• Save
Chef - Administration for programmers
Upcoming SlideShare
Loading in...5

Chef - Administration for programmers



Short talk about using Chef for small infrastructure.

Short talk about using Chef for small infrastructure.



Total Views
Views on SlideShare
Embed Views



2 Embeds 37

http://lanyrd.com 36
https://twitter.com 1


Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

Chef - Administration for programmers Chef - Administration for programmers Presentation Transcript

  • Opscode ChefAdministration for programmers whohost their own beast.
  • Hi folks,my name is Martin Sabo. Im a freelancermostly helping out guys from diagnosia.comwith devops and backend programming.Diagnosia is a Vienna-based startup workinghard to bring some order into the mess rulingthe world of pharmaceutical information acrossEurope.Martin who?
  • So why chef?● never used any configuration managementbefore● started looking for one after things wentsouth with the "by hand approach"● chef was my pick because of:○ ruby DSL○ docs○ openness○ community cookbooks○ scalability
  • Many chefs● hosted chef● private chef● open source chef● chef solo
  • Whats chef? (officially)Chef is a systems integrationframework, built to bring the benefitsof configuration management toyour entire infrastructure.Much more here: http://wiki.opscode.com/display/chef/Home
  • Whats Chef? (for me)● bookshelf full of wheels that dont need tobe reinvented● beautification layer over some not so prettyserver tools● living documentation● infrastructure as code
  • Infrastructure as code?● manage configuration as idempotentResources● put them together in Recipes● track it like source code● configure your serversAdam Jacob Co-Founder & CTO @ Opscode
  • Basic terms● node● role● environment● recipe● resource● cookbook● attribute● knife
  • Simplified workflow
  • Lets zoom in a little
  • Example - Resourcecron "do something" doaction :createminute "0"hour "0"weekday "1"user "some_user"mailto "admin@company.com"command "sh/usr/local/bin/foobar.sh"end
  • Result on machineNew entry in cron table:#Chef Name: do somethingMAILTO=admin@company.com0 0 * * 1 sh /usr/local/bin/foobar.sh
  • More resourcesFor every standard task is there a resource:● directory (creates locally)● remote_file (downloads and stores locally)● user● package (e.g. deb)● template● service● executeAnd much more: docs.opscode.com/resource.html
  • Disabling remote root loginWe already have security recipe in run list of our nodes andwant to change one parameter in sshd config file.● first we need to define additional resource inthe recipe● then we upload the changes to chef-server● and finally we run the chef client on desirednodes
  • Disabling remote root loginResource:ruby_block "edit sshd_config" doblock dorc = Chef::Util::FileEdit.new("/etc/ssh/sshd_config")rc.search_file_replace_line(/^PermitRootLogin/, "PermitRootLogin no")rc.write_fileendnotifies :restart, resources(:service => "ssh")end
  • Disabling remote root loginUpload of cookbook changes:$ knife cookbook upload security
  • Disabling remote root loginExecution on all nodes:$ knife ssh "name:*" "sudo chef-client"Execution only on debian machines:$ knife ssh "platform:debian" "sudo chef-client"Execution only on staging machines:$ knife ssh "chef_environment:staging" "sudo chef-client"
  • Backend GUI● alternative for knife commands● minimalistic, but still usable● open source and hosted backends differs only in color(hosted is orange)
  • Versioning of cookbooks● each cookbook has version number● more versions of the same cookbook can beuploaded on chef server● cookbook version can be locked forenvironment● by default the newest one is used● dependencies are versioned too
  • How is the chef client runtriggered?● by hand○ with knife command on one or multiple nodes○ directly on the node via ssh● automatically, chef-client can run as daemonExample which triggers client run on all webservers:$ knife ssh "role:webserver" "sudo chef-client"
  • Im curious. Can I try chef?All you need is internet except that all is free:● introduction (learnchef.opscode.com)● reference (docs.opscode.com)● hosted chef is free up to 5 nodes● virtualbox (vagrant dependency)● vagrant (for virtual nodes)h
  • Testing and Chef● infrastructure as code should be tested ascode● test-kitchen integration testing tool○ bootstraps the node○ runs tests on it (checks if everything its on place)○ under heavy development○ docs are very brief○ github.com/opscode/test-kitchen
  • Vagrant● "development environments made easy"says it all● supports direct provisioning with chef● test chef-client runs on local VM can spareyou lot of trouble
  • More than one year ofproduction usage - Ups● bootstrap time of the server decreased from days intominutes● always know where to look for infrastructure details● after you master the basics you can move really quickly● its easy to return to devops with chef after you spentsome time working elsewhere● staging, hot spare, bootstrapping after machine failure -much easier with chef
  • More than one year ofproduction usage - Downs● infrastructure as code has same issues ascode:○ legacy○ bugs○ dependencies● 3rd party code problems○ you know, its free and without guarantee○ sometimes tweaks are needed
  • Sh*t happens. More oftenthan you think.● HW fails● People fail● People leave● Nature strikes back● and many moreAnd all that happens during night, fridayafternoon or day after you won a rum drinkingcompetition.
  • Better be preparedTHANK YOU FOR LISTENING.