Accenture is employing the Private Chef management tool for its newly launched Accenture Cloud Platform, facilitating a hybrid cloud ecosystem with various IaaS providers. The document outlines the platform's global footprint, provisioning environments using Chef, and specific technical roles and recipes for managing node configurations. It also hints at future improvements, including features for better integration and collaboration within cloud environments.

1. Special of the Day
Cookin’ up hybrid clouds with Chef
and the Accenture Cloud Platform
Tom Myers
April 26, 2013
Accenture is using Private Chef as the
management control point for our newly launched
Accenture Cloud Platform.

2. Copyright © 2013 Accenture All rights reserved. 2
Accenture Cloud Platform
Global footprint
Multiple service providers
Migrating from traditional tools to cloud native

3. Accenture Cloud Platform Ecosystem
Hybrid Environment
• Accenture’s Common Hosting Platform
• Broad Collection of IaaS Providers
- Azure, AWS, OpSource, Terremark…
Geographical Requirements
• Operating Environment across five continents
• Soon to be six (how soon will we need Antarctica?)
• Latency
Transition
• From Traditional Tools
• To Cloud-native tools
Balance
• Platform Agility vs Customer Stability

4. Provisioning
Traditional
Hardened
Environment
Public/Private
IaaS Cloud
On-premise
and co-lo
“clouds”

5. Accenture Cloud Platform Ecosystem
Remote Chef Proxy
• nginx extended to each provider
• Near file storage
• Answers several concerns…
Internet Access
• Client requirements my forbid
• VPN required
Reduced Cost
• File transfer
• Cache
Balance
• Platform Agility vs Customer Stability

6. Environments
Production
Test
Public/Private
IaaS Cloud
On-premise
and co-lo
“clouds”

7. Demo
• VMs
– Private Chef A (PROD)
– Private Chef B (TEST)
– Node One (VM who has been recently provisioned)
• Data Bag Example Usage:
• Add Local IP (role)
• Query status data bag
• Environments
– Transfer (role) from PROD to TEST
– Rename (data bag) and Transfer (role) back to PROD

8. Role[bootstrap]
Default
include_recipe "bootstrap::_create_reports_item"
include_recipe "hosts"
include_recipe "chef-client::config"
include_recipe "chef-client::service"
if node.run_list.include?('role[migrate-chef-server]')
include_recipe "bootstrap::migrate_chef_server"
else
include_recipe "bootstrap::core"
end
include_recipe "clone::cleanup_stash"
asgard_report "bootstrap" do
request_type 'bootstrap'
remember true
action :ok
End

9. Role[bootstrap]
Core
case node['platform_family']
when "windows"
include_recipe "bootstrap::windows"
when "rhel"
include_recipe "bootstrap::redhat"
end
include_recipe "bootstrap::options"
include_recipe "manage-users"
include_recipe "manage-networks"
include_recipe "manage-storage"
include_recipe "commands"

10. Role[bootstrap]
Options
node['bootstrap']['options'].each do |option|
include_recipe "#{option}::install"
recipe_name = option_enabled?(option) ? 'enable' : 'disable'
include_recipe "#{option}::#{recipe_name}"
End
(Attributes)
default['bootstrap']['options'] = %w(patching zenoss-monitoring)

11. Data Bags
• Provide common interface for back-end systems
– Back-end processing
• Write node-specific data
• Assign role to run list (if needed)
• Poll Reports data bag for results
– Node processing
• Remove node-specific data
• Write result to Reports data bag
• Knife plug-in to support operations tasks
• Easy clean-up

12. Change Server Cookbook
Default
require 'fileutils'
# Everything runs in compile time. Will preempt any other recipes.
# never run this recipe twice
node.run_list.delete("role[change-server]")
node.run_list << 'role[change-server-done]'
node.save
# timestamp for backup/restore
timestamp = Time.now.strftime("%Y%m%d.%H%M%S")
hosts_file_path = node[:hosts][:config]
node_name = Chef::Config[:node_name]
rename_lists = data_bag('rename_nodes')
rename_lists.each do |list_name|
rename_list = data_bag_item('rename_nodes', list_name).raw_data
node_name = rename[node_name] || node_name
end

13. Change Server Cookbook
# config parameters
conf_dir = node['chef_client']['conf_dir']
client_rb_path = File.join(conf_dir, 'client.rb')
validation_pem_path = File.join(conf_dir, 'validation.pem')
client_pem_path = File.join(conf_dir, 'client.pem')
attributes_json_path = File.join(conf_dir, 'change-server-attributes.json')
backup(hosts_file_path, timestamp, true)
backup(client_rb_path, timestamp)
backup(validation_pem_path, timestamp)
backup(client_pem_path, timestamp)
delete_hostsfile_entries(node)
create_child_chef_configuration(node, conf_dir, client_rb_path, validation_pem_path,
client_pem_path, attributes_json_path)
run_child_chef(node, client_rb_path, attributes_json_path, node_name)

14. Change Server Cookbook
if File.exists?(client_pem_path)
log_success
node.name(node_name)
reload_chef_client_config(node)
# delete change-server-done from NEW server
node.run_list.delete('role[change-server-done]')
node.save
else
log_failure(client_rb_path, validation_pem_path, attributes_json_path)
restore(hosts_file_path, timestamp)
restore(client_rb_path, timestamp)
restore(validation_pem_path, timestamp)
restore(client_pem_path, timestamp)
# delete change-server-done from OLD server
node.run_list.delete('role[change-server-done]')
node.save
end

15. Other Interesting Ideas
Side by Side Chef (today)
• Allow existing chef-using clients to continue use of open-source chef
without interruption until on-boarding process is available.
Shared Org Cookbooks (coming soon)
• Allow organizations to share (read-only) cookbooks, enabling the
inherent separation between orgs while allowing for a shared baseline
of cookbooks.
Handlers as Alerts (coming soon)
• Use handlers to alert our back-end systems to provide and alternative
to polling mechanisms.
Web Service Knife Wrapper (coming soon)
• Consume the ability for knife to bootstrap a newly provisioned server
without requiring any modification to the default provider image via a
web service call from our back-end systems.

16. 16Copyright © 2013 Accenture All rights reserved.
Questions?