1. Cooking with Chef
Server management made easy

2. Me?
Ken Robertson
Senior Software Engineer at Involver
Involver builds a social media marketing platform
Specialize in our platform’s reliability,
performance, and scalability

3. Our Chef Usage
10 separate environments
120+ servers
All managed with Chef
One Operations Engineer, Two Developers

4. What is Chef?
Server management and configuration in Ruby
Developed by OpsCode
Adopted by Engine Yard, 37signals, and more
Apache License

5. Chef isn’t alone
CFEngine: http://cfengine.com/
Puppet: http://www.puppetlabs.com/
http://en.wikipedia.org/wiki/
Comparison_of_open_source_configuration_man
agement_software

6. Why use Chef?
Repeatable system provisioning
Manual tweaks are not repeatable
Ease scaling
Avoid vendor lock-in

7. Chef is Repeatable
Continuous configuration management
Ensure system compliance
Recovery from failures

8. Chef Flavors
chef-solo
Single instance
chef-server
Cluster, centrally managed

9. Chef’s Toolkit
Cookbooks
Recipes
Attributes

10. Recipes are
everywhere!
Open source - Engine Yard, 37signals, OpsCode
One offs for specific configurations
Approach with caution

11. Recipe ingredients:
Sub-recipes
Resources
Attributes
Definitions
Static resources
Templates

12. Resources

13. Resources - Examples
execute "some-descriptive-text" do
command "uptime"
end

14. Resources - Examples
link "/usr/local/bin/foo" do
to "/usr/src/foo-#{version}/bin/foo"
end

15. Resources - Examples
directory "/home/foo/apps/bar" do
owner "foobar"
group "foobar"
recursive true
end

16. Resources - Examples
package "mongodb"
version "1.2.3"
action :install
end

17. Resources - Examples
package "mongodb"
action :install, :upgrade
end

18. Resources - Examples
service "nginx" do
supports :status => false, :start => true,
:restart => true, :reload => true
action [ :enable, :start ]
end

19. Resources - Examples
cookbook_file "/etc/profile" do
owner "root"
group "root"
mode 644
source "profile"
end

20. Resources - Examples
cookbook_file "/etc/profile" do
owner "root"
group "root"
mode 644
source "http://safesite.com/files/profile"
end

21. Resources - Examples
template "/etc/hosts" do
owner "root"
group "root"
mode 644
source "hosts.erb"
variables(:one => 1, :two => 2)
end

22. Resources - Examples
cron "clear_tmp_files_older_than_a_day" do
hour 0
minute 0
user "root"
command "do_something"
end

23. Resources - Conditions
execute "install-rubygems-for-jruby" do
command %Q{
curl http://production.cf.rubygems.org/rubygems/
rubygems-1.3.7.tgz -O &&
tar xvzf rubygems-1.3.7.tgz &&
pushd rubygems-1.3.7 &&
jruby ./setup.rb &&
popd &&
rm rubygems-1.3.7.tgz &&
rm -r rubygems-1.3.7
}
only_if { %x{jruby -S gem --version}.chomp !=
'1.3.7' }
end

24. Results/Expectations
execute 'install passenger and nginx' do
command %Q{
wget -N http://site/file.tar.gz &&
tar -xvvf file.tar.gz &&
passenger-install-nginx-module ...
}
creates '/data/nginx/sbin/nginx'
end

25. Triggers
template "/etc/nginx/apps/#{params[:name]}.conf" do
source "#{params[:name]}.nginx.erb"
owner node[:user]
group node[:user]
mode 0644
variables(
:stage => params[:stage],
:name => params[:name]
)
notifies :reload, "service[nginx]", :delayed
end

26. Triggers
execute "mysql-create-database" do
...
action :nothing
end
template "/tmp/mysql-#{params[:name]}.sql" do
source "create-database.sql.erb"
variables(:params => params)
notifies :run,
resources(:execute => "mysql-create-database"),
:immediately
end

27. Attributes
Runtime configuration values
Define defaults
Pass in at runtime (as JSON)
Available through through the ‘node’ variable

28. Default Attributes
cookbooks/myrecipe/attributes/*.rb:
nginx_user "www-data"
nginx_port "80"
=> node[:nginx_user]
=> node[:nginx_port]
nginx { :user => 'www-data', :port => 80 }
=> node[:nginx][:user]
=> node[:nginx][:port]

29. Merging Attributes
default.mysql[:bindir] = '/usr/local/mysql',
default.mysql[:root] = '/data/mysql',
default.mysql[:uid] = 'mysql',
default.mysql[:gid] = 'mysql',
default.mysql[:group_name] = 'mysql',
default.mysql[:version] = '5.1.47'
node[:mysql][:version]

30. Runtime Attributes
{
"nginx_user": "www-data",
"nginx_port": 80,
"nginx": {
"user": "www-data",
"port": 80
}
}

31. Runtime Attributes
{
"mysql": {
"version": "5.1.47",
"config": {
"log_slave_updates": true,
"auto_increment_increment": "2"
}
}
}

32. Definitions
Mini-recipes
Repeatable blocks or sub-functions
Definitions sub-directory of recipe
cookbooks/myrecipe/definitions

33. Definitions
link "/usr/local/bin/foo" do
to "/usr/src/foo-#{version}/bin/foo"
end

34. Definitions
for db in node[:mysql][:databases] do
mysql_database db[:name] do
root_user node[:mysql][:root_user] || 'root'
root_password node[:mysql][:root_password]
dbuser db[:user] || db[:name]
dbpassword db[:password]
end
end

35. Definitions
define :mysql_database do
execute "mysql-create-database" do
...
action :nothing
end
template "/tmp/mysql-#{params[:name]}.sql" do
source "create-database.sql.erb"
variables(:params => params)
notifies :run,
"execute[mysql-create-database]",
:immediately
end
end

36. Definitions
define :nginx_site do
include_recipe "nginx"
template "/etc/nginx/apps/#{params[:name]}.conf" do
source "#{params[:name]}.nginx.erb"
owner node[:user]
group node[:user]
mode 0644
variables(
:stage => params[:stage],
:name => params[:name]
)
notifies :reload, "service[nginx]", :delayed
end
end

37. Recipe Gotchas
Idempotency

38. Idempotency
execute "install-jruby" do
command %Q{
curl http://urlto/#{version}/jruby-src-#{version}.tar.gz -O &&
tar xvzf jruby-src-#{version}.tar.gz &&
pushd jruby-#{version} &&
ant &&
popd &&
mv jruby-#{version} /usr &&
rm jruby-src-#{version}.tar.gz &&
ln -snf /usr/jruby-#{version}/bin/jruby /usr/local/bin/jruby
}
creates "/usr/jruby-#{version}"
end

39. Idempotency - Fixed
execute "install-jruby" do
command %Q{
curl http://urlto/#{version}/jruby-src-#{version}.tar.gz -O &&
tar xvzf jruby-src-#{version}.tar.gz &&
pushd jruby-#{version} &&
ant &&
popd &&
mv jruby-#{version} /usr &&
rm jruby-src-#{version}.tar.gz
}
creates "/usr/jruby-#{version}/bin/jruby"
end
link "/usr/local/bin/jruby" do
to "/usr/jruby-#{version}/bin/jruby"
end

40. Recipe Gotchas
Idempotency
Package sources

41. Recipe Gotchas
Idempotency
Package sources
Install vs upgrade

42. Install vs Upgrade
package “git-core” do
action :install
end
package “git-core” do
action :install, :upgrade
end

43. Recipe Gotchas
Idempotency
Package sources
Install vs upgrade
Attribute abuse

44. Recipe Gotchas
Idempotency
Package sources
Install vs upgrade
Attribute abuse
Cowboys and Homers

45. Homer
packages.each do |pkg|
package pkg
end
execute "Nuke existing installs" do
command "rm -rf /etc/tinydns /etc/dnscache"
end
...

46. Cowboys
One offs
Lack of testing
Manual, undocumented changes

47. DEMO

48. Much more!
Chef-server
Searching
Tagging
Libraries

49. Resources
OpsCode: http://www.opscode.com/
Chef Wiki: http://wiki.opscode.com/
37signals recipes:
http://github.com/37signals/37s_cookbooks
Engine Yard recipes:
http://github.com/engineyard/ey-cloud-recipes

50. Me!
Twitter: @krobertson
Blog: http://invalidlogic.com/
Email: ken@invalidlogic.com

51. Questions?