Using Chef throughout the development process: in local machines, in public clouds, and in private clouds.

1. CHEF IN THE CLOUD AND
ON THE GROUND
Michael T. Nygard
Relevance, Inc.
michael.nygard@thinkrelevance.com @mtnygard
© 2011-2012 Michael T. Nygard, All Rights Reserved.
Thursday, January 12, 12

2. Infrastructure As Code
Thursday, January 12, 12

3. Infrastructure As Code
Chef
Thursday, January 12, 12

4. Infrastructure As Code
Chef
Development Models
Thursday, January 12, 12

5. Infrastructure As Code
Chef
Development Models
Deployment Models
Thursday, January 12, 12

6. Infrastructure as Code
Thursday, January 12, 12

7. Infrastructure as Code
• Desired state
Thursday, January 12, 12

8. Infrastructure as Code
• Desired state
• Transformations to achieve it
Thursday, January 12, 12

9. Infrastructure as Code
• Desired state
• Transformations to achieve it
• As text files
Thursday, January 12, 12

10. Infrastructure as Code
• Desired state
• Transformations to achieve it
• As text files
• In version control
Thursday, January 12, 12

11. Infrastructure as Code
• Desired state
• Transformations to achieve it
• As text files
• In version control
• Testable and reproducible
Thursday, January 12, 12

12. Chef Basics
Cookbook
Cookbook
metadata
1..* * * * *
Resource
Recipe Attribute Template Library
Provider
* *
Resource Ruby Source
Thursday, January 12, 12

13. Cookbook: Git
git
metadata.json
metadata.rb
README.rdoc
recipes
default.rb
server.rb
templates
default
sv-git-daemon-log-run.erb
sv-git-daemon-run.erb
Thursday, January 12, 12

14. Cookbook: Git
metadata.rb
metadata.rb
Thursday, January 12, 12

15. metadata.rb
maintainer "Opscode, Inc."
maintainer_email "cookbooks@opscode.com"
license "Apache 2.0"
description "Installs git and/or set…"
long_description IO.read(File.join(
File.dirname(__FILE__),
'README.rdoc'))
version "0.9.0"
recipe "git", "Installs git"
recipe "git::server",
"Sets up a runit_service for git daemon"
cont…
Thursday, January 12, 12

16. metadata.rb
…
%w{ ubuntu debian arch}.each do |os|
supports os
end
%w{ runit }.each do |cb|
depends cb
end
Thursday, January 12, 12

17. Cookbook: Git
git
metadata.json
metadata.rb
metadata.rb
README.rdoc
recipes
default.rb
server.rb
templates
default
sv-git-daemon-log-run.erb
sv-git-daemon-run.erb
Thursday, January 12, 12

18. Cookbook: Git
git
metadata.json
metadata.rb
README.rdoc
recipes
default.rb
server.rb
templates
default
sv-git-daemon-log-run.erb
sv-git-daemon-run.erb
Thursday, January 12, 12

19. Cookbook: Git
recipes/default.rb
default.rb
Thursday, January 12, 12

20. recipes/default.rb
case node[:platform]
when "debian", "ubuntu"
package "git-core"
else
package "git"
end
Thursday, January 12, 12

21. Cookbook: Git
git
metadata.json
metadata.rb
README.rdoc
recipes
default.rb
recipes/default.rb
server.rb
templates
default
sv-git-daemon-log-run.erb
sv-git-daemon-run.erb
Thursday, January 12, 12

22. Cookbook: Git
recipes/server.rb
server.rb
Thursday, January 12, 12

23. recipes/server.rb
include_recipe "git"
directory "/srv/git" do
owner "root"
group "root"
mode 0755
end
cont…
Thursday, January 12, 12

24. recipes/server.rb
…
case node[:platform]
when "debian", "ubuntu"
include_recipe "runit"
runit_service "git-daemon"
else
log "Platform requires setting up …"
log "Hint: /usr/bin/git daemon --export…"
end
Thursday, January 12, 12

25. Cookbook: Git
git
metadata.json
metadata.rb
README.rdoc
recipes
default.rb
recipes/default.rb
server.rb
templates
default
sv-git-daemon-log-run.erb
sv-git-daemon-run.erb
Thursday, January 12, 12

26. How do cookbooks get
applied to servers ?
Thursday, January 12, 12

27. Runlist Executes On Node
Runlist Recipe or Role
includes
includes
Recipe Role
declares overrides
Resource uses Attribute
Thursday, January 12, 12

28. Example Runlist (from a role file)
name "dev_env_bamboo"
description "Continuous Integration server"
run_list "recipe[aws]", "recipe[xfs]",
"recipe[bamboo]",
"recipe[bamboo::crowd_authentication]",
"recipe[bamboo::ebs_volume]",
"recipe[build_dependencies]",
"recipe[maven]", "recipe[maven3]",
"recipe[bamboo::post_maven_bamboo]",
"recipe[bamboo::start]",
"recipe[iptables::ci_instance]"
Thursday, January 12, 12

29. Where do you keep installation
binaries ?
Thursday, January 12, 12

30. Remote file resource
remote_file "crowd" do
path "/tmp/crowd.tar.gz"
source "http://downloads.atlassian.com/…/
atlassian-crowd-2.3.3.tar.gz"
checksum "dcc486625e96925…"
end
Thursday, January 12, 12

31. Have a sandbox!
Thursday, January 12, 12

32. Where do I find cookbooks
?
Thursday, January 12, 12

33. Many available on github
cookbooks.opscode.com
Thursday, January 12, 12

34. Throughout Development Cycle
Local Development
Thursday, January 12, 12

35. Throughout Development Cycle
Local Development
Single App (solo)
Thursday, January 12, 12

36. Throughout Development Cycle
Local Development
Single App (solo)
Server Based Rollout
Thursday, January 12, 12

37. Local Development
Thursday, January 12, 12

38. Local Development
Thursday, January 12, 12

39. Vagrant
Thursday, January 12, 12

40. Vagrant
Builds virtual machines from a text file and
some Chef cookbooks.
Thursday, January 12, 12

41. Vagrant Project
rstudio-spike
Vagrantfile
README.md
Gemfile
cookbooks
apt
rstudio
Thursday, January 12, 12

42. Vagrant Project
Vagrantfile
Vagrantfile
Thursday, January 12, 12

43. Vagrantfile
Vagrant::Config.run do |config|
config.vm.box = "lucid64"
config.vm.box_url =
"http://files.vagrantup.com/lucid64.box"
config.vm.forward_port "http", 8787, 8787
config.vm.provision :chef_solo do |chef|
chef.cookbooks_path = "cookbooks"
chef.add_recipe "rstudio"
chef.add_recipe "mysql::server"
chef.json.merge!({ :mysql =>
{:server_root_password => "foo" }
})
end
end
Thursday, January 12, 12

44. Vagrant Project
rstudio-spike
Vagrantfile
Vagrantfile
README.md
Gemfile
cookbooks
apt
rstudio
Thursday, January 12, 12

45. Benefits
Thursday, January 12, 12

46. Benefits
Version control dev environment
Thursday, January 12, 12

47. Benefits
Version control dev environment
Share configs across team
Thursday, January 12, 12

48. Benefits
Version control dev environment
Share configs across team
Recreate project or client setup
Thursday, January 12, 12

49. Benefits
Version control dev environment
Share configs across team
Recreate project or client setup
Keep host environment clean
Thursday, January 12, 12

50. “Base Box”
Thursday, January 12, 12

51. “Base Box”
OS Image
+ Vagrant configs
Thursday, January 12, 12

52. Download Base Boxes
Thursday, January 12, 12

53. Make Base Boxes
Thursday, January 12, 12

54. Solo Deployment
Thursday, January 12, 12

55. Solo Deployment
Thursday, January 12, 12

56. Chef Solo
Thursday, January 12, 12

57. Chef Solo
Runs cookbooks,
with attributes,
on a node.
Thursday, January 12, 12

58. chef-solo
$ sudo chef-solo -c solo.rb -j node.json
… INFO: *** Chef 0.10.4 ***
… INFO: Setting the run_list to ["recipe[rstudio]"] from JSON
… INFO: Run List is [recipe[rstudio]]
… INFO: Run List expands to [rstudio]
… INFO: Starting Chef Run for lucid64.hsd1.ca.comcast.net.
…
… INFO: Processing package[r-base] action install
(rstudio::default line 18)
-- many lines of output --
… INFO: Processing dpkg_package[rstudio-server] action install
(rstudio::default line 46)
… INFO: dpkg_package[rstudio-server] installed version 0.94.84
… INFO: Chef Run complete in 238.033898 seconds
… INFO: Running report handlers
… INFO: Report handlers complete
Thursday, January 12, 12

59. solo.rb
file_cache_path "/var/chef-solo"
cookbook_path ["/var/chef/cookbooks",
"/var/chef/site-cookbooks"]
Thursday, January 12, 12

60. node.json
{
"mysql": {
"server_root_password": "foo"
},
"run_list": ["recipe[rstudio]"]
}
Thursday, January 12, 12

61. Benefits
Thursday, January 12, 12

62. Benefits
Self-contained bundle
Thursday, January 12, 12

63. Benefits
Self-contained bundle
Can run from tarball at URL
Thursday, January 12, 12

64. Benefits
Self-contained bundle
Can run from tarball at URL
Easy setup; no extra infrastructure
Thursday, January 12, 12

65. Server-Based Deployment
Thursday, January 12, 12

66. Chef Server
Thursday, January 12, 12

67. Chef Server
Client-server polling
Searchable via API
Authenticated and encrypted
Centralized management
Thursday, January 12, 12

68. Chef Server
Chef
Client
poll
cookbook recipes
upload roles
attributes
Operator Chef
Server
Thursday, January 12, 12

69. Server Based Search
API access to Lucene search
Nodes, roles, or data bags
Can be used from recipes on clients
Thursday, January 12, 12

70. Example: Automatic Nagios Config
1. Search for nodes in the environment
2. Generate Nagios config files with
information about nodes.
Thursday, January 12, 12

71. Data Bags
JSON data
Held on server
Access via API
Thursday, January 12, 12

72. Example: Database Credentials
begin
bamboo_app = Chef::DataBagItem.load(:apps, :bamboo)
Chef::Log.info("Loaded… apps[#{bamboo_app['id']}]")
rescue
Chef::Log.fatal("Could not find #{:bamboo}… ")
raise
end
Thursday, January 12, 12

73. Chef Server in EC2
Thursday, January 12, 12

74. Challenges
No long-lived identity
Must use EBS for server
Authentication of new nodes
Thursday, January 12, 12

75. Example: EC2 + ELB + AS
Elastic load balancer
app1 app2 extra instances
ami with chef
Autoscale Group client
db
chef-server
Thursday, January 12, 12

76. Chef in Private Clouds
Thursday, January 12, 12

77. Chef + OpenStack: Automation 2 Ways
1. Build the platform itself
2. Build nodes in the platform
Thursday, January 12, 12

78. Other Options
Hosted Chef: Chef Server as a Service
www.opscode.com
Thursday, January 12, 12

79. Other Options
Hosted Chef: Chef Server as a Service
Private Chef: Like Hosted Chef, as an appliance
behind your firewall
www.opscode.com
Thursday, January 12, 12

80. CHEF IN THE CLOUD AND
ON THE GROUND
Michael T. Nygard
Relevance, Inc.
michael.nygard@thinkrelevance.com @mtnygard
© 2011-2012 Michael T. Nygard, All Rights Reserved.
Thursday, January 12, 12

81. Resources
Chef
http://wiki.opscode.com
Vagrant
http://www.vagrantup.com/
CloudFormation
http://bit.ly/mPFFJG
Thursday, January 12, 12