Special of the Day
Cookin’ up hybrid clouds with Chef
and the Accenture Cloud Platform
Tom Myers
April 26, 2013
Accenture is using Private Chef as the
management control point for our newly launched
Accenture Cloud Platform.
Copyright © 2013 Accenture All rights reserved. 2
Accenture Cloud Platform
Global footprint
Multiple service providers
Migrating from traditional tools to cloud native
Accenture Cloud Platform Ecosystem
Hybrid Environment
•  Accenture’s Common Hosting Platform
•  Broad Collection of IaaS Providers
- Azure, AWS, OpSource, Terremark…
Geographical Requirements
•  Operating Environment across five continents
•  Soon to be six (how soon will we need Antarctica?)
•  Latency
Transition
•  From Traditional Tools
•  To Cloud-native tools
Balance
•  Platform Agility vs Customer Stability
Provisioning
Traditional
Hardened
Environment
Public/Private
IaaS Cloud
On-premise
and co-lo
“clouds”
Accenture Cloud Platform Ecosystem
Remote Chef Proxy
•  nginx extended to each provider
•  Near file storage
•  Answers several concerns…
Internet Access
•  Client requirements my forbid
•  VPN required
Reduced Cost
•  File transfer
•  Cache
Balance
•  Platform Agility vs Customer Stability
Environments
Production
Test
Public/Private
IaaS Cloud
On-premise
and co-lo
“clouds”
Demo
• VMs
–  Private Chef A (PROD)
–  Private Chef B (TEST)
–  Node One (VM who has been recently provisioned)
• Data Bag Example Usage:
•  Add Local IP (role)
•  Query status data bag
• Environments
–  Transfer (role) from PROD to TEST
–  Rename (data bag) and Transfer (role) back to PROD
Role[bootstrap]
Default
include_recipe "bootstrap::_create_reports_item"
include_recipe "hosts"
include_recipe "chef-client::config"
include_recipe "chef-client::service"
if node.run_list.include?('role[migrate-chef-server]')
include_recipe "bootstrap::migrate_chef_server"
else
include_recipe "bootstrap::core"
end
include_recipe "clone::cleanup_stash"
asgard_report "bootstrap" do
request_type 'bootstrap'
remember true
action :ok
End
Role[bootstrap]
Core
case node['platform_family']
when "windows"
include_recipe "bootstrap::windows"
when "rhel"
include_recipe "bootstrap::redhat"
end
include_recipe "bootstrap::options"
include_recipe "manage-users"
include_recipe "manage-networks"
include_recipe "manage-storage"
include_recipe "commands"
Role[bootstrap]
Options
node['bootstrap']['options'].each do |option|
include_recipe "#{option}::install"
recipe_name = option_enabled?(option) ? 'enable' : 'disable'
include_recipe "#{option}::#{recipe_name}"
End
(Attributes)
default['bootstrap']['options'] = %w(patching zenoss-monitoring)
Data Bags
• Provide common interface for back-end systems
–  Back-end processing
•  Write node-specific data
•  Assign role to run list (if needed)
•  Poll Reports data bag for results
–  Node processing
•  Remove node-specific data
•  Write result to Reports data bag
• Knife plug-in to support operations tasks
• Easy clean-up
Change Server Cookbook
Default
require 'fileutils'
# Everything runs in compile time. Will preempt any other recipes.
# never run this recipe twice
node.run_list.delete("role[change-server]")
node.run_list << 'role[change-server-done]'
node.save
# timestamp for backup/restore
timestamp = Time.now.strftime("%Y%m%d.%H%M%S")
hosts_file_path = node[:hosts][:config]
node_name = Chef::Config[:node_name]
rename_lists = data_bag('rename_nodes')
rename_lists.each do |list_name|
rename_list = data_bag_item('rename_nodes', list_name).raw_data
node_name = rename[node_name] || node_name
end
Change Server Cookbook
# config parameters
conf_dir = node['chef_client']['conf_dir']
client_rb_path = File.join(conf_dir, 'client.rb')
validation_pem_path = File.join(conf_dir, 'validation.pem')
client_pem_path = File.join(conf_dir, 'client.pem')
attributes_json_path = File.join(conf_dir, 'change-server-attributes.json')
backup(hosts_file_path, timestamp, true)
backup(client_rb_path, timestamp)
backup(validation_pem_path, timestamp)
backup(client_pem_path, timestamp)
delete_hostsfile_entries(node)
create_child_chef_configuration(node, conf_dir, client_rb_path, validation_pem_path,
client_pem_path, attributes_json_path)
run_child_chef(node, client_rb_path, attributes_json_path, node_name)
Change Server Cookbook
if File.exists?(client_pem_path)
log_success
node.name(node_name)
reload_chef_client_config(node)
# delete change-server-done from NEW server
node.run_list.delete('role[change-server-done]')
node.save
else
log_failure(client_rb_path, validation_pem_path, attributes_json_path)
restore(hosts_file_path, timestamp)
restore(client_rb_path, timestamp)
restore(validation_pem_path, timestamp)
restore(client_pem_path, timestamp)
# delete change-server-done from OLD server
node.run_list.delete('role[change-server-done]')
node.save
end
Other Interesting Ideas
Side by Side Chef (today)
•  Allow existing chef-using clients to continue use of open-source chef
without interruption until on-boarding process is available.
Shared Org Cookbooks (coming soon)
•  Allow organizations to share (read-only) cookbooks, enabling the
inherent separation between orgs while allowing for a shared baseline
of cookbooks.
Handlers as Alerts (coming soon)
•  Use handlers to alert our back-end systems to provide and alternative
to polling mechanisms.
Web Service Knife Wrapper (coming soon)
•  Consume the ability for knife to bootstrap a newly provisioned server
without requiring any modification to the default provider image via a
web service call from our back-end systems.
16Copyright © 2013 Accenture All rights reserved.
Questions?

Cookin’ up Hybrid Clouds: Chef and the Accenture Cloud Platform

  • 1.
    Special of theDay Cookin’ up hybrid clouds with Chef and the Accenture Cloud Platform Tom Myers April 26, 2013 Accenture is using Private Chef as the management control point for our newly launched Accenture Cloud Platform.
  • 2.
    Copyright © 2013Accenture All rights reserved. 2 Accenture Cloud Platform Global footprint Multiple service providers Migrating from traditional tools to cloud native
  • 3.
    Accenture Cloud PlatformEcosystem Hybrid Environment •  Accenture’s Common Hosting Platform •  Broad Collection of IaaS Providers - Azure, AWS, OpSource, Terremark… Geographical Requirements •  Operating Environment across five continents •  Soon to be six (how soon will we need Antarctica?) •  Latency Transition •  From Traditional Tools •  To Cloud-native tools Balance •  Platform Agility vs Customer Stability
  • 4.
  • 5.
    Accenture Cloud PlatformEcosystem Remote Chef Proxy •  nginx extended to each provider •  Near file storage •  Answers several concerns… Internet Access •  Client requirements my forbid •  VPN required Reduced Cost •  File transfer •  Cache Balance •  Platform Agility vs Customer Stability
  • 6.
  • 7.
    Demo • VMs –  Private ChefA (PROD) –  Private Chef B (TEST) –  Node One (VM who has been recently provisioned) • Data Bag Example Usage: •  Add Local IP (role) •  Query status data bag • Environments –  Transfer (role) from PROD to TEST –  Rename (data bag) and Transfer (role) back to PROD
  • 8.
    Role[bootstrap] Default include_recipe "bootstrap::_create_reports_item" include_recipe "hosts" include_recipe"chef-client::config" include_recipe "chef-client::service" if node.run_list.include?('role[migrate-chef-server]') include_recipe "bootstrap::migrate_chef_server" else include_recipe "bootstrap::core" end include_recipe "clone::cleanup_stash" asgard_report "bootstrap" do request_type 'bootstrap' remember true action :ok End
  • 9.
    Role[bootstrap] Core case node['platform_family'] when "windows" include_recipe"bootstrap::windows" when "rhel" include_recipe "bootstrap::redhat" end include_recipe "bootstrap::options" include_recipe "manage-users" include_recipe "manage-networks" include_recipe "manage-storage" include_recipe "commands"
  • 10.
    Role[bootstrap] Options node['bootstrap']['options'].each do |option| include_recipe"#{option}::install" recipe_name = option_enabled?(option) ? 'enable' : 'disable' include_recipe "#{option}::#{recipe_name}" End (Attributes) default['bootstrap']['options'] = %w(patching zenoss-monitoring)
  • 11.
    Data Bags • Provide commoninterface for back-end systems –  Back-end processing •  Write node-specific data •  Assign role to run list (if needed) •  Poll Reports data bag for results –  Node processing •  Remove node-specific data •  Write result to Reports data bag • Knife plug-in to support operations tasks • Easy clean-up
  • 12.
    Change Server Cookbook Default require'fileutils' # Everything runs in compile time. Will preempt any other recipes. # never run this recipe twice node.run_list.delete("role[change-server]") node.run_list << 'role[change-server-done]' node.save # timestamp for backup/restore timestamp = Time.now.strftime("%Y%m%d.%H%M%S") hosts_file_path = node[:hosts][:config] node_name = Chef::Config[:node_name] rename_lists = data_bag('rename_nodes') rename_lists.each do |list_name| rename_list = data_bag_item('rename_nodes', list_name).raw_data node_name = rename[node_name] || node_name end
  • 13.
    Change Server Cookbook #config parameters conf_dir = node['chef_client']['conf_dir'] client_rb_path = File.join(conf_dir, 'client.rb') validation_pem_path = File.join(conf_dir, 'validation.pem') client_pem_path = File.join(conf_dir, 'client.pem') attributes_json_path = File.join(conf_dir, 'change-server-attributes.json') backup(hosts_file_path, timestamp, true) backup(client_rb_path, timestamp) backup(validation_pem_path, timestamp) backup(client_pem_path, timestamp) delete_hostsfile_entries(node) create_child_chef_configuration(node, conf_dir, client_rb_path, validation_pem_path, client_pem_path, attributes_json_path) run_child_chef(node, client_rb_path, attributes_json_path, node_name)
  • 14.
    Change Server Cookbook ifFile.exists?(client_pem_path) log_success node.name(node_name) reload_chef_client_config(node) # delete change-server-done from NEW server node.run_list.delete('role[change-server-done]') node.save else log_failure(client_rb_path, validation_pem_path, attributes_json_path) restore(hosts_file_path, timestamp) restore(client_rb_path, timestamp) restore(validation_pem_path, timestamp) restore(client_pem_path, timestamp) # delete change-server-done from OLD server node.run_list.delete('role[change-server-done]') node.save end
  • 15.
    Other Interesting Ideas Sideby Side Chef (today) •  Allow existing chef-using clients to continue use of open-source chef without interruption until on-boarding process is available. Shared Org Cookbooks (coming soon) •  Allow organizations to share (read-only) cookbooks, enabling the inherent separation between orgs while allowing for a shared baseline of cookbooks. Handlers as Alerts (coming soon) •  Use handlers to alert our back-end systems to provide and alternative to polling mechanisms. Web Service Knife Wrapper (coming soon) •  Consume the ability for knife to bootstrap a newly provisioned server without requiring any modification to the default provider image via a web service call from our back-end systems.
  • 16.
    16Copyright © 2013Accenture All rights reserved. Questions?