Начала DevOps: Opscode Chef
Day 4

Andriy Samilyak
samilyak@gmail.com
skype: samilyaka
Goals
●

Pull deployment with Chef

●

Environments

●

More about Berkshelf+Vagrant way

●

Chef in real live - base_serv...
Deployment strategies

PULL vs PUSH
Pull deployment with Chef
# http://community.opscode.com/cookbooks/application
application "my_app" do
path "/var/www"
rep...
Deployment with Chef - Plan
●

Application cookbook
(Berksfile/metadata.rb)

●

Application resource in default.rb

●

git...
Capistrano way
●
●

●

●

Check your /var/www after chef-client run
/var/www/current is a symlink to one of
releases
/var/...
Example of solution
webserver/attributes/default.rb:
default['apache']['docroot_dir'] = "/var/www/current"
webserver/recip...
Git flow
●

New release is ready for deployement

●

It is in 'develop' branch

●

●

Our current server is going to be no...
Branch deployment with Chef
application "my_app" do
path "/var/www"
repository "git://github.com/werdan/hpmor.git"
revisio...
Environments

LIVE server

run_list: role[node]
recipes: recipe[webserver]
git_branch: master

DEV server

run_list: role[...
Attribute precedence

From: http://docs.opscode.com/essentials_cookbook_attribute_files.html
Environments
●

environments/production.rb
name "production"
default_attributes 'webserver' => {
'revision' => 'master'
}
...
Default attribute value
●

webserver/attributes/default.rb
default['webserver']['revision'] = 'master'
Environments: knife
knife environment from file production.rb
knife environment from file
development.rb
knife environment...
Configuring DEV server
●

set environment to 'development'
> knife node edit your_node
> Chef Server GUI

●
●

run chef-cl...
Branch deployment with Chef
application "my_app" do
path "/var/www"
repository "git://github.com/werdan/hpmor.git"
revisio...
Another PCI DSS failure

Go to http://YOUR_NODE_ADDRESS/icons/
Apache configuration patch
<Directory /usr/share/apache2/icons>
Options -Indexes
</Directory>

copy/paste from http://goo....
Environments

LIVE server

run_list: role[node]
recipes: recipe[webserver]
templates: no patch

DEV server

run_list: role...
We have to keep LIVE stable!
●

●

●

environments/production.rb
cookbook "webserver", "= 0.1.0"
webserver/metadata.rb
ver...
Better Berksfile strategy
cookbook 'apache2'
cookbook 'htpasswd', git: ….
cookbook 'application'

cookbook 'webserver', pa...
Frozen cookbooks
●

Try now
knife cookbook upload webserver
knife cookbook show webserver 0.1.1
> frozen?: true

●

●

ber...
Vagrant provision
Real demonstration now – hold your breath!
Vagrant provision
chef-repo/Vagrantfile
Vagrant.configure("2") do |config|
config.vm.hostname = "webserver"
config.vm.box ...
Vagrant provision - chef-solo
●

No API (no databag search , for instance)

●

No cookbook version pin in environment

●

...
Cookbook hierarchy
base_server
●

●

●

Create new cookbook with Berks
cd cookbooks
berks cookbook base_server
Add base_server to Berskfile
I...
Recipes to include
base_server/recipes/default.rb

include_recipe "chef-client"
include_recipe "chef-client::delete_valida...
base_server configuration
default[:openssh][:server][:password_authentication] = 'no'
default[:openssh][:server][:allow_ag...
chef_client
On node: ps ajx | grep chef-client
On workstation: knife status

NB! It is a good idea to establish internal p...
chef_restart
include_recipe "cron"
cron "Chef: Node-specific cronjobs: chef-client-restart" do
minute "#{node[:chef_restar...
Exception handlers
●

Report about any exceptions in chef run

●

Many community handlers are available:
–

Airbrake

–

E...
HipChat report example

https://github.com/opsway/chef-hipchat
Chef Server reports
Debugging with Chef
sudo chef-client -ldebug -Fdoc
sudo chef-client --why-run
sudo chef-client -o recipe['apache2::mod_dav...
'puts driven development'
Chef::log.info("Your message")
log("Your message to put it simple")
abort
chef-shell
# chef-shell -z
chef> run_chef
chef> chef_run.skip_back 40
chef> chef_run.step
chef> node['apache']['dir']
Pry - installation
●

Run on node:
/opt/chef/embedded/bin/gem install --no-ri
--no-rdoc pry pry-nav pry-doc

●

Insert int...
pry
# chef-client
pry> ls node
pry> ls node.name
pry> ls node.default
pry> ls node.normal
pry> step
pry> next
pry > contin...
Chef-testing
●

Semantic testing → Foodcritics

●

Unit testing → ChefSpec

●

Integration testing →
with ChefZero
– Test ...
Foodcritic lint
gem install foodcritic --no-ri --no-rdoc
cd CHEF_REPO
foodcritic cookbooks/webserver

.. see http://acrmp....
More rules
cd CHEF_REPO
git clone git://github.com/custominkwebops/foodcritic-rules.git foodcritic/customink
git clone git...
Functional spec example from
PagerDuty

http://goo.gl/9k5Fj2
Upcoming SlideShare
Loading in...5
×

Chef training Day4

1,144

Published on

Presentation for Day4 training held by SmartMe
http://www.smartme.com.ua/courses/nachala-devops-konfiguriruem-server-s-pomoshchyu-opscode-chef

Published in: Technology, Self Improvement
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,144
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
42
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Chef training Day4

  1. 1. Начала DevOps: Opscode Chef Day 4 Andriy Samilyak samilyak@gmail.com skype: samilyaka
  2. 2. Goals ● Pull deployment with Chef ● Environments ● More about Berkshelf+Vagrant way ● Chef in real live - base_server ● Exception/Report handlers ● Debugging with Chef ● Testing with Chef
  3. 3. Deployment strategies PULL vs PUSH
  4. 4. Pull deployment with Chef # http://community.opscode.com/cookbooks/application application "my_app" do path "/var/www" repository "git://github.com/werdan/hpmor.git" end copy/paste from http://goo.gl/6sEYT5
  5. 5. Deployment with Chef - Plan ● Application cookbook (Berksfile/metadata.rb) ● Application resource in default.rb ● git installation ● docroot correction
  6. 6. Capistrano way ● ● ● ● Check your /var/www after chef-client run /var/www/current is a symlink to one of releases /var/www/releases contains code releases /var/www/shared – anything that is not kept in repository
  7. 7. Example of solution webserver/attributes/default.rb: default['apache']['docroot_dir'] = "/var/www/current" webserver/recipes/default.rb: package "git" application "my_app" do path "/var/www" repository "https://github.com/werdan/hpmor.git" end
  8. 8. Git flow ● New release is ready for deployement ● It is in 'develop' branch ● ● Our current server is going to be now QA testing We should maintain the second server (LIVE) with master branch deployed
  9. 9. Branch deployment with Chef application "my_app" do path "/var/www" repository "git://github.com/werdan/hpmor.git" revision 'your_branch' # specified with attribute end
  10. 10. Environments LIVE server run_list: role[node] recipes: recipe[webserver] git_branch: master DEV server run_list: role[node] recipes: recipe[webserver] git_branch: develop
  11. 11. Attribute precedence From: http://docs.opscode.com/essentials_cookbook_attribute_files.html
  12. 12. Environments ● environments/production.rb name "production" default_attributes 'webserver' => { 'revision' => 'master' } ● environments/development.rb name "development" default_attributes 'webserver' => { 'revision' => 'develop' }
  13. 13. Default attribute value ● webserver/attributes/default.rb default['webserver']['revision'] = 'master'
  14. 14. Environments: knife knife environment from file production.rb knife environment from file development.rb knife environment list knife environment show production
  15. 15. Configuring DEV server ● set environment to 'development' > knife node edit your_node > Chef Server GUI ● ● run chef-client check result in browser (is it in English now?)
  16. 16. Branch deployment with Chef application "my_app" do path "/var/www" repository "git://github.com/werdan/hpmor.git" revision 'your_branch' # specified with attribute end
  17. 17. Another PCI DSS failure Go to http://YOUR_NODE_ADDRESS/icons/
  18. 18. Apache configuration patch <Directory /usr/share/apache2/icons> Options -Indexes </Directory> copy/paste from http://goo.gl/6sEYT5
  19. 19. Environments LIVE server run_list: role[node] recipes: recipe[webserver] templates: no patch DEV server run_list: role[node] recipes: recipe[webserver] templates: with patch!
  20. 20. We have to keep LIVE stable! ● ● ● environments/production.rb cookbook "webserver", "= 0.1.0" webserver/metadata.rb version '0.1.1' upload cookbook ● upload production environment ● knife cookbook show webserver
  21. 21. Better Berksfile strategy cookbook 'apache2' cookbook 'htpasswd', git: …. cookbook 'application' cookbook 'webserver', path: 'cookbooks/webserver' ● berks install ● berks upload
  22. 22. Frozen cookbooks ● Try now knife cookbook upload webserver knife cookbook show webserver 0.1.1 > frozen?: true ● ● berks update && berks upload → no changes knife cookbook upload webserver --force
  23. 23. Vagrant provision Real demonstration now – hold your breath!
  24. 24. Vagrant provision chef-repo/Vagrantfile Vagrant.configure("2") do |config| config.vm.hostname = "webserver" config.vm.box = "webserver" config.vm.box_url = "http://grahamc.com/vagrant/ubuntu-12.04-omnibus-chef.box" config.vm.network :public_network config.berkshelf.berksfile_path = "Berksfile" config.berkshelf.enabled = true config.vm.provision :chef_solo do |chef| chef.run_list = [ ] chef.data_bags_path = "data_bags" chef.roles_path = "roles" chef.add_role("node") chef.environments_path = "environments" chef.environment = 'production' end end
  25. 25. Vagrant provision - chef-solo ● No API (no databag search , for instance) ● No cookbook version pin in environment ● No persistent attributes (normal[..][..])
  26. 26. Cookbook hierarchy
  27. 27. base_server ● ● ● Create new cookbook with Berks cd cookbooks berks cookbook base_server Add base_server to Berskfile Include dependences on apt, ntp, chef-client, cron, openssh ● Include base_server to role[node] run_list
  28. 28. Recipes to include base_server/recipes/default.rb include_recipe "chef-client" include_recipe "chef-client::delete_validation" include_recipe "chef-client::config" include_recipe "ntp" include_recipe "cron" include_recipe "apt" include_recipe "openssh" ● Bump minor cookbook version of 'base_server' copy/paste from http://goo.gl/6sEYT5
  29. 29. base_server configuration default[:openssh][:server][:password_authentication] = 'no' default[:openssh][:server][:allow_agent_forwarding] = 'yes' default[:openssh][:server][:allow_tcp_forwarding] = 'no' default[:openssh][:server][:use_dns] = 'no' copy/paste from http://goo.gl/6sEYT5
  30. 30. chef_client On node: ps ajx | grep chef-client On workstation: knife status NB! It is a good idea to establish internal procedure to check knife status on regular basis
  31. 31. chef_restart include_recipe "cron" cron "Chef: Node-specific cronjobs: chef-client-restart" do minute "#{node[:chef_restart_minute] ||= rand(59)}" hour "#{node[:chef_restart_hour] ||= rand(23)}" day "*" month "*" weekday "*" command "ps ax | grep -q [c]hef-client && sleep $(( $RANDOM % 1800 )) && invoke-rc.d chef-client restart >/dev/null 2>&1" user "root" end
  32. 32. Exception handlers ● Report about any exceptions in chef run ● Many community handlers are available: – Airbrake – Email – Syslog – Graphite – HipChat
  33. 33. HipChat report example https://github.com/opsway/chef-hipchat
  34. 34. Chef Server reports
  35. 35. Debugging with Chef sudo chef-client -ldebug -Fdoc sudo chef-client --why-run sudo chef-client -o recipe['apache2::mod_dav']
  36. 36. 'puts driven development' Chef::log.info("Your message") log("Your message to put it simple") abort
  37. 37. chef-shell # chef-shell -z chef> run_chef chef> chef_run.skip_back 40 chef> chef_run.step chef> node['apache']['dir']
  38. 38. Pry - installation ● Run on node: /opt/chef/embedded/bin/gem install --no-ri --no-rdoc pry pry-nav pry-doc ● Insert into webserver/recipes/default.rb require 'pry'; binding.pry copy/paste from http://goo.gl/6sEYT5
  39. 39. pry # chef-client pry> ls node pry> ls node.name pry> ls node.default pry> ls node.normal pry> step pry> next pry > continue
  40. 40. Chef-testing ● Semantic testing → Foodcritics ● Unit testing → ChefSpec ● Integration testing → with ChefZero – Test Kitchen –
  41. 41. Foodcritic lint gem install foodcritic --no-ri --no-rdoc cd CHEF_REPO foodcritic cookbooks/webserver .. see http://acrmp.github.io/foodcritic/
  42. 42. More rules cd CHEF_REPO git clone git://github.com/custominkwebops/foodcritic-rules.git foodcritic/customink git clone git://github.com/etsy/foodcriticrules.git foodcritic/etsy foodcritic -I foodcritic/* cookbooks/webserver copy/paste from http://goo.gl/6sEYT5
  43. 43. Functional spec example from PagerDuty http://goo.gl/9k5Fj2
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×