Chef, Devops, and You

Image from http://dev2ops.org/blog/2010/2/22/what-is-devops.htmlBryan W. Berry, 18 November 2011

Who am I?

•Linux Geek for 7 years

•Python, Ruby coder

•Played with a lot of different configuration management tools and techniques

We need a new way to work

Infrastructure needs to beRepeatableTestableScalable

No Snowflakes!

Devops?

1) Agile Development Practices applied to infrastructure

2) New tooling to automate infrastructure3) Testing, testing, testing

Infrastructure as Code

http://www.flickr.com/photos/wonderlane/2306082998/

Chef is . . .

A library for Configuration ManagementA Configuration Management SystemA Systems Integration PlatformAn API for your entire infrastructure

Open-source!

How Chef works

Chef Server

PRODQADEV

Workstation VM

Cookbooks

Data Bags

Attributes

DEV, QA, PROD ServersSupposed to have the same

configuration

Is this humanly possible without Chef?I don’t think so

PRODQADEV == ==

Chef client runs on each Server

They talk to the Chef Server

Chef can also run without a server, chef-solo

We call each system you configure a Node

Attributes are Searchable

$ knife search node ‘jdk_version:1.7’# returns list of nodes with jdk 1.7

search(:node, ‘java_version:1.7’)

Nodes have run_list

“run_list”: {“recipe[java]”,

“recipe[jboss]”, “role[internal]”}

Nodes have Roles

Roles describe what a node should be

Roles are Searchable

$ knife search role ‘max_children:50’

search(:role, ‘max_children:50’)

Roles have a run_list

What roles or recipes to apply in order

Chef manages resources on nodes

Resources are specified in recipes, recipes are stored in cookbooks

A node’s run_list specifies which recipes(and thus resources) are applied

Client / Server

Chef Server

PRODQADEV

Nodes

Nodes report their attributes to the Chef-server with the ‘Node’ object

attributes

Chef Repository

Chef Server

PRODQADEV

Nodes

Server applies rolesand sends run_list, roles, and all cookbooksback to clients

run_list,roles,cookbooks

Chef Repository

Skinny Server, Fat Clients

No “builds” are done on the server

A Node configures itself based on its run_list and the

downloaded cookbooks

Back to Recipes!

Ruby, baby!

Chef configuration written in pure rubyDevops == Ruby

If you also learn Ruby, it will be helpful but is not requiredIf you are really curious why devops == Ruby, you read more here http://devopsanywhere.blogspot.com/2011/09/how-ruby-is-beating-python-in-battle.html

Cookbooks are packages for Recipes

Cookbook Components

AttributesRecipesMetadataAssets (files/templates)

Sharing is beautiful

200+ high-quality cookbooks on community.opscode.comand growing all the time

Easy to customize existing cookbooks

Chef’s real value is this collection of cookbooks

Data Bags

Data Bags are arbitrary stores of globally available JSON data

Think of them as global variables/data sctructures

for your infrastructure

Data Bags have Items

Data bag users/john{ "comment": “postgres Rul3z", "groups": [“"sysadmins", "postgres" ], "ssh_keys": "ssh-rsa …..", "id": “john", "shell": "/bin/bash"}

Data Bags are Searchable!

pg_users = search(:users, “groups:postgres”)

group “postgres” domembers pg_users

end

Code/data Split

Recipes

Templates

Attributes

Data Bags

Node Object Role

Cookbook

run_list

Node Object

Role

Environments

The fact that attributes are in cookbooks, roles, environments, And the node itself can be confusing

tl;dr How do I get Started?

Do the Quick start using hosted chef, free for 5 nodes

http://wiki.opscode.com/display/chef/Quick+Start

You can use Ubuntu, Mac OS X, and maybe Windows

Possible Corporate Setup

PROD-Chef Server

PRODQADEV

DEV-Chef Server

BarFoo

Dev Playground:Devs have full accessTo chef-server

Disposable nodes fortestingcookbooks

Only sysadminsHave chef access

Tools

•Chef web interface – Pretty!•Ohai – collects information about node•Knife – command-line tool•Shef – interpreter for working with cookbooks•git - not part of chef, but hard to use chef without also using git

A Very Simple Recipe

This should look familiar

How we can use Chef

•Sysadmins write cookbooks and maintain chef-server•Devs can also write cookbooks to help the sysadmin•Store of configuration information

Sysadmins will spend more time managing configurations and less time

managing individual servers

Questions?

Bryan Berry skype: berrdawg bryan.berry@gmail.com

Portions of this presentations were taken liberally from Joshua Timberman’s Chef 101 presentation

Copyright Bryan W. Berry 2011Creative Commons 3.0 Unported CC-BY-SA