Chef training Day4

1,792 views
1,443 views

Published on

Presentation for Day4 training held by SmartMe
http://www.smartme.com.ua/courses/nachala-devops-konfiguriruem-server-s-pomoshchyu-opscode-chef

Published in: Technology, Self Improvement
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,792
On SlideShare
0
From Embeds
0
Number of Embeds
5
Actions
Shares
0
Downloads
45
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Chef training Day4

  1. 1. Начала DevOps: Opscode Chef Day 4 Andriy Samilyak samilyak@gmail.com skype: samilyaka
  2. 2. Goals ● Pull deployment with Chef ● Environments ● More about Berkshelf+Vagrant way ● Chef in real live - base_server ● Exception/Report handlers ● Debugging with Chef ● Testing with Chef
  3. 3. Deployment strategies PULL vs PUSH
  4. 4. Pull deployment with Chef # http://community.opscode.com/cookbooks/application application "my_app" do path "/var/www" repository "git://github.com/werdan/hpmor.git" end copy/paste from http://goo.gl/6sEYT5
  5. 5. Deployment with Chef - Plan ● Application cookbook (Berksfile/metadata.rb) ● Application resource in default.rb ● git installation ● docroot correction
  6. 6. Capistrano way ● ● ● ● Check your /var/www after chef-client run /var/www/current is a symlink to one of releases /var/www/releases contains code releases /var/www/shared – anything that is not kept in repository
  7. 7. Example of solution webserver/attributes/default.rb: default['apache']['docroot_dir'] = "/var/www/current" webserver/recipes/default.rb: package "git" application "my_app" do path "/var/www" repository "https://github.com/werdan/hpmor.git" end
  8. 8. Git flow ● New release is ready for deployement ● It is in 'develop' branch ● ● Our current server is going to be now QA testing We should maintain the second server (LIVE) with master branch deployed
  9. 9. Branch deployment with Chef application "my_app" do path "/var/www" repository "git://github.com/werdan/hpmor.git" revision 'your_branch' # specified with attribute end
  10. 10. Environments LIVE server run_list: role[node] recipes: recipe[webserver] git_branch: master DEV server run_list: role[node] recipes: recipe[webserver] git_branch: develop
  11. 11. Attribute precedence From: http://docs.opscode.com/essentials_cookbook_attribute_files.html
  12. 12. Environments ● environments/production.rb name "production" default_attributes 'webserver' => { 'revision' => 'master' } ● environments/development.rb name "development" default_attributes 'webserver' => { 'revision' => 'develop' }
  13. 13. Default attribute value ● webserver/attributes/default.rb default['webserver']['revision'] = 'master'
  14. 14. Environments: knife knife environment from file production.rb knife environment from file development.rb knife environment list knife environment show production
  15. 15. Configuring DEV server ● set environment to 'development' > knife node edit your_node > Chef Server GUI ● ● run chef-client check result in browser (is it in English now?)
  16. 16. Branch deployment with Chef application "my_app" do path "/var/www" repository "git://github.com/werdan/hpmor.git" revision 'your_branch' # specified with attribute end
  17. 17. Another PCI DSS failure Go to http://YOUR_NODE_ADDRESS/icons/
  18. 18. Apache configuration patch <Directory /usr/share/apache2/icons> Options -Indexes </Directory> copy/paste from http://goo.gl/6sEYT5
  19. 19. Environments LIVE server run_list: role[node] recipes: recipe[webserver] templates: no patch DEV server run_list: role[node] recipes: recipe[webserver] templates: with patch!
  20. 20. We have to keep LIVE stable! ● ● ● environments/production.rb cookbook "webserver", "= 0.1.0" webserver/metadata.rb version '0.1.1' upload cookbook ● upload production environment ● knife cookbook show webserver
  21. 21. Better Berksfile strategy cookbook 'apache2' cookbook 'htpasswd', git: …. cookbook 'application' cookbook 'webserver', path: 'cookbooks/webserver' ● berks install ● berks upload
  22. 22. Frozen cookbooks ● Try now knife cookbook upload webserver knife cookbook show webserver 0.1.1 > frozen?: true ● ● berks update && berks upload → no changes knife cookbook upload webserver --force
  23. 23. Vagrant provision Real demonstration now – hold your breath!
  24. 24. Vagrant provision chef-repo/Vagrantfile Vagrant.configure("2") do |config| config.vm.hostname = "webserver" config.vm.box = "webserver" config.vm.box_url = "http://grahamc.com/vagrant/ubuntu-12.04-omnibus-chef.box" config.vm.network :public_network config.berkshelf.berksfile_path = "Berksfile" config.berkshelf.enabled = true config.vm.provision :chef_solo do |chef| chef.run_list = [ ] chef.data_bags_path = "data_bags" chef.roles_path = "roles" chef.add_role("node") chef.environments_path = "environments" chef.environment = 'production' end end
  25. 25. Vagrant provision - chef-solo ● No API (no databag search , for instance) ● No cookbook version pin in environment ● No persistent attributes (normal[..][..])
  26. 26. Cookbook hierarchy
  27. 27. base_server ● ● ● Create new cookbook with Berks cd cookbooks berks cookbook base_server Add base_server to Berskfile Include dependences on apt, ntp, chef-client, cron, openssh ● Include base_server to role[node] run_list
  28. 28. Recipes to include base_server/recipes/default.rb include_recipe "chef-client" include_recipe "chef-client::delete_validation" include_recipe "chef-client::config" include_recipe "ntp" include_recipe "cron" include_recipe "apt" include_recipe "openssh" ● Bump minor cookbook version of 'base_server' copy/paste from http://goo.gl/6sEYT5
  29. 29. base_server configuration default[:openssh][:server][:password_authentication] = 'no' default[:openssh][:server][:allow_agent_forwarding] = 'yes' default[:openssh][:server][:allow_tcp_forwarding] = 'no' default[:openssh][:server][:use_dns] = 'no' copy/paste from http://goo.gl/6sEYT5
  30. 30. chef_client On node: ps ajx | grep chef-client On workstation: knife status NB! It is a good idea to establish internal procedure to check knife status on regular basis
  31. 31. chef_restart include_recipe "cron" cron "Chef: Node-specific cronjobs: chef-client-restart" do minute "#{node[:chef_restart_minute] ||= rand(59)}" hour "#{node[:chef_restart_hour] ||= rand(23)}" day "*" month "*" weekday "*" command "ps ax | grep -q [c]hef-client && sleep $(( $RANDOM % 1800 )) && invoke-rc.d chef-client restart >/dev/null 2>&1" user "root" end
  32. 32. Exception handlers ● Report about any exceptions in chef run ● Many community handlers are available: – Airbrake – Email – Syslog – Graphite – HipChat
  33. 33. HipChat report example https://github.com/opsway/chef-hipchat
  34. 34. Chef Server reports
  35. 35. Debugging with Chef sudo chef-client -ldebug -Fdoc sudo chef-client --why-run sudo chef-client -o recipe['apache2::mod_dav']
  36. 36. 'puts driven development' Chef::log.info("Your message") log("Your message to put it simple") abort
  37. 37. chef-shell # chef-shell -z chef> run_chef chef> chef_run.skip_back 40 chef> chef_run.step chef> node['apache']['dir']
  38. 38. Pry - installation ● Run on node: /opt/chef/embedded/bin/gem install --no-ri --no-rdoc pry pry-nav pry-doc ● Insert into webserver/recipes/default.rb require 'pry'; binding.pry copy/paste from http://goo.gl/6sEYT5
  39. 39. pry # chef-client pry> ls node pry> ls node.name pry> ls node.default pry> ls node.normal pry> step pry> next pry > continue
  40. 40. Chef-testing ● Semantic testing → Foodcritics ● Unit testing → ChefSpec ● Integration testing → with ChefZero – Test Kitchen –
  41. 41. Foodcritic lint gem install foodcritic --no-ri --no-rdoc cd CHEF_REPO foodcritic cookbooks/webserver .. see http://acrmp.github.io/foodcritic/
  42. 42. More rules cd CHEF_REPO git clone git://github.com/custominkwebops/foodcritic-rules.git foodcritic/customink git clone git://github.com/etsy/foodcriticrules.git foodcritic/etsy foodcritic -I foodcritic/* cookbooks/webserver copy/paste from http://goo.gl/6sEYT5
  43. 43. Functional spec example from PagerDuty http://goo.gl/9k5Fj2

×