Chef Fundamentals
Chef Client Run and Expanding
Our Cookbook
Chef Fundamentals Webinar Series - Module 4
training@opscode.com
Nathen Harvey
• Technical Community Manager at Opscode
• Co-host of the Food Fight Show Podcast
• @nathenharvey
• nharvey@...
Quick Recap
Checkpoint
• In the last module we
• bootstrapped a node using knife bootstrap
• wrote a simple cookbook to deploy a simpl...
Where'd my Node go?
• You still need an Ubuntu 10.04+ machine to manage
• Launch a new instance in the training lab
• Fire...
But it might not have worked
• In some instances, the apt-cache was out of date
• You can fix this!
• sudo apt-get update
Fix it the Chef way!
• Create an apt cookboook
• Use an execute resource
• Add to the run list
Dissecting your first chef-client run
The Anatomy of a Chef run
Objectives
• Describe the steps of a chef-client run
• Describe the basic security model of Chef
chef-client
chef-client

build node
chef-client

build node
Ohai!
node_name
platform
platform_version
chef-client

build node

authenticate
chef-client

build node

expanded run list
(recipes)

authenticate

sync
cookbooks
chef-client

build node

authenticate

load
cookbooks

sync
cookbooks
chef-client

build node

authenticate

converge

load
cookbooks

sync
cookbooks
chef-client

build node

authenticate

converge

load
cookbooks

sync
cookbooks

success?
chef-client

build node

authenticate

converge

load
cookbooks

sync
cookbooks

Yes
success?

node.save
chef-client

build node

authenticate

converge

load
cookbooks

sync
cookbooks

Yes

node.save

No

exception

success?
chef-client

build node

authenticate

converge

load
cookbooks

sync
cookbooks

Yes

node.save
notification
handlers

succ...
Private Keys
• Chef Server requires keys to authenticate.
• client.pem - private key for API client
• validation.pem - pri...
/etc/chef/
client.pem?
/etc/chef/
client.pem?

Yes

Sign Requests
No

/etc/chef/
client.pem?

Yes

Sign Requests

/etc/chef/
validation.pem?
No

/etc/chef/
client.pem?

Yes

Sign Requests

No

/etc/chef/
validation.pem?

401!
No

/etc/chef/
client.pem?

No

/etc/chef/
validation.pem?

Yes
Yes

Sign Requests

Request API
Client

401!
No

/etc/chef/
client.pem?

No

/etc/chef/
validation.pem?

Yes
Yes

Sign Requests

Request API
Client

client.pem

401!
No

/etc/chef/
client.pem?

No

/etc/chef/
validation.pem?

Yes
Yes

Sign Requests

Request API
Client

client.pem

401!
Compile and Execute
• Compile a Resource Collection
• Execute the Resources in that Collection
Introducing the Node object
Attributes & Search
Lesson Objectives
• After completing the lesson, you will be able to
• Explain what the Node object represents in Chef
• L...
What is the Node object
• A node is any physical, virtual, or cloud machines
that is configured to be maintained by a Chef...
Exercise: List nodes
$ knife node list

target1
Exercise: List clients
$ knife client list

ORGNAME-validator
target1
Each node must have a unique name
• Every node must have a unique name within an
organization
• Chef defaults to the Fully...
Exercise: Show node details
$ knife node show target1
Node Name:
Environment:
FQDN:
IP:
Run List:
Roles:
Recipes:
Platform...
What is the Node object
• Nodes are made up of Attributes
• Many are discovered automatically (platform, ip
address, numbe...
Exercise: Run Ohai on node
opscode@target1:~$ sudo ohai | less
{
"languages": {
"ruby": {
},
"python": {
"version": "2.7.3...
Exercise: Show all the node attributes
$ knife node show target1 -l
Node Name:
Environment:
FQDN:
IP:
Run List:
Roles:
Rec...
Exercise: Show the raw node object
$ knife node show target1 -Fj
{
"name": "target1",
"chef_environment": "_default",
"run...
Exercise: Show only the fqdn attribute
$ knife node show target1 -a fqdn

target1:
fqdn: ip-10-154-155-107.ec2.internal
Exercise: Use search to find the same data
$ knife search node "*:*" -a fqdn

1 items found
target1:
fqdn: ip-10-154-155-1...
Templates and Cross-platform
Revisit the Apache Cookbook
Upcoming SlideShare
Loading in...5
×

Chef Fundamentals Training Series Module 4: The Chef Client Run and Expanding Our Cookbook

7,228

Published on

Published in: Business, Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
7,228
On Slideshare
0
From Embeds
0
Number of Embeds
10
Actions
Shares
0
Downloads
2,643
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Chef Fundamentals Training Series Module 4: The Chef Client Run and Expanding Our Cookbook

  1. 1. Chef Fundamentals
  2. 2. Chef Client Run and Expanding Our Cookbook Chef Fundamentals Webinar Series - Module 4 training@opscode.com
  3. 3. Nathen Harvey • Technical Community Manager at Opscode • Co-host of the Food Fight Show Podcast • @nathenharvey • nharvey@opscode.com
  4. 4. Quick Recap
  5. 5. Checkpoint • In the last module we • bootstrapped a node using knife bootstrap • wrote a simple cookbook to deploy a simple webpage
  6. 6. Where'd my Node go? • You still need an Ubuntu 10.04+ machine to manage • Launch a new instance in the training lab • Fire up a new Vagrant • Launch an new AMI Instance
  7. 7. But it might not have worked • In some instances, the apt-cache was out of date • You can fix this! • sudo apt-get update
  8. 8. Fix it the Chef way! • Create an apt cookboook • Use an execute resource • Add to the run list
  9. 9. Dissecting your first chef-client run The Anatomy of a Chef run
  10. 10. Objectives • Describe the steps of a chef-client run • Describe the basic security model of Chef
  11. 11. chef-client
  12. 12. chef-client build node
  13. 13. chef-client build node Ohai! node_name platform platform_version
  14. 14. chef-client build node authenticate
  15. 15. chef-client build node expanded run list (recipes) authenticate sync cookbooks
  16. 16. chef-client build node authenticate load cookbooks sync cookbooks
  17. 17. chef-client build node authenticate converge load cookbooks sync cookbooks
  18. 18. chef-client build node authenticate converge load cookbooks sync cookbooks success?
  19. 19. chef-client build node authenticate converge load cookbooks sync cookbooks Yes success? node.save
  20. 20. chef-client build node authenticate converge load cookbooks sync cookbooks Yes node.save No exception success?
  21. 21. chef-client build node authenticate converge load cookbooks sync cookbooks Yes node.save notification handlers success? No exception
  22. 22. Private Keys • Chef Server requires keys to authenticate. • client.pem - private key for API client • validation.pem - private key for ORGNAMEvalidator • Next, let’s see how those are used...
  23. 23. /etc/chef/ client.pem?
  24. 24. /etc/chef/ client.pem? Yes Sign Requests
  25. 25. No /etc/chef/ client.pem? Yes Sign Requests /etc/chef/ validation.pem?
  26. 26. No /etc/chef/ client.pem? Yes Sign Requests No /etc/chef/ validation.pem? 401!
  27. 27. No /etc/chef/ client.pem? No /etc/chef/ validation.pem? Yes Yes Sign Requests Request API Client 401!
  28. 28. No /etc/chef/ client.pem? No /etc/chef/ validation.pem? Yes Yes Sign Requests Request API Client client.pem 401!
  29. 29. No /etc/chef/ client.pem? No /etc/chef/ validation.pem? Yes Yes Sign Requests Request API Client client.pem 401!
  30. 30. Compile and Execute • Compile a Resource Collection • Execute the Resources in that Collection
  31. 31. Introducing the Node object Attributes & Search
  32. 32. Lesson Objectives • After completing the lesson, you will be able to • Explain what the Node object represents in Chef • List the Nodes in an organization • Show details about a Node • Describe what Node Attributes are • Retrieve a node attribute directly, and via search
  33. 33. What is the Node object • A node is any physical, virtual, or cloud machines that is configured to be maintained by a Chef • When you are writing Recipes, the Node object is always available to you.
  34. 34. Exercise: List nodes $ knife node list target1
  35. 35. Exercise: List clients $ knife client list ORGNAME-validator target1
  36. 36. Each node must have a unique name • Every node must have a unique name within an organization • Chef defaults to the Fully Qualified Domain Name of the server, i.e. in the format server.domain.com • We overrode it to "target1" to make typing easier
  37. 37. Exercise: Show node details $ knife node show target1 Node Name: Environment: FQDN: IP: Run List: Roles: Recipes: Platform: Tags: target1 _default ip-10-154-155-107.ec2.internal 54.242.35.165 ubuntu 12.04
  38. 38. What is the Node object • Nodes are made up of Attributes • Many are discovered automatically (platform, ip address, number of CPUs) • Many other objects in Chef can also add Node attributes (Cookbooks, Roles and Environments, Recipes, Attribute Files) • Nodes are stored and indexed on the Chef Server
  39. 39. Exercise: Run Ohai on node opscode@target1:~$ sudo ohai | less { "languages": { "ruby": { }, "python": { "version": "2.7.3", "builddate": "Apr 10 2013, 06:20:15" }, "perl": { "version": "5.14.2", "archname": "x86_64-linux-gnu-thread-multi" } }, "kernel": {
  40. 40. Exercise: Show all the node attributes $ knife node show target1 -l Node Name: Environment: FQDN: IP: Run List: Roles: Recipes: Platform: Tags: Attributes: tags: target1 _default ip-10-154-155-107.ec2.internal 54.242.35.165 ubuntu 12.04 Default Attributes: Override Attributes: Automatic Attributes (Ohai Data): block_device: loop0: removable: 0 size: 0
  41. 41. Exercise: Show the raw node object $ knife node show target1 -Fj { "name": "target1", "chef_environment": "_default", "run_list": [], "normal": {"tags":[]} }
  42. 42. Exercise: Show only the fqdn attribute $ knife node show target1 -a fqdn target1: fqdn: ip-10-154-155-107.ec2.internal
  43. 43. Exercise: Use search to find the same data $ knife search node "*:*" -a fqdn 1 items found target1: fqdn: ip-10-154-155-107.ec2.internal
  44. 44. Templates and Cross-platform Revisit the Apache Cookbook
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×