: install, upgrade, remove, purge Copyright © 2011 Opscode, Inc - All Rights Reserved 95
  96. 96. Package shortcutsMap to providersgem_packagedpkg_packagerpm_packageAnd more! Copyright © 2011 Opscode, Inc - All Rights Reserved 96
  97. 97. services service "apache2" do action [ :enable, :start ] endActions: enable, disable, start, stop, restart, reload Copyright © 2011 Opscode, Inc - All Rights Reserved 97
  98. 98. init script capabilities service "apache2" do supports( :status => true, :restart => true, :reload => true ) action [ :enable, :start ] end Copyright © 2011 Opscode, Inc - All Rights Reserved 98
  99. 99. filesfile "/etc/chef/client.rb" do owner "root" group "root" mode 0644 action :createend Actions: create, delete, touch Copyright © 2011 Opscode, Inc - All Rights Reserved 99
  100. 100. file content!file "/tmp/example" do content "This is a file!"endfile "/tmp/example2" do content IO.read("/etc/hosts")end Content is a string Copyright © 2011 Opscode, Inc - All Rights Reserved 100
  101. 101. remote_fileremote_file "/tmp/nginx-0.7.67.tar.gz" do source "http://sysoev.ru/nginx/nginx-0.7.67.tar.gz" action :create_if_missingend Actions: create, create_if_missing Copyright © 2011 Opscode, Inc - All Rights Reserved 101
  102. 102. cookbook_filecookbook_file "/etc/perl/CPAN/Config.pm" do source "Config-5.10.1.pm" owner "root" group "root" mode 0644end Actions: create, create_if_missing, delete Copyright © 2011 Opscode, Inc - All Rights Reserved 102
  103. 103. templatetemplate "/etc/apache2/ports.conf" do source "ports.conf.erb" owner "root" group "root" mode 0644end Actions: create Copyright © 2011 Opscode, Inc - All Rights Reserved 103
  104. 104. local templatestemplate "/tmp/config.conf" do local true source "/tmp/config.conf.erb"end Copyright © 2011 Opscode, Inc - All Rights Reserved 104
  105. 105. templates are ERB<% node[:apache][:listen_ports].each do |port| -%>Listen <%= port %>NameVirtualHost *:<%= port %><% end -%> Copyright © 2011 Opscode, Inc - All Rights Reserved 105
  106. 106. Cookbook and Template File Specificity Copyright © 2011 Opscode, Inc - All Rights Reserved 106
  107. 107. preferences = [ File.join("host-#{fqdn}", "#{file_name}"), File.join("#{platform}-#{version}", "#{file_name}"), File.join("#{platform}", "#{file_name}"), File.join("default", "#{file_name}")] host-node[:fqdn] node[:platform]-node[:version] node[:platform] default files/web1prod.example.com files/ubuntu-9.10 files/ubuntu files/default Copyright © 2011 Opscode, Inc - All Rights Reserved 107
  108. 108. executeexecute "apt-get update" do action :runend Actions: run Copyright © 2011 Opscode, Inc - All Rights Reserved 108
  109. 109. scriptbash "compile_nginx_source" do cwd "/tmp" code <<-EOH tar zxf nginx-0.7.67.tar.gz cd nginx-0.7.67 && ./configure make && make install EOHendInterpreters: bash, ruby, python, perl, csh Copyright © 2011 Opscode, Inc - All Rights Reserved 109
  110. 110. ruby_blockruby_block "save the node" do block do node.save endend Action: create Copyright © 2011 Opscode, Inc - All Rights Reserved 110
  111. 111. scm: git...git "/srv/apps/chef" do repository "git://github.com/opscode/chef.git" reference "0.9.6" action :checkoutend Actions: sync, checkout, export Copyright © 2011 Opscode, Inc - All Rights Reserved 111
  112. 112. ...and subversionsubversion "/srv/couchdb" do repository "http://svn.apache.org/repos/asf/couchdb/trunk" revision "HEAD" action :syncend Actions: sync, checkout, export Copyright © 2011 Opscode, Inc - All Rights Reserved 112
  113. 113. deployhttp://wiki.opscode.com/display/chef/Deploy+Resource Actions: deploy, force_deploy, rollback Copyright © 2011 Opscode, Inc - All Rights Reserved 113
  114. 114. deploy "/srv/radiant" do repo "git://github.com/radiant/radiant.git" revision "HEAD" user "railsdev" migrate true migration_command "rake db:migrate" environment "production" restart_command "touch tmp/restart.txt" action :deployend Copyright © 2011 Opscode, Inc - All Rights Reserved 114
  115. 115. Meta-parameter madness! Copyright © 2011 Opscode, Inc - All Rights Reserved 115
  116. 116. action :nothing Copyright © 2011 Opscode, Inc - All Rights Reserved 116
  117. 117. not_if & only_if Copyright © 2011 Opscode, Inc - All Rights Reserved 117
  118. 118. execute "runit-hup-init" do command "telinit q" only_if "grep ^SV /etc/inittab" action :nothingendexecute "rabbitmqctl add_vhost /chef" do not_if "rabbitmqctl list_vhosts| grep /chef"end Enclose in quotes for shell commands or use a do..end or { } style ruby block Copyright © 2011 Opscode, Inc - All Rights Reserved 118
  119. 119. Resource notificationtemplate "nginx.conf" do path "/etc/nginx/nginx.conf" source "nginx.conf.erb" owner "root" group "root" mode "0644" notifies :restart, resources(:service =>"nginx")end Copyright © 2011 Opscode, Inc - All Rights Reserved 119
  120. 120. supports Copyright © 2011 Opscode, Inc - All Rights Reserved 120
  121. 121. Anatomy of a Chef Run Copyright © 2011 Opscode, Inc - All Rights Reserved 121
  122. 122. Anatomy of a Chef RunNode discoverySet the node nameRegister with server Copyright © 2011 Opscode, Inc - All Rights Reserved 122
  123. 123. Anatomy of a Chef RunBuild node object ‣ node.saveSynchronize cookbooks ‣ node.saveConverge ‣ node.save Copyright © 2011 Opscode, Inc - All Rights Reserved 123
  124. 124. Chef Run ConvergenceCompileExecute Copyright © 2011 Opscode, Inc - All Rights Reserved 124
  125. 125. Development workflow with Chef Copyright © 2011 Opscode, Inc - All Rights Reserved http://www.flickr.com/photos/kylemay/1393258810/ 125
  126. 126. Development workflowGather requirementsWrite recipesCommit to repositoryRun Chef in testingRun Chef in production Copyright © 2011 Opscode, Inc - All Rights Reserved 126
  127. 127. http://www.flickr.com/photos/38299630@N05/3635356091/ Copyright © 2011 Opscode, Inc - All Rights Reserved 127
  128. 128. Automating the Cloud with Chef http://www.flickr.com/photos/46183897@N00/3442880227/sizes/l/ Copyright © 2011 Opscode, Inc - All Rights Reserved 128
  129. 129. Add your Cloud credentials to knife.rb vi ~/chef-repo/.chef/knife.rb# Cloud credentialsknife[:aws_access_key_id] = ENV[AWS_ACCESS_KEY_ID]knife[:aws_secret_access_key] = ENV[AWS_SECRET_ACCESS_KEY] Copyright © 2011 Opscode, Inc - All Rights Reserved 129
  130. 130. Download some cookbooks% knife cookbook site vendor nagios -dINFO: Downloading nagios from the cookbooks site at version 0.3.3...INFO: Cookbook nagios version 0.3.3 successfully vendored!INFO: Downloading apache2 from the cookbooks site at version 0.12.0INFO: Cookbook apache2 version 0.12.0 successfully vendored! Uses the “vendor branch” pattern, so you can make changes and track the upstream Copyright © 2011 Opscode, Inc - All Rights Reserved 130
  131. 131. Upload Cookbooks! knife cookbook upload -a These run as root, kids.Let’s not blindly trust the upstream too much! Copyright © 2011 Opscode, Inc - All Rights Reserved 131
  132. 132. Build some roles% vi roles/monitoring.rbname "monitoring"description "Nagios monitoring server"run_list( "role[base]”, “recipe[nagios::server]")override_attributes( "apache" => { "allowed_openids" => "http://mray.myopenid.com/" }) Copyright © 2011 Opscode, Inc - All Rights Reserved 132
  133. 133. Upload Roles% knife role from file roles/monitoring.rbWARN: HTTP Request Returned 404 Not Found: Cannot load role monitoringWARN: Updated Role monitoring!% ls rolesREADME base.rb monitoring.rb production.rb webserver.rb% rake roles(in /Users/mray/Development/oscon/chef-repo)WARN: HTTP Request Returned 404 Not Found: Cannot load role baseWARN: Updated Role base!WARN: Updated Role monitoring!WARN: HTTP Request Returned 404 Not Found: Cannot load role productionWARN: Updated Role production!WARN: HTTP Request Returned 404 Not Found: Cannot load role webserverWARN: Updated Role webserver! Copyright © 2011 Opscode, Inc - All Rights Reserved 133
  134. 134. Launch a new Monitoring Serverknife ec2 server create ‘role[monitoring]’ Copyright © 2011 Opscode, Inc - All Rights Reserved 134
  135. 135. Chef runs on your new server sudo chef-clientINFO: Starting Chef Run...INFO: Chef Run complete in 211.852033 seconds Automatically. Copyright © 2011 Opscode, Inc - All Rights Reserved 135
  136. 136. Shef is Chef in IRB Copyright © 2011 Opscode, Inc - All Rights Reserved 136
  137. 137. Resources/Questionswww.opscode.comIRC and Mailing lists ‣ irc.freenode.net #chef ‣ lists.opscode.comTwitter: ‣ @opscode, #opschef ‣ @mattrayQuestions? Copyright © 2011 Opscode, Inc - All Rights Reserved 137
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×