Chef training Day4
Upcoming SlideShare
Loading in...5

Chef training Day4



Presentation for Day4 training held by SmartMe

Presentation for Day4 training held by SmartMe



Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds


Upload Details

Uploaded via as OpenOffice

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

Chef training Day4 Chef training Day4 Presentation Transcript

  • Начала DevOps: Opscode Chef Day 4 Andriy Samilyak skype: samilyaka
  • Goals ● Pull deployment with Chef ● Environments ● More about Berkshelf+Vagrant way ● Chef in real live - base_server ● Exception/Report handlers ● Debugging with Chef ● Testing with Chef
  • Deployment strategies PULL vs PUSH
  • Pull deployment with Chef # application "my_app" do path "/var/www" repository "git://" end copy/paste from
  • Deployment with Chef - Plan ● Application cookbook (Berksfile/metadata.rb) ● Application resource in default.rb ● git installation ● docroot correction
  • Capistrano way ● ● ● ● Check your /var/www after chef-client run /var/www/current is a symlink to one of releases /var/www/releases contains code releases /var/www/shared – anything that is not kept in repository
  • Example of solution webserver/attributes/default.rb: default['apache']['docroot_dir'] = "/var/www/current" webserver/recipes/default.rb: package "git" application "my_app" do path "/var/www" repository "" end
  • Git flow ● New release is ready for deployement ● It is in 'develop' branch ● ● Our current server is going to be now QA testing We should maintain the second server (LIVE) with master branch deployed
  • Branch deployment with Chef application "my_app" do path "/var/www" repository "git://" revision 'your_branch' # specified with attribute end
  • Environments LIVE server run_list: role[node] recipes: recipe[webserver] git_branch: master DEV server run_list: role[node] recipes: recipe[webserver] git_branch: develop
  • Attribute precedence From:
  • Environments ● environments/production.rb name "production" default_attributes 'webserver' => { 'revision' => 'master' } ● environments/development.rb name "development" default_attributes 'webserver' => { 'revision' => 'develop' }
  • Default attribute value ● webserver/attributes/default.rb default['webserver']['revision'] = 'master'
  • Environments: knife knife environment from file production.rb knife environment from file development.rb knife environment list knife environment show production
  • Configuring DEV server ● set environment to 'development' > knife node edit your_node > Chef Server GUI ● ● run chef-client check result in browser (is it in English now?)
  • Branch deployment with Chef application "my_app" do path "/var/www" repository "git://" revision 'your_branch' # specified with attribute end
  • Another PCI DSS failure Go to http://YOUR_NODE_ADDRESS/icons/
  • Apache configuration patch <Directory /usr/share/apache2/icons> Options -Indexes </Directory> copy/paste from
  • Environments LIVE server run_list: role[node] recipes: recipe[webserver] templates: no patch DEV server run_list: role[node] recipes: recipe[webserver] templates: with patch!
  • We have to keep LIVE stable! ● ● ● environments/production.rb cookbook "webserver", "= 0.1.0" webserver/metadata.rb version '0.1.1' upload cookbook ● upload production environment ● knife cookbook show webserver
  • Better Berksfile strategy cookbook 'apache2' cookbook 'htpasswd', git: …. cookbook 'application' cookbook 'webserver', path: 'cookbooks/webserver' ● berks install ● berks upload
  • Frozen cookbooks ● Try now knife cookbook upload webserver knife cookbook show webserver 0.1.1 > frozen?: true ● ● berks update && berks upload → no changes knife cookbook upload webserver --force
  • Vagrant provision Real demonstration now – hold your breath!
  • Vagrant provision chef-repo/Vagrantfile Vagrant.configure("2") do |config| config.vm.hostname = "webserver" = "webserver" config.vm.box_url = "" :public_network config.berkshelf.berksfile_path = "Berksfile" config.berkshelf.enabled = true config.vm.provision :chef_solo do |chef| chef.run_list = [ ] chef.data_bags_path = "data_bags" chef.roles_path = "roles" chef.add_role("node") chef.environments_path = "environments" chef.environment = 'production' end end
  • Vagrant provision - chef-solo ● No API (no databag search , for instance) ● No cookbook version pin in environment ● No persistent attributes (normal[..][..])
  • Cookbook hierarchy
  • base_server ● ● ● Create new cookbook with Berks cd cookbooks berks cookbook base_server Add base_server to Berskfile Include dependences on apt, ntp, chef-client, cron, openssh ● Include base_server to role[node] run_list
  • Recipes to include base_server/recipes/default.rb include_recipe "chef-client" include_recipe "chef-client::delete_validation" include_recipe "chef-client::config" include_recipe "ntp" include_recipe "cron" include_recipe "apt" include_recipe "openssh" ● Bump minor cookbook version of 'base_server' copy/paste from
  • base_server configuration default[:openssh][:server][:password_authentication] = 'no' default[:openssh][:server][:allow_agent_forwarding] = 'yes' default[:openssh][:server][:allow_tcp_forwarding] = 'no' default[:openssh][:server][:use_dns] = 'no' copy/paste from
  • chef_client On node: ps ajx | grep chef-client On workstation: knife status NB! It is a good idea to establish internal procedure to check knife status on regular basis
  • chef_restart include_recipe "cron" cron "Chef: Node-specific cronjobs: chef-client-restart" do minute "#{node[:chef_restart_minute] ||= rand(59)}" hour "#{node[:chef_restart_hour] ||= rand(23)}" day "*" month "*" weekday "*" command "ps ax | grep -q [c]hef-client && sleep $(( $RANDOM % 1800 )) && invoke-rc.d chef-client restart >/dev/null 2>&1" user "root" end
  • Exception handlers ● Report about any exceptions in chef run ● Many community handlers are available: – Airbrake – Email – Syslog – Graphite – HipChat
  • HipChat report example
  • Chef Server reports
  • Debugging with Chef sudo chef-client -ldebug -Fdoc sudo chef-client --why-run sudo chef-client -o recipe['apache2::mod_dav']
  • 'puts driven development'"Your message") log("Your message to put it simple") abort
  • chef-shell # chef-shell -z chef> run_chef chef> chef_run.skip_back 40 chef> chef_run.step chef> node['apache']['dir']
  • Pry - installation ● Run on node: /opt/chef/embedded/bin/gem install --no-ri --no-rdoc pry pry-nav pry-doc ● Insert into webserver/recipes/default.rb require 'pry'; binding.pry copy/paste from
  • pry # chef-client pry> ls node pry> ls pry> ls node.default pry> ls node.normal pry> step pry> next pry > continue
  • Chef-testing ● Semantic testing → Foodcritics ● Unit testing → ChefSpec ● Integration testing → with ChefZero – Test Kitchen –
  • Foodcritic lint gem install foodcritic --no-ri --no-rdoc cd CHEF_REPO foodcritic cookbooks/webserver .. see
  • More rules cd CHEF_REPO git clone git:// foodcritic/customink git clone git:// foodcritic/etsy foodcritic -I foodcritic/* cookbooks/webserver copy/paste from
  • Functional spec example from PagerDuty