Chef is an open source configuration management tool that allows automation of infrastructure through code. It uses a "client-server" model where Chef clients on nodes connect to a Chef server to check their configuration state and apply any changes needed to ensure they match their defined state. Chef models infrastructure as "nodes" that can be configured through reusable "roles" and "recipes" made up of declarative "resources" that define what state a node or its components should be in. This allows automated deployment and management of servers through an infrastructure-as-code approach.

1. Automated Deployment
of OpenStack with Chef
Texas Linux Fest
April 2, 2011
1

2. Introductions
Matt Ray
Senior Technical Evangelist
matt@opscode.com
@mattray
GitHub:mattray
2

3. What is OpenStack?
3

4. Founders
operate at
massive scale
NASA
4

5. OpenStack: The Mission
"To produce the ubiquitous Open
Source cloud computing platform
that will meet the needs of public
and private cloud providers
regardless of size, by being simple to
implement and massively scalable."
5

6. OpenStack Founding Principles
Apache 2.0 license (OSI), open development process
Open design process, 2x year public Design
Summits
Publicly available open source code repositories
Open community processes documented and
transparent
Commitment to drive and adopt open standards
Modular design for deployment flexibility via APIs
6

7. Community with Broad Support
7

8. Software to provision virtual machines on
standard hardware at massive scale
OpenStack Compute
creating open source software
to build public and private
clouds
Software to reliably store billions of objects
distributed across standard hardware
OpenStack
Object Storage
8

9. OpenStack Compute Key Features
ReST-based API
Asynchronous
eventually consistent
communication
Horizontally and
massively scalable
Hypervisor agnostic:
support for Xen ,XenServer, Hyper-V,
KVM, UML and ESX is coming
Hardware agnostic:
standard hardware, RAID not required
9

10. User Manager
Cloud Controller: Global state of
system, talks to LDAP, OpenStack
Object Storage, and node/storage
workers through a queue
ATAoE / iSCSI
API: Receives HTTP requests,
converts commands to/from API
format, and sends requests to cloud
controller
Host Machines: workers
that spawn instances
Glance: HTTP + OpenStack Object
OpenStack Compute Storage for server images
10

11. Hardware Requirements
OpenStack is designed to run on industry
standard hardware, with flexible configurations
Compute
x86 Server (Hardware Virt. recommended)
Storage flexible (Local, SAN, NAS)
Object Storage
x86 Server (other architectures possible)
Do not deploy with RAID (can use controller for cache)
11

12. Why is OpenStack important?
Open eliminates vendor lock-in
Working together, we all go faster
Freedom to federate, or move
between clouds
12

13. What is Chef?
13

14. Chef enables Infrastructure as Code
Manage configuration as idempotent
Resources.
Put them together in Recipes.
Track it like Source Code.
Configure your servers.
14

15. At a High Level
Library for configuration management
Configuration management system
Systems integration platform
API for your entire Infrastructure
15

16. Fully automated
Infrastructure
16

17. Principles
Idempotent
Data-driven
Sane defaults
Hackability
TMTOWTDI
17

18. Open Source and Community
Apache 2 licensed
Large and active community
Over 300 individual contributors
(60+ corporate)
Community is Important!
18

19. 19

20. How does it Work?
20

21. How does it Work?
Miracles!
21

22. How does it Work?
Miracles!
(no really)
22

23. Chef Client runs on
your System
23

24. Chef Client runs on
your System
ohai!
24

25. Clients talk to the
Chef Server
25

26. The Opscode Platform
is a hosted Chef Server
26

27. We call each system
you configure a
Node
27

28. Nodes have Attributes
{
"kernel": {
"machine": "x86_64",
"name": "Darwin",
Kernel info!
"os": "Darwin",
"version": "Darwin Kernel Version 10.4.0: Fri Apr 23 18:28:53 PDT 2010;
root:xnu-1504.7.4~1/RELEASE_I386",
},
"release": "10.4.0" Platform info!
"platform_version": "10.6.4",
"platform": "mac_os_x",
"platform_build": "10F569",
"domain": "local",
"os": "darwin",
"current_user": "mray",
"ohai_time": 1278602661.60043,
"os_version": "10.4.0",
Hostname and IP!
"uptime": "18 days 17 hours 49 minutes 18 seconds",
"ipaddress": "10.13.37.116",
"hostname": "morbo",
"fqdn": "morbomorbo.local",
"uptime_seconds": 1619358
}
28

29. Nodes have a Run List
What Roles and Recipes
to Apply in Order
29

30. Nodes have Roles
webserver, database, monitoring, etc.
30

31. Roles have a Run List
What Roles and Recipes
to Apply in Order
31

32. name "webserver"
description "Systems that serve HTTP traffic"
run_list(
"role[base]",
"recipe[apache2]",
"recipe[apache2::mod_ssl]"
)
default_attributes(
"apache" => {
"listen_ports" => [ "80", "443" ]
}
)
override_attributes(
"apache" => {
"max_children" => "50"
}
)
32
32

33. name "webserver"
description "Systems that serve HTTP traffic"
run_list(
"role[base]",
Can include
"recipe[apache2]", other roles!
"recipe[apache2::mod_ssl]"
)
default_attributes(
"apache" => {
"listen_ports" => [ "80", "443" ]
}
)
override_attributes(
"apache" => {
"max_children" => "50"
}
)
32
32

34. Chef manages
Resources on Nodes
33

35. Resources
Declare a description of the state a part of the node should be in
34

36. Resources
package "apache2" do
version "2.2.11-2ubuntu2.6"
action :install
end
template "/etc/apache2/apache2.conf" do
source "apache2.conf.erb"
owner "root"
group "root"
mode 0644
action :create
end
Declare a description of the state a part of the node should be in
34

37. Resources
‣ Have a type package "apache2" do
version "2.2.11-2ubuntu2.6"
action :install
end
template "/etc/apache2/apache2.conf" do
source "apache2.conf.erb"
owner "root"
group "root"
mode 0644
action :create
end
Declare a description of the state a part of the node should be in
34

38. Resources
‣ Have a type package "apache2" do
version "2.2.11-2ubuntu2.6"
action :install
‣ Have a name end
template "/etc/apache2/apache2.conf" do
source "apache2.conf.erb"
owner "root"
group "root"
mode 0644
action :create
end
Declare a description of the state a part of the node should be in
34

39. Resources
‣ Have a type package "apache2" do
version "2.2.11-2ubuntu2.6"
action :install
‣ Have a name end
template "/etc/apache2/apache2.conf" do
‣ Have parameters source "apache2.conf.erb"
owner "root"
group "root"
mode 0644
action :create
end
Declare a description of the state a part of the node should be in
34

40. Resources
‣ Have a type package "apache2" do
version "2.2.11-2ubuntu2.6"
action :install
‣ Have a name end
template "/etc/apache2/apache2.conf" do
‣ Have parameters source "apache2.conf.erb"
owner "root"
‣ Take action to put the group "root"
mode 0644
resource in the action :create
declared state end
Declare a description of the state a part of the node should be in
34

41. Resources take action
through Providers
35

42. Recipes are lists of
Resources
36

43. Recipes
1
package "apache2" do
version "2.2.11-2ubuntu2.6"
action :install
end
Evaluate and apply template "/etc/apache2/apache2.conf" do
Resources in the order source "apache2.conf.erb"
owner "root"
they appear group "root"
mode 0644
action :create2
end
37

44. Order Matters
38

45. Recipes are just Ruby!
extra_packages = case node[:platform]
when "ubuntu","debian"
%w{
ruby1.8
ruby1.8-dev
rdoc1.8
ri1.8
libopenssl-ruby
}
end
extra_packages.each do |pkg|
package pkg do
action :install
end
end
39

46. Cookbooks are
packages for Recipes
40

47. Cookbooks
Distributable, shareable
comunity.opscode.com
Infrastructure as Code
Versioned
Hundreds
41

48. Cookbooks
Recipes
Files
Templates
Attributes
Metadata
42

49. Data bags store
arbitrary data
43

50. A user data bag item...
% knife data bag show users mray
{
"comment": "Matt Ray",
"groups": "sysadmin",
"ssh_keys": "ssh-rsa SUPERSEKRATS mray@morbo",
"files": {
".bashrc": {
"mode": "0644",
"source": "dot-bashrc"
},
".emacs": {
"mode": "0644",
"source": "dot-emacs"
}
},
"id": "mray",
"uid": 7004,
"shell": "/usr/bin/bash"
}
44

51. Environments manage
versioned infrastructure
45

52. Command-line API
utility, Knife
http://www.flickr.com/photos/myklroventine/3474391066/
Copyright © 2011 Opscode, Inc - All Rights Reserved 46
46

53. Search
$ knife search node 'platform:ubuntu'
‣ CLI or in Ruby
search(:node, ‘platform:centos’)
‣ Nodes are searchable $ knife search role 'max_children:50'
‣ Roles are searchable search(:role, ‘max_children:50’)
‣ Recipes are $ knife search node ‘role:webserver’
searchable search(:node, ‘role:webserver’)
‣ Data bags are $ knife users ‘shell:/bin/bash’
searchable search (:users, ‘group:sysadmins’)
47

54. 48

55. HOW TO: Turn Racks of
Standard Hardware Into a
Cloud with OpenStack
49

56. What Works Today?
50

57. Compute (Nova)
Single machine installation
‣ Role: nova-single-machine
‣ MySQL, RabbitMQ
‣ Nova-(api|scheduler|network|objectstore|compute)
Multi-machine
‣ Role: nova-multi-controller (1)
‣ Role: nova-multi-compute (N)
51

58. Role: nova-single-machine
name "nova-single-machine-install"
description "Installs everything required to run Nova on a single
machine"
run_list(
"role[nova-multi-controller]",
"role[nova-multi-compute]"
)
52

59. Role: nova-multi-controller
name "nova-multi-controller"
description "Installs requirements to run the Controller node in a
Nova cluster"
run_list(
"role[nova-support-server]",
"role[nova-head]",
"role[nova-cloud-controller]",
"role[nova-super-user-setup]"
)
53

60. Role: nova-multi-compute
name "nova-multi-compute"
description "Installs requirements to run a Compute node in a Nova
cluster"
run_list(
"recipe[nova::compute]"
)
54

61. What does this look like?
55

62. Crowbar
‣ Codename for the OpenStack
installer from Dell
‣ Dell is releasing this under the
Apache 2 license
‣ Extension of the Chef server
‣ Jointly developed by Dell,
Rackspace and Opscode
56

63. Crowbar - What does it Do?
‣ Crowbar is a PXE state machine
‣ starts with bare metal hardware
‣ manages and configures BIOS
and network settings
‣ network boot and installation
‣ nodes are configured with Chef
‣ deploys OpenStack, could be
used for anything
57

64. OpenStack Installation
‣ Cookbooks uploaded $
$
knife cookbook upload -a
knife cookbook list
$ rake roles
‣ Roles uploaded $ knife role list
$ knife node list
‣ Nodes ready
58

65. AMIs
name "nova-ami-urls"
description "Feed in a list URLs for AMIs to download"
default_attributes(
"nova" => {
"images" =>
["http://192.168.11.7/ubuntu1010-UEC-localuser-image.tar.gz”]
}
)
$ knife role from file roles/nova-ami-urls.rb
‣ Use an existing AMI
‣ Update URL to your own
59

66. Assign the Roles
$ knife node run_list add crushinator.localdomain "role[nova-ami-
urls]"
{
"run_list": [
"role[nova-ami-urls]"
]
}
$ knife node run_list add crushinator.localdomain "role[nova-single-
machine-install]"
{
"run_list": [
"role[nova-ami-urls]"
"role[nova-single-machine-install]",
]
}
60

67. chef-client
mray@ubuntu1010:~$ sudo chef-client
[Fri, 25 Feb 2011 11:52:59 -0800] INFO: Starting Chef Run (Version
0.9.12)
...
[Fri, 25 Feb 2011 11:56:05 -0800] INFO: Chef Run complete in
5.911955 seconds
[Fri, 25 Feb 2011 11:56:05 -0800] INFO: cleaning the checksum cache
[Fri, 25 Feb 2011 11:56:05 -0800] INFO: Running report handlers
[Fri, 25 Feb 2011 11:56:05 -0800] INFO: Report handlers complete
61

68. The Moment of Truth
nova@$ nova-manage service list
nova@$ euca-describe-images
nova@$ euca-run-instances ami-h8wh0j17 -k mykey -t m1.tiny
nova@$ euca-describe-instances
nova@$ ssh -i mykey.priv ubuntu@10.0.0.2
Linux i-00000001 2.6.35-24-virtual #42-Ubuntu SMP Thu Mar 30
05:15:26 UTC 2011 x86_64 GNU/Linux
Ubuntu 10.10
Welcome to Ubuntu!
<SNIP>
See "man sudo_root" for details.
ubuntu@i-00000001:~$
62

69. How Did We Get Here?
63

70. Forked from Anso Labs’ Cookbooks
Bootstrapped by Opscode
Chef Solo/Vagrant installs for Developers
http://github.com/ansolabs/openstack-cookbooks
64

71. Who’s involved
so far?
65

72. What’s Next?
66

73. Nova needed enhancements
Pluggable/Modular Roles
‣ Database
‣ ObjectStore
‣ Network
‣ Virtualization
Swift and Glance integration
67

74. 68

75. Dashboard
69

76. Knife
‣ http://github.com/opscode/knife-openstack
‣ Nova has same API as Amazon
‣ Fog supports OpenStack already
‣ knife openstack server create ‘role
[base]’ -i ami-a403f6xd -f m1.micro -
A “OpenStack instance”
70

77. Object Storage (Swift)
‣ Recipes originated from Anso Labs’ repository
‣ Will be managed with Chef and Crowbar
‣ Included in the ‘bexar’ branch
‣ Untested so far (Cactus will tackle)
71

78. Image Registry (Glance)
‣ Recipes originated from Anso Labs’ repository
‣ Will be managed with Chef and Crowbar
‣ Included in the ‘bexar’ branch
‣ Untested so far (Cactus!)
72

79. Scaling changes how
we deploy OpenStack!
73

80. Deployment Scenarios
‣ Single machine is special case of multi-install
‣ Controller + Compute nodes is a known quantity
for small installations
‣ Nova + Swift + Glance in large installations
‣ Services separated and HA configurations
supported
‣ Documentation and Chef Roles will be the
solution
74

81. Cactus, Diablo, ...
Development continues...
Branches for each stable release
Design Summit later this month
Design Summit in the Fall
75

82. Rackspace Cloud Builders
Commercial support and Training for
OpenStack
‣ Opscode
‣ Dell
‣ Equinix
‣ Cloudscaling
‣ Citrix
76

83. Get Involved!
https://github.com/mattray/openstack-cookbooks/tree/bexar
http://lists.openstack.org
http://lists.opscode.com
#chef on irc.freenode.net
#openstack on irc.freenode.net
matt@opscode.com
jordan@openstack.com
77