Opscode ChefAdministration for programmers whohost their own beast.
Hi folks,my name is Martin Sabo. Im a freelancermostly helping out guys from diagnosia.comwith devops and backend programm...
So why chef?● never used any configuration managementbefore● started looking for one after things wentsouth with the "by h...
Many chefs● hosted chef● private chef● open source chef● chef solo
Whats chef? (officially)Chef is a systems integrationframework, built to bring the benefitsof configuration management toy...
Whats Chef? (for me)● bookshelf full of wheels that dont need tobe reinvented● beautification layer over some not so prett...
Infrastructure as code?● manage configuration as idempotentResources● put them together in Recipes● track it like source c...
Basic terms● node● role● environment● recipe● resource● cookbook● attribute● knife
Simplified workflow
Lets zoom in a little
Example - Resourcecron "do something" doaction :createminute "0"hour "0"weekday "1"user "some_user"mailto "admin@company.c...
Result on machineNew entry in cron table:#Chef Name: do somethingMAILTO=admin@company.com0 0 * * 1 sh /usr/local/bin/fooba...
More resourcesFor every standard task is there a resource:● directory (creates locally)● remote_file (downloads and stores...
Disabling remote root loginWe already have security recipe in run list of our nodes andwant to change one parameter in ssh...
Disabling remote root loginResource:ruby_block "edit sshd_config" doblock dorc = Chef::Util::FileEdit.new("/etc/ssh/sshd_c...
Disabling remote root loginUpload of cookbook changes:$ knife cookbook upload security
Disabling remote root loginExecution on all nodes:$ knife ssh "name:*" "sudo chef-client"Execution only on debian machines...
Backend GUI● alternative for knife commands● minimalistic, but still usable● open source and hosted backends differs only ...
Versioning of cookbooks● each cookbook has version number● more versions of the same cookbook can beuploaded on chef serve...
How is the chef client runtriggered?● by hand○ with knife command on one or multiple nodes○ directly on the node via ssh● ...
Im curious. Can I try chef?All you need is internet except that all is free:● introduction (learnchef.opscode.com)● refere...
Testing and Chef● infrastructure as code should be tested ascode● test-kitchen integration testing tool○ bootstraps the no...
Vagrant● "development environments made easy"says it all● supports direct provisioning with chef● test chef-client runs on...
More than one year ofproduction usage - Ups● bootstrap time of the server decreased from days intominutes● always know whe...
More than one year ofproduction usage - Downs● infrastructure as code has same issues ascode:○ legacy○ bugs○ dependencies●...
Sh*t happens. More oftenthan you think.● HW fails● People fail● People leave● Nature strikes back● and many moreAnd all th...
Better be preparedTHANK YOU FOR LISTENING.
Upcoming SlideShare
Loading in...5
×

Chef - Administration for programmers

932

Published on

Short talk about using Chef for small infrastructure.

Published in: Technology, Self Improvement
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
932
On Slideshare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Chef - Administration for programmers

  1. 1. Opscode ChefAdministration for programmers whohost their own beast.
  2. 2. Hi folks,my name is Martin Sabo. Im a freelancermostly helping out guys from diagnosia.comwith devops and backend programming.Diagnosia is a Vienna-based startup workinghard to bring some order into the mess rulingthe world of pharmaceutical information acrossEurope.Martin who?
  3. 3. So why chef?● never used any configuration managementbefore● started looking for one after things wentsouth with the "by hand approach"● chef was my pick because of:○ ruby DSL○ docs○ openness○ community cookbooks○ scalability
  4. 4. Many chefs● hosted chef● private chef● open source chef● chef solo
  5. 5. Whats chef? (officially)Chef is a systems integrationframework, built to bring the benefitsof configuration management toyour entire infrastructure.Much more here: http://wiki.opscode.com/display/chef/Home
  6. 6. Whats Chef? (for me)● bookshelf full of wheels that dont need tobe reinvented● beautification layer over some not so prettyserver tools● living documentation● infrastructure as code
  7. 7. Infrastructure as code?● manage configuration as idempotentResources● put them together in Recipes● track it like source code● configure your serversAdam Jacob Co-Founder & CTO @ Opscode
  8. 8. Basic terms● node● role● environment● recipe● resource● cookbook● attribute● knife
  9. 9. Simplified workflow
  10. 10. Lets zoom in a little
  11. 11. Example - Resourcecron "do something" doaction :createminute "0"hour "0"weekday "1"user "some_user"mailto "admin@company.com"command "sh/usr/local/bin/foobar.sh"end
  12. 12. Result on machineNew entry in cron table:#Chef Name: do somethingMAILTO=admin@company.com0 0 * * 1 sh /usr/local/bin/foobar.sh
  13. 13. More resourcesFor every standard task is there a resource:● directory (creates locally)● remote_file (downloads and stores locally)● user● package (e.g. deb)● template● service● executeAnd much more: docs.opscode.com/resource.html
  14. 14. Disabling remote root loginWe already have security recipe in run list of our nodes andwant to change one parameter in sshd config file.● first we need to define additional resource inthe recipe● then we upload the changes to chef-server● and finally we run the chef client on desirednodes
  15. 15. Disabling remote root loginResource:ruby_block "edit sshd_config" doblock dorc = Chef::Util::FileEdit.new("/etc/ssh/sshd_config")rc.search_file_replace_line(/^PermitRootLogin/, "PermitRootLogin no")rc.write_fileendnotifies :restart, resources(:service => "ssh")end
  16. 16. Disabling remote root loginUpload of cookbook changes:$ knife cookbook upload security
  17. 17. Disabling remote root loginExecution on all nodes:$ knife ssh "name:*" "sudo chef-client"Execution only on debian machines:$ knife ssh "platform:debian" "sudo chef-client"Execution only on staging machines:$ knife ssh "chef_environment:staging" "sudo chef-client"
  18. 18. Backend GUI● alternative for knife commands● minimalistic, but still usable● open source and hosted backends differs only in color(hosted is orange)
  19. 19. Versioning of cookbooks● each cookbook has version number● more versions of the same cookbook can beuploaded on chef server● cookbook version can be locked forenvironment● by default the newest one is used● dependencies are versioned too
  20. 20. How is the chef client runtriggered?● by hand○ with knife command on one or multiple nodes○ directly on the node via ssh● automatically, chef-client can run as daemonExample which triggers client run on all webservers:$ knife ssh "role:webserver" "sudo chef-client"
  21. 21. Im curious. Can I try chef?All you need is internet except that all is free:● introduction (learnchef.opscode.com)● reference (docs.opscode.com)● hosted chef is free up to 5 nodes● virtualbox (vagrant dependency)● vagrant (for virtual nodes)h
  22. 22. Testing and Chef● infrastructure as code should be tested ascode● test-kitchen integration testing tool○ bootstraps the node○ runs tests on it (checks if everything its on place)○ under heavy development○ docs are very brief○ github.com/opscode/test-kitchen
  23. 23. Vagrant● "development environments made easy"says it all● supports direct provisioning with chef● test chef-client runs on local VM can spareyou lot of trouble
  24. 24. More than one year ofproduction usage - Ups● bootstrap time of the server decreased from days intominutes● always know where to look for infrastructure details● after you master the basics you can move really quickly● its easy to return to devops with chef after you spentsome time working elsewhere● staging, hot spare, bootstrapping after machine failure -much easier with chef
  25. 25. More than one year ofproduction usage - Downs● infrastructure as code has same issues ascode:○ legacy○ bugs○ dependencies● 3rd party code problems○ you know, its free and without guarantee○ sometimes tweaks are needed
  26. 26. Sh*t happens. More oftenthan you think.● HW fails● People fail● People leave● Nature strikes back● and many moreAnd all that happens during night, fridayafternoon or day after you won a rum drinkingcompetition.
  27. 27. Better be preparedTHANK YOU FOR LISTENING.

×