Search

Running The Show Configuration Management With Chef Presentation

Loading...

Flash Player 9 (or above) is needed to view presentations.
We have detected that you do not have it on your computer. To install it, go here.

0 comments

Post a comment

    Post a comment
    Embed Video
    Edit your comment Cancel

    Notes on slide 1

    3 Favorites

    Running The Show Configuration Management With Chef Presentation - Presentation Transcript

    1. Configuration management with Chef Edd Dumbill edd@oreilly.com RailsConf 2009 Monday, 4 May 2009 1
    2. About me • Created Expectnation, event software that runs O’Reilly Conferences • Co-author of “Learning Rails” • Perennial tinkerer and author Monday, 4 May 2009 2
    3. Today’s tutorial • Overview of Chef • Learn by example • Common usage patterns • Moving on Monday, 4 May 2009 3
    4. Meta • Please rate this talk and leave comments • If you’re twittering • I’m @edd • Hashtag is #railsconf • Asking questions Monday, 4 May 2009 4
    5. About you Monday, 4 May 2009 5
    6. Overview Monday, 4 May 2009 6
    7. Configuration management • Creating and maintaining consistency • Installing, updating, reporting • Rich history in open source tools • cfengine through to Puppet Monday, 4 May 2009 7
    8. Today’s needs • Developers are becoming ops people • Web architectures and cloud computing • Agile sysadmin should complement agile development Monday, 4 May 2009 8
    9. Developers want • Don’t Repeat Yourself • Revision control Monday, 4 May 2009 9
    10. Chef • Client-server architecture • Embraces modern web technologies • Written in Ruby Monday, 4 May 2009 10
    11. Chef • Cleeent-serfer ercheetectoore-a • Imbreces mudern veb technulugeees • Vreettee in Rooby • Bork bork bork Monday, 4 May 2009 11
    12. Chef • Has revision control at its core • Doesn’t make you learn a new language • Comes from a culture of testability and predictability Monday, 4 May 2009 12
    13. Chef vs Puppet Monday, 4 May 2009 13
    14. Chef vs Puppet • Because we needed another open source war • Objective differences • Subjective differences • Chef has had chance to learn from several years of Puppet Monday, 4 May 2009 14
    15. Architecture Node Node Node Client Chef-client Chef-client Chef-client Chef-client Chef Server Ohai Ohai Ohai Ohai Chef Indexer Monday, 4 May 2009 15
    16. Getting started Monday, 4 May 2009 16
    17. Assemble your victims • Use VMs for testing environment • Ubuntu 8.10 or newer is the sweet spot • VirtualBox is a free virtualization tool • Identify a server and one or more clients Monday, 4 May 2009 17
    18. Prerequisites • Two stage install: basics & bootstrap • Minimal prerequisites: Ruby & RubyGems • Install via Gems: ohai and chef • Bootstrap differs for server and client Monday, 4 May 2009 18
    19. Server • Apache + Passenger • Provides administrative Web UI • Users identified by OpenID • Recipes defined by your chef repository Monday, 4 May 2009 19
    20. Client • Invocation of chef-client • One-time • As a daemon chef-client -i 3600 -s 600 Monday, 4 May 2009 20
    21. Chef repository • Contains configuration and cookbooks • Clone the Opscode template to start • Copy your configuration Monday, 4 May 2009 21
    22. First look at the server Monday, 4 May 2009 22
    23. First client run Monday, 4 May 2009 23
    24. Node attributes • Explore with Web UI • OS attributes provided by ohai • Other attributes are configured by the installed cookbooks • Attributes are mutable Monday, 4 May 2009 24
    25. Making a cookbook • Cookbook is the unit of reuse in Chef • Unsurprisingly, it contains recipes • Generate one with COOKBOOK=hello_world rake new_cookbook Monday, 4 May 2009 25
    26. Inside the cookbook • attributes — variables • recipes — list of instructions (“resources”) • files — files used by resources • templates — ERB templates • definitions — macros of resources • libraries — Ruby to extend Chef DSL Monday, 4 May 2009 26
    27. Define an attribute • Simple attribute attributes/my_name.rb my_name “John Henry” Monday, 4 May 2009 27
    28. A simple recipe • recipes/default.rb template “/tmp/hello_world.txt” do source “hello_world.txt.erb” variables :my_name => node[:my_name] mode 00664 action :create end Monday, 4 May 2009 28
    29. The template • templates/default/hello_world.txt.erb Hello, <%= @my_name %>, how are you today? Monday, 4 May 2009 29
    30. Running the recipe • Add the recipe to the node’s recipe list • Invoke chef-client • Default chef-client setup has client invoked periodically Monday, 4 May 2009 30
    31. When chef-client runs • Node authenticates with server • Libraries, attributes, definitions & recipes are synchronized • Libraries, attributes, definitions & recipes compiled • Node state is converged • Everything happens on the node Monday, 4 May 2009 31
    32. Attributes & resources Monday, 4 May 2009 32
    33. Attributes • May be simply defined, e.g. my_name “John Henry” • Allow overriding, e.g. unless attribute? my_name “John Henry” (“my_name”) • List values are regular arrays [“foo”, “bar”, “whizz”] Monday, 4 May 2009 33
    34. Attribute hashes • Logical groupings of configuration information, e.g. Apache settings, network interface properties • Class used is Mash (from extlib) • so you can use :foo or ‘foo’ as a key Monday, 4 May 2009 34
    35. Advanced attributes • Methods: attribute?() & recipe?() • Access to<<recipes array unless recipes “hello_world” recipe?(“hello_world”) Monday, 4 May 2009 35
    36. Resources • The steps that make up a recipe package “git-core” do action :install end • Resources are implemented via Providers Monday, 4 May 2009 36
    37. Package package \"tar\" do version \"1.16.1-1\" action :install end • Action can be install, upgrade, remove, purge • Version is optional Monday, 4 May 2009 37
    38. Ruby gems • Install gems with package too package “capistrano” do provider Chef::Provider::Package::Rubygems end • Easier: gem_package “capistrano” • Can use source attribute for gem source Monday, 4 May 2009 38
    39. Remote files • Copying remote files is easy remote_file “/tmp/foo.png” do source “foo.png” owner “root” group “root” mode 0444 action :create end • Where does the file live? Monday, 4 May 2009 39
    40. Search path • Files and templates are searched for in the following order: FQDN, platform-version, platform, default • For Ubuntu 9.04: myhost.example.com ubuntu-9.04 ubuntu default Monday, 4 May 2009 40
    41. More remote file fun • File source can be a URL source “http://warez.com/thing.tgz” • Provide SHA256 hash to prevent needless downloading from chef-server each time checksum “08da0021” Monday, 4 May 2009 41
    42. Links • Symbolic or hard links link “/usr/bin/randomthing1.8” do to “/usr/bin/randomthing” end • Use link_type :hard or :symbolic (default) Monday, 4 May 2009 42
    43. File • Control existence and attributes of a file, not its contents file “/tmp/whatever” do owner “root” group “root” mode “0644” action :create end • Other actions are touch, delete Monday, 4 May 2009 43
    44. Other FS resources • — analog of the File resource directory • — recursive remote remote_directory copy Monday, 4 May 2009 44
    45. Service • Control system services from /etc/init.d and friends • We can en/disable, start, stop & restart service “my_daemon” do supports :restart => true action [ :enable, :start ] end Monday, 4 May 2009 45
    46. Other resources • User • Group • Cron • Route • Mount Monday, 4 May 2009 46
    47. Execute • Execute arbitrary command command “mysql-stuff” do execute “/usr/bin/mysql </tmp/ foo.sql” creates “/tmp/outfile.sql” environment {‘FOO’ => “bar”} action :run end Monday, 4 May 2009 47
    48. Script • bash, perl, python, ruby, csh bash “install_foo” do user “root” cwd “/tmp” code <<-EOC wget http://example.org/foo.tgz tar xvf foo.tgz && cd foo ./configure && make install EOC end Monday, 4 May 2009 48
    49. HTTP Request • Useful for connecting to existing services http_request “say_hello” do url “http://myserv.local/check_in” message :node => node[:fqdn] action :post end • Posts a JSON payload • GET by default Monday, 4 May 2009 49
    50. Resource tricks Monday, 4 May 2009 50
    51. Notifies • Chain actions template “/etc/my_daemon/my.cnf” do source “my.cnf.erb” notifies :restart, resources(:service => “my_daemon”) end • By default, notification postponed until end of run, add :immediately as final argument to override Monday, 4 May 2009 51
    52. Action :nothing • If you want a resource to run only on a notify, specify action :nothing execute \"index-gem-repository\" do command \"gem generate_index -d /srv/ gems\" action :nothing end Monday, 4 May 2009 52
    53. Conditional resources • Use only_if and not_if to control resource execution • Takes either shell commands or Ruby blocks, e.g. only_if do IO.read(“/tmp/foo”).chomp == ‘bar’ end Monday, 4 May 2009 53
    54. Platform specifics • Selective do platform?(“ubuntu”) end resource execution only_if • Alter package name do package \"libwww-perl\" case node[:platform] when \"centos\" name \"perl-libwww-perl\" end action :upgrade end Monday, 4 May 2009 54
    55. OpsCode Cookbook Monday, 4 May 2009 55
    56. Opscode cookbooks • http://github.com/opscode/cookbooks • Integral part of the Chef project • If you want it, it’s probably already there • common configurations • smoothing over platform specifics Monday, 4 May 2009 56
    57. Using the cookbooks • Keep your own stuff in site-cookbooks • Use git to add cookbooks as a submodule git submodule add git://github.com/opscode/cookbooks.git cookbooks git submodule init git submodule update Monday, 4 May 2009 57
    58. 3rd party cookbooks • The cookbook_path from the server config specifies precedence • By default site-cookbooks overrides cookbooks • You can adapt recipes simply by replacing the parts you wish Monday, 4 May 2009 58
    59. apache2 cookbook • Attributes configure basic preferences (ports, timeout, keepalive) • Default recipe sets up sane configuration • apache2:: namespace includes recipes for common modules Monday, 4 May 2009 59
    60. Overriding attributes • If you control cookbook, easy enough to set a default • Per-node customizations can be made in the UI • To set new defaults, override selectively in site-cookbooks Monday, 4 May 2009 60
    61. apache2 definitions • Macro for a2ensite & friends apache_site “my_app” :enable => true end • web_app — wraps most of the common configuration for a web app (e.g. Rails) Monday, 4 May 2009 61
    62. mysql cookbook • mysql::client, mysql::server • EC2-aware Monday, 4 May 2009 62
    63. Rails cookbook • Provides installation recipe and attributes for tuning • rails[:version] • rails[:environment] • rails[:max_pool_size] • Provides web_app template you can copy Monday, 4 May 2009 63
    64. Chef and Rails Monday, 4 May 2009 64
    65. How Chef can help • Configuration • Deployment • Configuration is the better trodden path Monday, 4 May 2009 65
    66. Example configuration • Naive Chef recipe to get all the prequisites in place for an instance of Expectnation Monday, 4 May 2009 66
    67. Worked example • Create and deploy a basic Rails app Monday, 4 May 2009 67
    68. chef-deploy • A resource that implements Rails application deployment • Models Capistrano’s cached_deploy • In rapid development, used at EngineYard • http://github.com/ezmobius/chef-deploy Monday, 4 May 2009 68
    69. deploy \"/data/#{app}\" do repo \"git://server/path/app.git\" branch \"HEAD\" user \"myuser\" enable_submodules true migrate true migration_command \"rake db:migrate\" environment \"production\" shallow_clone true revision '5DE77F8ADC' restart_command “...” role “myrole” action :deploy end Monday, 4 May 2009 69
    70. Callbacks • Ruby scripts in your app’s deploy/ • before_migrate, before_symlink, before_restart, after_restart • Rails environment and ‘role’ passed as arguments to callback • Couldnode[:myapp][:role] control this via role Monday, 4 May 2009 70
    71. Single source for gem dependencies • Specify gems in gems.yml in your app’s root - :name: foo :version: \"1.3\" - :name: bar :version: \"2.0.1\" Monday, 4 May 2009 71
    72. Deployment strategy • Unlikely you want deploy to be attemped with the default chef-client behavior • chef-deploy developed against a Chef Solo world view: explicit execution • Use attribute to control deployment • Work in progress Monday, 4 May 2009 72
    73. Gotchas • Chef-deploy assumes shared config/ database.yml • Usual package/gem conflicts • Don’t install rake from packages! Monday, 4 May 2009 73
    74. Chef Solo Monday, 4 May 2009 74
    75. Server-less operation • Bundle up the cookbooks in a tarball • Set attributes in a JSON file • Good to go! Monday, 4 May 2009 75
    76. Deploying with solo • Tar up your cookbooks • Create a solo.rb “/tmp/chef-solo” file_cache_path cookbook_path “/tmp/chef-solo/ cookbooks” • Currently, must have unified cookbook tree Monday, 4 May 2009 76
    77. Deploying with solo (2) • Create your JSON, e.g. { “recipes”: “chef-server”, “myvar”: “foo” } • Execute -c solo.rb -j chef.json chef-solo -r http://path/to/tarball.tgz • JSON path can be URL too Monday, 4 May 2009 77
    78. Why Chef Solo? • When you don’t or can’t control access to the server • When clients aren’t in the same security zone • When you care about installation rather than long-term maintenance Monday, 4 May 2009 78
    79. Development patterns Monday, 4 May 2009 79
    80. Git strategy • Use submodules to bring in 3rd party cookbooks • Develop against testbed, push to shared repository • Server install rule does a git pull Monday, 4 May 2009 80
    81. VM testbed • Use a VM tool that supports snapshotting • VirtualBox is free • VMware good, supported by Poolparty • Use Avahi/Bonjour for convenience Monday, 4 May 2009 81
    82. Attribute control • Particularly useful with chef-solo, transfer the onus of control over to the attributes • Control recipe execution via, eg. a ‘role’ attribute • Help DRY by listing packages, etc, in attributes Monday, 4 May 2009 82
    83. Refactor into definitions & attributes • For maintainability, consider refactoring obvious components into definitions • e.g. the directory creation stage of a Rails app (what cap deploy:setup does) Monday, 4 May 2009 83
    84. REST API Monday, 4 May 2009 84
    85. Chef’s REST API • Chef’s REST API is pretty mature • Reused a lot internally • Best way to programmatically integrate • Documentation scarce for now Monday, 4 May 2009 85
    86. What can you do with the API? • Programmatic access to the server • Add remove/recipes from nodes • Interrogate and set attributes • Perform searches Monday, 4 May 2009 86
    87. API authentication • Register in the same way a node does Chef::Config.from_file( “/etc/chef/server.rb”) @rest = Chef::REST.new( Chef::Config[:registration_url]) @rest.register(user, password) • Thereafter, authenticate password) @rest.authenticate(user, Monday, 4 May 2009 87
    88. Manipulating nodes node = @rest.get_rest(“nodes/ foo_example_com”) puts node.recipes.inspect node.recipes << “apache2” puts node[:myattr].inspect node[:myattr] = { :foo => “bar” } @rest.put_rest(“nodes/foo_example_com”, node) Monday, 4 May 2009 88
    89. Knife • Basic command line interface to the server • For now, get from http://gist.github.com/ 104080 Monday, 4 May 2009 89
    90. Searching Monday, 4 May 2009 90
    91. Searching the server • Powerful feature • Not that mature yet • Ferret indexes the Chef Server database • Queries expressed in FQL Monday, 4 May 2009 91
    92. Access from recipes • search(INDEX, QUERY) • reports every node in search(:node, “*”) the DB • Find the IP of every node running Apache search(:node, “recipe:apache2”).collect {|n| n[‘ipaddress’]} Monday, 4 May 2009 92
    93. Access from REST API • As implemented in the Web UI @rest.get_rest( \"search/node?q=recipe:apache2\") Monday, 4 May 2009 93
    94. Chef & EC2 Monday, 4 May 2009 94
    95. In OpsCode cookbooks • ec2 cookbook • EC2 awareness in, e.g. mysql recipes • Bunch of handy EC2 attributes exposed Monday, 4 May 2009 95
    96. Poolparty • Configure and deploy to the cloud • Uses Chef • http://poolpartyrb.com/ Monday, 4 May 2009 96
    97. What Poolparty does • Launches VM (EC2 or VMware), waits for IP and ssh • Bootstrap: rsyncs dependencies and installs • Configure: compile cookbooks, rsyncs, executes Chef Solo • Verifies installation Monday, 4 May 2009 97
    98. Community resources • Wiki is a great and ever-improving reference http://wiki.opscode.com/display/chef/Home • IRC irc://irc.freenode.net/chef • Mailing list Monday, 4 May 2009 98
    99. The future • Chef is evolving rapidly • Platform support improving through contributions • Opscode-agent • nanite • selective resource execution Monday, 4 May 2009 99
    100. In conclusion • Please rate this tutorial and leave comments http://bit.ly/chef-rails • Q&A • Thank you! Monday, 4 May 2009 100

    + railsconfrailsconf, 6 months ago

    custom

    1399 views, 3 favs, 0 embeds more stats

    More info about this document

    © All Rights Reserved

    Go to text version

    • Total Views 1399
      • 1399 on SlideShare
      • 0 from embeds
    • Comments 0
    • Favorites 3
    • Downloads 31
    Most viewed embeds

    more

    All embeds

    less

    Flagged as inappropriate Flag as inappropriate
    Flag as inappropriate

    Select your reason for flagging this presentation as inappropriate. If needed, use the feedback form to let us know more details.

    Cancel
    File a copyright complaint
    Having problems? Go to our helpdesk?

    Categories

    Tags

    more
    -->
    Search
    RSS Feed
    What's new?

    © 2009 SlideShare Inc. All Rights Reserved