• Like
  • Save
Chef - Administration for programmers
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Chef - Administration for programmers

  • 811 views
Published

Short talk about using Chef for small infrastructure.

Short talk about using Chef for small infrastructure.

Published in Technology , Self Improvement
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
811
On SlideShare
0
From Embeds
0
Number of Embeds
3

Actions

Shares
Downloads
0
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Opscode ChefAdministration for programmers whohost their own beast.
  • 2. Hi folks,my name is Martin Sabo. Im a freelancermostly helping out guys from diagnosia.comwith devops and backend programming.Diagnosia is a Vienna-based startup workinghard to bring some order into the mess rulingthe world of pharmaceutical information acrossEurope.Martin who?
  • 3. So why chef?● never used any configuration managementbefore● started looking for one after things wentsouth with the "by hand approach"● chef was my pick because of:○ ruby DSL○ docs○ openness○ community cookbooks○ scalability
  • 4. Many chefs● hosted chef● private chef● open source chef● chef solo
  • 5. Whats chef? (officially)Chef is a systems integrationframework, built to bring the benefitsof configuration management toyour entire infrastructure.Much more here: http://wiki.opscode.com/display/chef/Home
  • 6. Whats Chef? (for me)● bookshelf full of wheels that dont need tobe reinvented● beautification layer over some not so prettyserver tools● living documentation● infrastructure as code
  • 7. Infrastructure as code?● manage configuration as idempotentResources● put them together in Recipes● track it like source code● configure your serversAdam Jacob Co-Founder & CTO @ Opscode
  • 8. Basic terms● node● role● environment● recipe● resource● cookbook● attribute● knife
  • 9. Simplified workflow
  • 10. Lets zoom in a little
  • 11. Example - Resourcecron "do something" doaction :createminute "0"hour "0"weekday "1"user "some_user"mailto "admin@company.com"command "sh/usr/local/bin/foobar.sh"end
  • 12. Result on machineNew entry in cron table:#Chef Name: do somethingMAILTO=admin@company.com0 0 * * 1 sh /usr/local/bin/foobar.sh
  • 13. More resourcesFor every standard task is there a resource:● directory (creates locally)● remote_file (downloads and stores locally)● user● package (e.g. deb)● template● service● executeAnd much more: docs.opscode.com/resource.html
  • 14. Disabling remote root loginWe already have security recipe in run list of our nodes andwant to change one parameter in sshd config file.● first we need to define additional resource inthe recipe● then we upload the changes to chef-server● and finally we run the chef client on desirednodes
  • 15. Disabling remote root loginResource:ruby_block "edit sshd_config" doblock dorc = Chef::Util::FileEdit.new("/etc/ssh/sshd_config")rc.search_file_replace_line(/^PermitRootLogin/, "PermitRootLogin no")rc.write_fileendnotifies :restart, resources(:service => "ssh")end
  • 16. Disabling remote root loginUpload of cookbook changes:$ knife cookbook upload security
  • 17. Disabling remote root loginExecution on all nodes:$ knife ssh "name:*" "sudo chef-client"Execution only on debian machines:$ knife ssh "platform:debian" "sudo chef-client"Execution only on staging machines:$ knife ssh "chef_environment:staging" "sudo chef-client"
  • 18. Backend GUI● alternative for knife commands● minimalistic, but still usable● open source and hosted backends differs only in color(hosted is orange)
  • 19. Versioning of cookbooks● each cookbook has version number● more versions of the same cookbook can beuploaded on chef server● cookbook version can be locked forenvironment● by default the newest one is used● dependencies are versioned too
  • 20. How is the chef client runtriggered?● by hand○ with knife command on one or multiple nodes○ directly on the node via ssh● automatically, chef-client can run as daemonExample which triggers client run on all webservers:$ knife ssh "role:webserver" "sudo chef-client"
  • 21. Im curious. Can I try chef?All you need is internet except that all is free:● introduction (learnchef.opscode.com)● reference (docs.opscode.com)● hosted chef is free up to 5 nodes● virtualbox (vagrant dependency)● vagrant (for virtual nodes)h
  • 22. Testing and Chef● infrastructure as code should be tested ascode● test-kitchen integration testing tool○ bootstraps the node○ runs tests on it (checks if everything its on place)○ under heavy development○ docs are very brief○ github.com/opscode/test-kitchen
  • 23. Vagrant● "development environments made easy"says it all● supports direct provisioning with chef● test chef-client runs on local VM can spareyou lot of trouble
  • 24. More than one year ofproduction usage - Ups● bootstrap time of the server decreased from days intominutes● always know where to look for infrastructure details● after you master the basics you can move really quickly● its easy to return to devops with chef after you spentsome time working elsewhere● staging, hot spare, bootstrapping after machine failure -much easier with chef
  • 25. More than one year ofproduction usage - Downs● infrastructure as code has same issues ascode:○ legacy○ bugs○ dependencies● 3rd party code problems○ you know, its free and without guarantee○ sometimes tweaks are needed
  • 26. Sh*t happens. More oftenthan you think.● HW fails● People fail● People leave● Nature strikes back● and many moreAnd all that happens during night, fridayafternoon or day after you won a rum drinkingcompetition.
  • 27. Better be preparedTHANK YOU FOR LISTENING.