The document introduces Spiceweasel, a tool for converting YAML or JSON configuration files describing infrastructure components like cookbooks, roles, and nodes into Chef knife commands. This allows infrastructure to be defined as code and deployed in a versioned and repeatable way. Key points covered include supported infrastructure components, validation of the configuration, and examples of real-world usage.

1. Spiceweasel:
Your Infrastructure as Code
Table of Contents
Matt Ray
matt@opscode.com
Twitter/IRC/GitHub: mattray

2. Infrastructure as Code

3. Enable the reconstruction of
the business from nothing but
a source code repository,
application data backup and
bare metal resources.

4. That's great but...
how did I get here?

5. Spiceweasel
• Infrastructure deployment manifest
• Converts YAML/JSON to knife
commands
• http://github.com/mattray/
spiceweasel
http://www.flickr.com/photos/mrchippy/443960682/

6. YAML
• Simple
• Easy to read
• Easy to reason
• spiceweasel infrastructure.yml
http://www.flickr.com/photos/mrchippy/443960682/

7. JSON
• Patches welcomed.
• spiceweasel infrastructure.json
http://www.flickr.com/photos/mrchippy/443960682/

8. Cookbooks
knife cookbook upload annoyances
knife cookbook site download apache2
--file cookbooks/apache2.tgz
cookbooks: tar -C cookbooks/ -xf cookbooks/apache2.tgz
- annoyances: rm -f cookbooks/apache2.tgz
- apache2: knife cookbook upload apache2
knife cookbook site download chef-client
- chef-client: 1.1.5 --file cookbooks/chef-client.tgz
- 1.1.5 tar -C cookbooks/ -xf
- java: cookbooks/chef-client.tgz
- mysql: rm -f cookbooks/chef-client.tgz
knife cookbook upload chef-client
- tomcat: knife cookbook upload java
knife cookbook upload mysql
knife cookbook upload tomcat

9. Environments
environments:
- development: knife environment from file development.rb
knife environment from file qa.rb
- qa: knife environment from file preprod.rb
- preprod: knife environment from file production.rb
- production:
http://www.flickr.com/photos/mrchippy/443960682/

10. Roles
roles:
- base: knife role from file base.rb
- glance-single-machine: knife role from file glance-single-machine.rb
knife role from file nova-db.rb
- nova-db: knife role from file nova-multi-compute.rb
- nova-multi-compute: knife role from file nova-multi-controller.rb
- nova-multi-controller: knife role from file nova-rabbitmq-server.rb
knife role from file nova-single-machine.rb
- nova-rabbitmq-server:
- nova-single-machine:
http://www.flickr.com/photos/laenulfean/374398044/
http://www.flickr.com/photos/mrchippy/443960682/

11. Data Bags
data bags:
- users: knife data bag create users
- alice knife data bag from file users alice.json
- bob knife data bag from file users bob.json
knife data bag from file users chuck.json
- chuck knife data bag create data
- data: knife data bag from file data dataA.json
- * knife data bag from file data dataB.json
knife data bag create passwords
- passwords: knife data bag from file passwords
- secret mysql.json --secret-file secret_key
secret_key knife data bag from file passwords
rabbitmq.json --secret-file secret_key
- mysql
- rabbitmq
http://www.flickr.com/photos/mrchippy/443960682/

12. Nodes
nodes:
- ubuntu1-1004.vm ubuntu2-1004.vm ubuntu3-1004.vm:
- role[base],role[tc],role[sample]
- -i ~/.ssh/mray.pem -x ubuntu --sudo
knife bootstrap ubuntu1-1004.vm -i ~/.ssh/mray.pem -x ubuntu --sudo -r
'role[base],role[tc],role[sample]'
knife bootstrap ubuntu2-1004.vm -i ~/.ssh/mray.pem -x ubuntu --sudo -r
'role[base],role[tc],role[sample]'
knife bootstrap ubuntu3-1004.vm -i ~/.ssh/mray.pem -x ubuntu --sudo -r
'role[base],role[tc],role[sample]'
http://www.flickr.com/photos/75659300@N00/2615848530/

13. Nodes: Windows
nodes:
- windows_winrm winboxA:
- role[base],role[sqlserver]
- -x Administrator -P 'super_secret_password'
- windows_ssh winboxB winboxC:
- role[base],role[iis]
- -x Administrator -P 'super_secret_password'
knife bootstrap windows winrm winboxA -x Administrator
-P 'super_secret_password' -r 'role[base],role[sqlserver]'
knife bootstrap windows ssh winboxB -x Administrator -P 'super_secret_password'
-r 'role[base],role[iis]'
knife bootstrap windows ssh winboxC -x Administrator -P 'super_secret_password'
-r 'role[base],role[iis]'
http://www.flickr.com/photos/75659300@N00/2615848530/

14. Nodes: Cloud Providers
nodes:
- ec2 5:
- role[base],role[tc],role[sample]
- -S mray -i ~/.ssh/mray.pem -x ubuntu -I ami-0c6ebd65 -f m1.small
- rackspace 5:
- role[base],role[tc],role[sample]
- --image 114 --flavor 2 -i ~/.ssh/mray.pem
- openstack 5:
- role[base],role[tc],role[sample]
- --image 7 --flavor 2 -x ubuntu -i ~/.ssh/mray.pem
seq 5 | parallel -j 0 -v "knife ec2 server create -S mray -i ~/.ssh/mray.pem
-x ubuntu -I ami-0c6ebd65 -f m1.small -r 'role[base],role[tc],role[sample]'"
seq 5 | parallel -j 0 -v "knife rackspace server create --image 114 --flavor 2
-i ~/.ssh/mray.pem -r 'role[base],role[tc],role[sample]'"
seq 5 | parallel -j 0 -v "knife openstack server create --image 7 --flavor 2
-i ~/.ssh/mray.pem -r 'role[base],role[tc],role[sample]'"
http://www.flickr.com/photos/75659300@N00/2615848530/

15. Validation
• Cookbook versions and their
dependencies exist
• Environment names and referenced
cookbooks are correct
• Role names and referenced roles and
cookbooks are correct
• Data bags parse, secret keys are present
• Node run lists items are correct and their
Environment exists

16. What's the Point?
• Nodes are ephemeral
• Everything we do is in code.
• Everything is checked into
version control.
• Basic roadmap for
deployment.
http://www.flickr.com/photos/mrchippy/443960682/

17. Break it Down
How do we recreate our
infrastructure?
http://www.flickr.com/photos/mrchippy/443960682/

18. Real World Example
• Whiteboard it out
• Break it down into
components
• Comment it all out and start
working
http://www.flickr.com/photos/mrchippy/443960682/

19. Here's the YAML
cookbooks:
- annoyances:
- chef-client:
- java:
- jpackage:
- ntp:
- sudo:
- tomcat:
- users:
- sample:
roles:
- base:
- tc:
- sample:
data bags:
- users:
- mray
nodes:
- ec2 1:
- role[base],role[tc],role[sample]
- -S mray -i ~/.ssh/mray.pem -x ubuntu -G default -I ami-0c6ebd65 -f m1.small
- rackspace 1:
- role[base],role[tc],role[sample]
- --image 114 --flavor 2 -i ~/.ssh/mray.pem
http://www.flickr.com/photos/mrchippy/443960682/

20. Here it is on GitHub
http://www.flickr.com/photos/mrchippy/443960682/

21. Versioned Infrastructure
• Documentation for your
deployment
• Iterate over it
• Stored in version control
• Share with others
http://www.flickr.com/photos/mrchippy/443960682/

22. What's Next?
•Extract from chef-repo
•Extract from Chef Server
•Execute as knife plugin
http://www.flickr.com/photos/mrchippy/443960682/

23. Thanks!
• gem install spiceweasel
• http://github.com/mattray/
spiceweasel
• Twitter/IRC/GitHub: mattray
• matt@opscode.com
http://www.flickr.com/photos/mrchippy/443960682/