Developer, Technical Lead
Senior Engineer at HP R&D
• System Administrators?
Journey so far?
• 2011 - Present
• Contributed to Chef core,
• Contributed to Knife cloud plugins such as ec2, azure, hp,
openstack, rackspace, google, cloudstack, vsphere, vcloud
• Written extensions for automation tools such as Vagrant, vagrant-
What is Chef?
Chef is a tool that allows you to define the state your
servers(local or cloud) should be in and then enforces that
state on your servers.
An API for your entire Infrastructure.
A service that exposes data about the state of your
Why should I use Chef?
You have Servers.
You need to configure them.
Why should I use Chef?
But I’ve my AWESOME bash scripts, which already does most of
We are developers, we write multi-tier applications
Meanwhile 6 months later,
• How did I do that?
• Who changed that?
• Why did I do it what way?
• Then It dies,
• I have to rebuild it
• Did I forget anything
• How did I do it
• And you will be >>
Knife is used to talk to Chef-Server &
initiate convergence of a server.
• Provision Often
• Infrastructure As Code
• Thick Clients, Thin Server
#1 Chef rule: Recipes/ Infrastructure code should be
The number of Chef runs should not affect the state of the
server. The server should converge on the first run. And unless
previously defined state changes, additional runs should not
Say “what to do” not “how”
#2 Provision Often
If your recipes are not idempotent refer rule #1.
If they are, you should consider provisioning your servers often.
Possibly every 5 minutes. Seriously.
#3 Infrastructure As Code
Infrastructure should be represented as code,
Server configuration, packages installed, relationships with
other servers, should be modeled with code to be automated.
• Separate of policy & data (implemented using Attributes &
• Infrastructure code should not have sensitive data. Though it
can have sane defaults.
• Sensitive data should be remain in a secured store, and
should only be shared with authorized clients.
#5 Thick Clients, Thin Servers
As much as possible much work is done by Chef-Client(Nodes)
Pull not Push. Chef-client runs on each node & will interact
with server when it needs to.
Server is designed to distribute data to each node, including
cookbooks, recipes, templates, files and so on.
Server also retains a copy of state of node at the conclusion of
• Nodes == Servers
• Attributes ≈ Variables
• Roles can define a Node’s attributes and what Recipes are applied to
• Clients == Anything that uses the API
• Resources are the basic building blocks to define state
• Related Resources are grouped into Recipes
• Related Recipes are grouped into Cookbooks
Do I need to know Ruby?
It’s a simple syntax
• Roles are Searchable
• To find all roles where attribute: max_children takes value
$ knife search role ‘max_children:50’
Chef manages Resources on Nodes
• Resource: Declare a description of the state a part of node should be
• Have a type
• Have a name
• Have parameters
• Take action to put the resource
in the declared state
• Can send notification to other
• Resource take action through providers.
• Know how to actually perform the actions specified by a resource,
• Multiple providers per resources type
• Eg. Resource “package” have providers apt, yum, rubygems, portage,
macports, FreeBSD ports, etc
• A data bag is a global variable that is stored as JSON data and is
accessible from a server.
• Create a data bag using knife
$ knife data bag create DATA_BAG_NAME (DATA_BAG_ITEM)
users = Chef::DataBag.new
• Can be encrypted
• Data values can be fetched from Recipes
• OS X
• SUSE Enterprise
• IBM AIX
• Opscode Hosted-Chef
• Hosted SaaS version of Chef.
• Opscode Enterprise/Private Chef
• Private deployments of Opscode Chef Server
• On-Premise deployments
• Open Source Chef
• Cloud support by Knife
• EC2, Rackspace, HP, Google, Azure, CloudStack, OpenStack, vSphere, vCloud, Joyent, etc
• Implement own Resources & Providers,
self.intro do |mohit|
mohit.twitter = @mohitsethi, @openstackindia
mohit.email = email@example.com