The document outlines various practices and configurations for deploying applications using Chef, including strategies for pull deployment versus push deployment, handling environments, and utilizing resources like Berkshelf and Vagrant. It emphasizes the importance of maintaining stable live servers while handling branching and version control through Git, alongside configurations for server setups. Additionally, it discusses tools for debugging and testing Chef code, emphasizing best practices for both development and production environments.

1. Начала DevOps: Opscode Chef
Day 4
Andriy Samilyak
samilyak@gmail.com
skype: samilyaka

2. Goals
●
Pull deployment with Chef
●
Environments
●
More about Berkshelf+Vagrant way
●
Chef in real live - base_server
●
Exception/Report handlers
●
Debugging with Chef
●
Testing with Chef

3. Deployment strategies
PULL vs PUSH

4. Pull deployment with Chef
# http://community.opscode.com/cookbooks/application
application "my_app" do
path "/var/www"
repository "git://github.com/werdan/hpmor.git"
end
copy/paste from http://goo.gl/6sEYT5

5. Deployment with Chef - Plan
●
Application cookbook
(Berksfile/metadata.rb)
●
Application resource in default.rb
●
git installation
●
docroot correction

6. Capistrano way
●
●
●
●
Check your /var/www after chef-client run
/var/www/current is a symlink to one of
releases
/var/www/releases contains code
releases
/var/www/shared – anything that is not
kept in repository

7. Example of solution
webserver/attributes/default.rb:
default['apache']['docroot_dir'] = "/var/www/current"
webserver/recipes/default.rb:
package "git"
application "my_app" do
path "/var/www"
repository "https://github.com/werdan/hpmor.git"
end

8. Git flow
●
New release is ready for deployement
●
It is in 'develop' branch
●
●
Our current server is going to be now QA
testing
We should maintain the second server
(LIVE) with master branch deployed

9. Branch deployment with Chef
application "my_app" do
path "/var/www"
repository "git://github.com/werdan/hpmor.git"
revision 'your_branch' # specified with attribute
end

10. Environments
LIVE server
run_list: role[node]
recipes: recipe[webserver]
git_branch: master
DEV server
run_list: role[node]
recipes: recipe[webserver]
git_branch: develop

11. Attribute precedence
From: http://docs.opscode.com/essentials_cookbook_attribute_files.html

12. Environments
●
environments/production.rb
name "production"
default_attributes 'webserver' => {
'revision' => 'master'
}
●
environments/development.rb
name "development"
default_attributes 'webserver' => {
'revision' => 'develop'
}

13. Default attribute value
●
webserver/attributes/default.rb
default['webserver']['revision'] = 'master'

14. Environments: knife
knife environment from file production.rb
knife environment from file
development.rb
knife environment list
knife environment show production

15. Configuring DEV server
●
set environment to 'development'
> knife node edit your_node
> Chef Server GUI
●
●
run chef-client
check result in browser (is it in English
now?)

16. Branch deployment with Chef
application "my_app" do
path "/var/www"
repository "git://github.com/werdan/hpmor.git"
revision 'your_branch' # specified with attribute
end

17. Another PCI DSS failure
Go to http://YOUR_NODE_ADDRESS/icons/

18. Apache configuration patch
<Directory /usr/share/apache2/icons>
Options -Indexes
</Directory>
copy/paste from http://goo.gl/6sEYT5

19. Environments
LIVE server
run_list: role[node]
recipes: recipe[webserver]
templates: no patch
DEV server
run_list: role[node]
recipes: recipe[webserver]
templates: with patch!

20. We have to keep LIVE stable!
●
●
●
environments/production.rb
cookbook "webserver", "= 0.1.0"
webserver/metadata.rb
version '0.1.1'
upload cookbook
●
upload production environment
●
knife cookbook show webserver

21. Better Berksfile strategy
cookbook 'apache2'
cookbook 'htpasswd', git: ….
cookbook 'application'
cookbook 'webserver', path: 'cookbooks/webserver'
●
berks install
●
berks upload

22. Frozen cookbooks
●
Try now
knife cookbook upload webserver
knife cookbook show webserver 0.1.1
> frozen?: true
●
●
berks update && berks upload → no
changes
knife cookbook upload webserver --force

23. Vagrant provision
Real demonstration now – hold your breath!

24. Vagrant provision
chef-repo/Vagrantfile
Vagrant.configure("2") do |config|
config.vm.hostname = "webserver"
config.vm.box = "webserver"
config.vm.box_url =
"http://grahamc.com/vagrant/ubuntu-12.04-omnibus-chef.box"
config.vm.network :public_network
config.berkshelf.berksfile_path = "Berksfile"
config.berkshelf.enabled = true
config.vm.provision :chef_solo do |chef|
chef.run_list = [
]
chef.data_bags_path = "data_bags"
chef.roles_path = "roles"
chef.add_role("node")
chef.environments_path = "environments"
chef.environment = 'production'
end
end

25. Vagrant provision - chef-solo
●
No API (no databag search , for instance)
●
No cookbook version pin in environment
●
No persistent attributes (normal[..][..])

26. Cookbook hierarchy

27. base_server
●
●
●
Create new cookbook with Berks
cd cookbooks
berks cookbook base_server
Add base_server to Berskfile
Include dependences on
apt, ntp, chef-client, cron, openssh
●
Include base_server to role[node] run_list

28. Recipes to include
base_server/recipes/default.rb
include_recipe "chef-client"
include_recipe "chef-client::delete_validation"
include_recipe "chef-client::config"
include_recipe "ntp"
include_recipe "cron"
include_recipe "apt"
include_recipe "openssh"
●
Bump minor cookbook version of 'base_server'
copy/paste from http://goo.gl/6sEYT5

29. base_server configuration
default[:openssh][:server][:password_authentication] = 'no'
default[:openssh][:server][:allow_agent_forwarding] = 'yes'
default[:openssh][:server][:allow_tcp_forwarding] = 'no'
default[:openssh][:server][:use_dns] = 'no'
copy/paste from http://goo.gl/6sEYT5

30. chef_client
On node: ps ajx | grep chef-client
On workstation: knife status
NB! It is a good idea to establish internal procedure
to check knife status on regular basis

31. chef_restart
include_recipe "cron"
cron "Chef: Node-specific cronjobs: chef-client-restart" do
minute "#{node[:chef_restart_minute] ||= rand(59)}"
hour "#{node[:chef_restart_hour] ||= rand(23)}"
day "*"
month "*"
weekday "*"
command "ps ax | grep -q [c]hef-client &&
sleep $(( $RANDOM % 1800 )) &&
invoke-rc.d chef-client restart >/dev/null 2>&1"
user "root"
end

32. Exception handlers
●
Report about any exceptions in chef run
●
Many community handlers are available:
–
Airbrake
–
Email
–
Syslog
–
Graphite
–
HipChat

33. HipChat report example
https://github.com/opsway/chef-hipchat

34. Chef Server reports

35. Debugging with Chef
sudo chef-client -ldebug -Fdoc
sudo chef-client --why-run
sudo chef-client -o recipe['apache2::mod_dav']

36. 'puts driven development'
Chef::log.info("Your message")
log("Your message to put it simple")
abort

37. chef-shell
# chef-shell -z
chef> run_chef
chef> chef_run.skip_back 40
chef> chef_run.step
chef> node['apache']['dir']

38. Pry - installation
●
Run on node:
/opt/chef/embedded/bin/gem install --no-ri
--no-rdoc pry pry-nav pry-doc
●
Insert into webserver/recipes/default.rb
require 'pry';
binding.pry
copy/paste from http://goo.gl/6sEYT5

39. pry
# chef-client
pry> ls node
pry> ls node.name
pry> ls node.default
pry> ls node.normal
pry> step
pry> next
pry > continue

40. Chef-testing
●
Semantic testing → Foodcritics
●
Unit testing → ChefSpec
●
Integration testing →
with ChefZero
– Test Kitchen
–

41. Foodcritic lint
gem install foodcritic --no-ri --no-rdoc
cd CHEF_REPO
foodcritic cookbooks/webserver
.. see http://acrmp.github.io/foodcritic/

42. More rules
cd CHEF_REPO
git clone git://github.com/custominkwebops/foodcritic-rules.git foodcritic/customink
git clone git://github.com/etsy/foodcriticrules.git foodcritic/etsy
foodcritic -I foodcritic/* cookbooks/webserver
copy/paste from http://goo.gl/6sEYT5

43. Functional spec example from
PagerDuty
http://goo.gl/9k5Fj2