• Save
Chef - Administration for programmers
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share

Chef - Administration for programmers

  • 1,213 views
Uploaded on

Short talk about using Chef for small infrastructure.

Short talk about using Chef for small infrastructure.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
1,213
On Slideshare
1,175
From Embeds
38
Number of Embeds
2

Actions

Shares
Downloads
0
Comments
0
Likes
1

Embeds 38

http://lanyrd.com 37
https://twitter.com 1

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Opscode ChefAdministration for programmers whohost their own beast.
  • 2. Hi folks,my name is Martin Sabo. Im a freelancermostly helping out guys from diagnosia.comwith devops and backend programming.Diagnosia is a Vienna-based startup workinghard to bring some order into the mess rulingthe world of pharmaceutical information acrossEurope.Martin who?
  • 3. So why chef?● never used any configuration managementbefore● started looking for one after things wentsouth with the "by hand approach"● chef was my pick because of:○ ruby DSL○ docs○ openness○ community cookbooks○ scalability
  • 4. Many chefs● hosted chef● private chef● open source chef● chef solo
  • 5. Whats chef? (officially)Chef is a systems integrationframework, built to bring the benefitsof configuration management toyour entire infrastructure.Much more here: http://wiki.opscode.com/display/chef/Home
  • 6. Whats Chef? (for me)● bookshelf full of wheels that dont need tobe reinvented● beautification layer over some not so prettyserver tools● living documentation● infrastructure as code
  • 7. Infrastructure as code?● manage configuration as idempotentResources● put them together in Recipes● track it like source code● configure your serversAdam Jacob Co-Founder & CTO @ Opscode
  • 8. Basic terms● node● role● environment● recipe● resource● cookbook● attribute● knife
  • 9. Simplified workflow
  • 10. Lets zoom in a little
  • 11. Example - Resourcecron "do something" doaction :createminute "0"hour "0"weekday "1"user "some_user"mailto "admin@company.com"command "sh/usr/local/bin/foobar.sh"end
  • 12. Result on machineNew entry in cron table:#Chef Name: do somethingMAILTO=admin@company.com0 0 * * 1 sh /usr/local/bin/foobar.sh
  • 13. More resourcesFor every standard task is there a resource:● directory (creates locally)● remote_file (downloads and stores locally)● user● package (e.g. deb)● template● service● executeAnd much more: docs.opscode.com/resource.html
  • 14. Disabling remote root loginWe already have security recipe in run list of our nodes andwant to change one parameter in sshd config file.● first we need to define additional resource inthe recipe● then we upload the changes to chef-server● and finally we run the chef client on desirednodes
  • 15. Disabling remote root loginResource:ruby_block "edit sshd_config" doblock dorc = Chef::Util::FileEdit.new("/etc/ssh/sshd_config")rc.search_file_replace_line(/^PermitRootLogin/, "PermitRootLogin no")rc.write_fileendnotifies :restart, resources(:service => "ssh")end
  • 16. Disabling remote root loginUpload of cookbook changes:$ knife cookbook upload security
  • 17. Disabling remote root loginExecution on all nodes:$ knife ssh "name:*" "sudo chef-client"Execution only on debian machines:$ knife ssh "platform:debian" "sudo chef-client"Execution only on staging machines:$ knife ssh "chef_environment:staging" "sudo chef-client"
  • 18. Backend GUI● alternative for knife commands● minimalistic, but still usable● open source and hosted backends differs only in color(hosted is orange)
  • 19. Versioning of cookbooks● each cookbook has version number● more versions of the same cookbook can beuploaded on chef server● cookbook version can be locked forenvironment● by default the newest one is used● dependencies are versioned too
  • 20. How is the chef client runtriggered?● by hand○ with knife command on one or multiple nodes○ directly on the node via ssh● automatically, chef-client can run as daemonExample which triggers client run on all webservers:$ knife ssh "role:webserver" "sudo chef-client"
  • 21. Im curious. Can I try chef?All you need is internet except that all is free:● introduction (learnchef.opscode.com)● reference (docs.opscode.com)● hosted chef is free up to 5 nodes● virtualbox (vagrant dependency)● vagrant (for virtual nodes)h
  • 22. Testing and Chef● infrastructure as code should be tested ascode● test-kitchen integration testing tool○ bootstraps the node○ runs tests on it (checks if everything its on place)○ under heavy development○ docs are very brief○ github.com/opscode/test-kitchen
  • 23. Vagrant● "development environments made easy"says it all● supports direct provisioning with chef● test chef-client runs on local VM can spareyou lot of trouble
  • 24. More than one year ofproduction usage - Ups● bootstrap time of the server decreased from days intominutes● always know where to look for infrastructure details● after you master the basics you can move really quickly● its easy to return to devops with chef after you spentsome time working elsewhere● staging, hot spare, bootstrapping after machine failure -much easier with chef
  • 25. More than one year ofproduction usage - Downs● infrastructure as code has same issues ascode:○ legacy○ bugs○ dependencies● 3rd party code problems○ you know, its free and without guarantee○ sometimes tweaks are needed
  • 26. Sh*t happens. More oftenthan you think.● HW fails● People fail● People leave● Nature strikes back● and many moreAnd all that happens during night, fridayafternoon or day after you won a rum drinkingcompetition.
  • 27. Better be preparedTHANK YOU FOR LISTENING.