Community Cookbooks & further resources - Fundamentals Webinar Series Part 6
- 3. Questions & Answers
• Ask questions in the chat
window when they come to
you
• We’ll answer as many
questions as we can at the
end of the session
- 4. Questions & Answers
• Ask questions in the
Google Discussion Forum
• This can be used during
the webinar and outside
of the webinar, too.
• https://groups.google.com/d/
forum/learnchef-fundamentals-
webinar
- 5. Slides and Video
• This webinar is being recorded. The video will be
made available shortly after the session has ended.
• The slides used throughout this webinar will be
made available at the end of each webinar.
• Watch http://learnchef.com for updates.
- 7. Topics
• Overview of Chef
• Workstation Setup
• Node Setup
• Chef Resources and Recipes
• Working with the Node object
• Roles
• Common configuration with Data Bags
• Environments and knife-ec2
• Community Cookbooks and Further Resources
- 9. In the last module
• Login to the node in your Chef Training Lab
• Install Chef nodes using "knife bootstrap"
• Included a run_list so that the server was a web
server when the bootstrap process completed
• Managed Chef Cookbook versions for each
Environment
9
- 10. Where did my Node go?
• We still need a CentOS machine to manage
• The one we launched last time has likely expired
• Launch a new one using the Chef Lab
• Hopefully, you’ve already done this. We’re not
going to spend time walking through it now.
10
- 12. $ ssh root@<EXTERNAL_ADDRESS>
Lab - Login
The authenticity of host 'uvo1qrwls0jdgs3blvt.vm.cld.sr
(69.195.232.110)' can't be established.
RSA key fingerprint is d9:95:a3:b9:02:27:e9:cd:
74:e4:a2:34:23:f5:a6:8b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'uvo1qrwls0jdgs3blvt.vm.cld.sr,
69.195.232.110' (RSA) to the list of known hosts.
root@uvo1qrwls0jdgs3blvt.vm.cld.sr's password:
Last login: Mon Jan 6 16:26:24 2014 from
host86-145-117-53.range86-145.btcentralplus.com
[root@CentOS63 ~]$
12
- 13. Checkpoint
• At this point you should have
• One virtual machine (VM) or server that you’ll use
for the lab exercises
• The IP address or public hostname
• An application for establishing an ssh connection
• 'sudo' or 'root' permissions on the VM
13
- 14. name "production"
description "For Prods!"
cookbook "apache", "= 0.2.0"
OPEN IN EDITOR: environments/production.rb
SAVE FILE!
Update the production environment
• Upgrade the apache
cookbook to version
0.2.0
14
- 16. $ knife environment from file production.rb
Upload the production environment
Updated Environment production
15
- 17. {
"name" : "webserver",
"default_attributes" : {
"apache" : {
"greeting" : "Webinar"
}
},
"run_list" : [
"recipe[apache]",
"recipe[apache::vhosts]"
]
}
OPEN IN EDITOR: roles/webserver.rb
SAVE FILE!
Update the webserver role
• add the vhosts
recipe
16
- 19. $ knife role from file webserver.rb
Upload the role
Updated Role webserver!
17
- 20. $ knife bootstrap <EXTERNAL_ADDRESS> -x root -P chef -N ‘module6’ -r ‘role[webserver]’ -E production
"Bootstrap" the Target Instance
Bootstrapping Chef on uvo1qrwls0jdgs3blvt.vm.cld.sr
...
...
uvo1qrwls0jdgs3blvt.vm.cld.sr Creating a new client identity for
module3 using the validator key.
uvo1qrwls0jdgs3blvt.vm.cld.sr resolving cookbooks for run list: []
uvo1qrwls0jdgs3blvt.vm.cld.sr Synchronizing Cookbooks:
uvo1qrwls0jdgs3blvt.vm.cld.sr Compiling Cookbooks...
uvo1qrwls0jdgs3blvt.vm.cld.sr [2014-01-28T11:03:14-05:00] WARN: Node
module3 has an empty run list.
uvo1qrwls0jdgs3blvt.vm.cld.sr Converging 0 resources
uvo1qrwls0jdgs3blvt.vm.cld.sr Chef Client finished, 0 resources updated
18
- 21. Exercise: Verify that the home page works
• Open a web browser
• Type in the the URL for your test node
19
- 23. • After completing the lesson, you will be able to
• Find, preview, and download cookbooks from the
Chef Community site
• Use knife to work with the Community Site API
• Download, extract, examine and implement
cookbooks from the Community site
Lesson Objectives
21
- 24. • We've been writing some cookbooks so far...
• Hundreds already exist for a large number of use
cases and purposes. Many (but only a fraction) are
maintained by CHEF Software, Inc.
• Think of it like RubyGems.org, CPAN.org, or other
focused plugin-style distribution sites.
The easy way...
22
- 25. The Problem and the Success Criteria
• The Problem: The chef-client application should run
on a regular basis on our nodes.
• Success Criteria: chef-client is running as a service
on our node.
23
- 32. You can download cookbooks directly from the site...
• You can download cookbooks directly from the
community site, but:
• It doesn't put them in your Chef Repository
• It isn't fast if you know what you're looking for (click,
click...)
• It isn't necessarily fast if you don't know what you're
looking for.
• You're already using knife for managing cookbooks
and other things in your Chef Repository.
28
- 33. Introducing Knife Cookbook Site plugin
• Knife includes a "cookbook site" plugin with some
sub-commands:
• search
• show
• download
• ... and more!
29
- 35. Exercise: Download the chef-client cookbook
Downloading chef-client from the cookbooks
site at version 3.2.0 to /Users/
johnfitzpatrick/cheftraining/fundamentals2.0/
chef-repo/chef-client-3.2.0.tar.gz
Cookbook saved: /Users/YOU/chef-repo/chef-
client-3.2.0.tar.gz
31
- 36. $ knife cookbook site download chef-client
Exercise: Download the chef-client cookbook
Downloading chef-client from the cookbooks
site at version 3.2.0 to /Users/
johnfitzpatrick/cheftraining/fundamentals2.0/
chef-repo/chef-client-3.2.0.tar.gz
Cookbook saved: /Users/YOU/chef-repo/chef-
client-3.2.0.tar.gz
31
- 37. x chef-client/
x chef-client/attributes/
x chef-client/CHANGELOG.md
x chef-client/CONTRIBUTING
x chef-client/LICENSE
x chef-client/metadata.json
x chef-client/metadata.rb
x chef-client/README.md
x chef-client/recipes/
x chef-client/templates/
x chef-client/templates/arch/
x chef-client/templates/default/
x chef-client/templates/windows/
x chef-client/templates/default/debian/
x chef-client/templates/default/redhat/
x chef-client/templates/default/solaris/
x chef-client/templates/arch/conf.d/
x chef-client/templates/arch/rc.d/
x chef-client/recipes/config.rb
x chef-client/recipes/cron.rb
x chef-client/recipes/default.rb
x chef-client/recipes/delete_validation.rb
Exercise: Extract chef-client cookbook tarball
32
- 38. $ tar -zxvf chef-client*.tar.gz -C cookbooks/
x chef-client/
x chef-client/attributes/
x chef-client/CHANGELOG.md
x chef-client/CONTRIBUTING
x chef-client/LICENSE
x chef-client/metadata.json
x chef-client/metadata.rb
x chef-client/README.md
x chef-client/recipes/
x chef-client/templates/
x chef-client/templates/arch/
x chef-client/templates/default/
x chef-client/templates/windows/
x chef-client/templates/default/debian/
x chef-client/templates/default/redhat/
x chef-client/templates/default/solaris/
x chef-client/templates/arch/conf.d/
x chef-client/templates/arch/rc.d/
x chef-client/recipes/config.rb
x chef-client/recipes/cron.rb
x chef-client/recipes/default.rb
x chef-client/recipes/delete_validation.rb
Exercise: Extract chef-client cookbook tarball
32
- 40. depends 'cron', '>= 1.2.0'
depends 'logrotate', '>= 1.2.0'
Cookbook Dependencies
• Cookbooks are built in
a way that allows for
easy composition
• Dependencies are
described in each
cookbook’s
metadata.rb file
34
- 41. Exercise: Download the cron cookbook
Downloading cron from the cookbooks site at version
1.2.8 to /Users/YOU/chef-repo/cron-1.2.8.tar.gz
Cookbook saved: /Users/YOU/chef-repo/
cron-1.2.8.tar.gz
35
- 42. $ knife cookbook site download cron
Exercise: Download the cron cookbook
Downloading cron from the cookbooks site at version
1.2.8 to /Users/YOU/chef-repo/cron-1.2.8.tar.gz
Cookbook saved: /Users/YOU/chef-repo/
cron-1.2.8.tar.gz
35
- 43. x cron/
x cron/CHANGELOG.md
x cron/README.md
x cron/metadata.json
x cron/metadata.rb
x cron/providers
x cron/providers/d.rb
x cron/recipes
x cron/recipes/default.rb
x cron/recipes/test.rb
x cron/resources
x cron/resources/d.rb
x cron/templates
x cron/templates/default
x cron/templates/default/cron.d.erb
Exercise: Extract cron cookbook tarball
36
- 44. $ tar -zxvf cron*.tar.gz -C cookbooks/
x cron/
x cron/CHANGELOG.md
x cron/README.md
x cron/metadata.json
x cron/metadata.rb
x cron/providers
x cron/providers/d.rb
x cron/recipes
x cron/recipes/default.rb
x cron/recipes/test.rb
x cron/resources
x cron/resources/d.rb
x cron/templates
x cron/templates/default
x cron/templates/default/cron.d.erb
Exercise: Extract cron cookbook tarball
36
- 45. Exercise: Download the logrotate cookbook
Downloading logrotate from the cookbooks site at
version 1.4.0 to /Users/johnfitzpatrick/
cheftraining/chef-repo/logrotate-1.4.0.tar.gz
Cookbook saved: /Users/YOU/chef-repo/
logrotate-1.4.0.tar.gz
37
- 46. $ knife cookbook site download logrotate
Exercise: Download the logrotate cookbook
Downloading logrotate from the cookbooks site at
version 1.4.0 to /Users/johnfitzpatrick/
cheftraining/chef-repo/logrotate-1.4.0.tar.gz
Cookbook saved: /Users/YOU/chef-repo/
logrotate-1.4.0.tar.gz
37
- 47. x logrotate/
x logrotate/CHANGELOG.md
x logrotate/README.md
x logrotate/attributes
x logrotate/attributes/default.rb
x logrotate/definitions
x logrotate/definitions/logrotate_app.rb
x logrotate/libraries
x logrotate/libraries/logrotate_config.rb
x logrotate/metadata.json
x logrotate/metadata.rb
x logrotate/recipes
x logrotate/recipes/default.rb
x logrotate/recipes/global.rb
x logrotate/templates
x logrotate/templates/default
x logrotate/templates/default/logrotate-global.erb
x logrotate/templates/default/logrotate.erb
Exercise: Extract logrotate cookbook tarball
38
- 48. $ tar -zxvf logrotate*.tar.gz -C cookbooks/
x logrotate/
x logrotate/CHANGELOG.md
x logrotate/README.md
x logrotate/attributes
x logrotate/attributes/default.rb
x logrotate/definitions
x logrotate/definitions/logrotate_app.rb
x logrotate/libraries
x logrotate/libraries/logrotate_config.rb
x logrotate/metadata.json
x logrotate/metadata.rb
x logrotate/recipes
x logrotate/recipes/default.rb
x logrotate/recipes/global.rb
x logrotate/templates
x logrotate/templates/default
x logrotate/templates/default/logrotate-global.erb
x logrotate/templates/default/logrotate.erb
Exercise: Extract logrotate cookbook tarball
38
- 49. What we just did...
• Cookbooks are distributed as a versioned .tar.gz
archive.
• The latest version is downloaded by default (you can
specify the version).
• Extract the cookbook into the "cookbooks" directory
with tar.
• Next, let's examine the contents.
39
- 50. Best practice: well written cookbooks have a README!
• Documentation for cookbooks doesn't need to be
extensive, but a README should describe some
important aspects of a cookbook:
• Expectations (cookbooks, platform, data)
• Recipes and their purpose
• LWRPs, Libraries, etc.
• Usage notes
• Read the README first!
40
- 51. Best Practice: This runs as root!
• So, you just downloaded source code from the
internet.
• As root.
• To load in the magic machine that:
• Makes your computers run code
• Read the entire cookbook first!
41
- 52. Exercise: Upload the cookbooks
Updated cookbooks/cron
Updated cookbooks/logrotate
Updated cookbooks/chef-client
42
- 53. $ knife upload cookbooks
Exercise: Upload the cookbooks
Updated cookbooks/cron
Updated cookbooks/logrotate
Updated cookbooks/chef-client
42
- 54. Examining the chef-client cookbook
• We're going to use two recipes on the node from the
chef-client cookbook.
• delete_validation
• service (via default)
43
- 55. Best Practice: Delete the validation certificate when it isn't required
• Once Chef enters the actual run, synchronizing
cookbooks, it has registered its own API client with
the validation certificate
• That certificate is no longer required. We do this first
because in case the run fails for another reason, we
know at least the validation certificate is gone
44
- 56. OPEN IN EDITOR:
SAVE FILE!
unless chef_server?
file Chef::Config[:validation_key] do
action :delete
backup false
only_if { ::File.exists?(Chef::Config[:client_key]) }
end
end
Exercise: View the chef-client::delete_validation recipe
45
- 57. OPEN IN EDITOR:
SAVE FILE!
cookbooks/chef-client/recipes/delete_validation.rb
unless chef_server?
file Chef::Config[:validation_key] do
action :delete
backup false
only_if { ::File.exists?(Chef::Config[:client_key]) }
end
end
Exercise: View the chef-client::delete_validation recipe
45
- 58. OPEN IN EDITOR:
SAVE FILE!
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
include_recipe "chef-client::service"
Exercise: View the chef-client::default recipe
46
- 59. OPEN IN EDITOR:
SAVE FILE!
cookbooks/chef-client/recipes/default.rb
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
include_recipe "chef-client::service"
Exercise: View the chef-client::default recipe
46
- 60. Best Practice: Sane defaults do "pretty much" what you expect
• The main point of the "chef-client" cookbook is
managing the "chef-client" program. It is designed
that it can run as a daemonized service.
• The least surprising thing for most users is that the
default recipe starts the service.
• You can manage the service in a number of ways,
see the cookbook's README.md.
47
- 61. supported_init_styles = [
'arch',
'bluepill',
'bsd',
'daemontools',
'init',
'launchd',
'runit',
'smf',
'upstart',
'winsw'
]
init_style = node["chef_client"]["init_style"]
# Services moved to recipes
if supported_init_styles.include? init_style
include_recipe "chef-client::#{init_style}_service"
else
log "Could not determine service init style, manual intervention required
to start up the chef-client service."
end
OPEN IN EDITOR: cookbooks/chef-client/recipes/service.rb
Exercise: View the chef-client::service recipe
• The recipe
supports a
number of
service
providers and
styles.
• It works on a lot
of platforms.
• Everything is
controllable
through
attributes.
48
- 62. Best Practice: Well-written cookbooks change behavior based on
attributes
• Ideally, you don't have to modify the contents of a
cookbook to use it for your specific use case.
• Look at the attributes directory for things you can
override through roles to affect behavior of the
cookbook.
• Of course, well written cookbooks have sane
defaults, and a README to describe all this.
49
- 63. OPEN IN EDITOR:
SAVE FILE!
roles/chef-client.json
{
"name" : "chef-client",
"description" : "Manages the chef-client",
"run_list" : [
"recipe[chef-client]",
"recipe[chef-client::delete_validation]"
]
}
Exercise: Add a chef-client role
50
- 65. $ knife role from file chef-client.json
Exercise: Upload the chef-client role
Updated Role chef-client!
51
- 66. Exercise: Re-run the Chef Client
...
Recipe: chef-client::delete_validation
* file[/etc/chef/validation.pem] action delete[2014-01-07T09:05:43-05:00] INFO: Processing file[/etc/chef/validation.pem] action
delete (chef-client::delete_validation line 25)
[2014-01-07T09:05:43-05:00] INFO: file[/etc/chef/validation.pem] deleted file at /etc/chef/validation.pem
- delete file /etc/chef/validation.pem
...
* service[chef-client] action enable[2014-01-07T09:05:46-05:00] INFO: Processing service[chef-client] action enable (chef-
client::init_service line 32)
[2014-01-07T09:05:47-05:00] INFO: service[chef-client] enabled
- enable service service[chef-client]
* service[chef-client] action start[2014-01-07T09:05:47-05:00] INFO: Processing service[chef-client] action start (chef-
client::init_service line 32)
[2014-01-07T09:05:48-05:00] INFO: service[chef-client] started
- start service service[chef-client]
...
[2014-01-07T09:05:55-05:00] INFO: template[/etc/init.d/chef-client] sending restart action to service[chef-client] (delayed)
Recipe: chef-client::init_service
* service[chef-client] action restart[2014-01-07T09:05:55-05:00] INFO: Processing service[chef-client] action restart (chef-
client::init_service line 32)
[2014-01-07T09:06:01-05:00] INFO: service[chef-client] restarted
- restart service service[chef-client]
[2014-01-07T09:06:01-05:00] INFO: Chef Run complete in 29.341053545 seconds
52
- 67. root 8933 0.3 2.2 130400 37816 ? Sl 03:19
0:01 /opt/chef/embedded/bin/ruby /usr/bin/chef-client -d -c /
etc/chef/client.rb -L /var/log/chef/client.log -P /var/run/
chef/client.pid -i 1800 -s 300
Exercise: Verify chef-client is running
53
- 68. root@module6$ ps awux | grep chef-client
root 8933 0.3 2.2 130400 37816 ? Sl 03:19
0:01 /opt/chef/embedded/bin/ruby /usr/bin/chef-client -d -c /
etc/chef/client.rb -L /var/log/chef/client.log -P /var/run/
chef/client.pid -i 1800 -s 300
Exercise: Verify chef-client is running
53
- 69. Convergent infrastructure
• Our node is now running chef-client as a daemon,
and it will converge itself over time on a (by default)
30 minute interval.
• The amount of resources converged may vary with
longer intervals, depending on configuration drift on
the system.
• Because Chef resources work using the “test and
repair” cycle, Chef will only configure what it needs
to each run.
54
- 70. The Problem and the Success Criteria
• The Problem: The chef-client application should
check-in every five minutes in the production
environment.
• Success Criteria: chef-client runs every five
minutes in production.
55
- 71. Best Practice: Specify cookbook versions in production
• We’ve just added three new cookbooks to our run
list.
• A cookbook version should be set for all cookbooks
in your production environment
56
- 72. OPEN IN EDITOR:
SAVE FILE!
environments/production.rb
name "production"
description "For Production!"
cookbook_versions({
"apache" => "= 0.2.0",
"chef-client" => "= 3.6.0",
"logrotate" => "= 1.6.0",
"cron" => "= 1.4.0"
})
default_attributes(
"chef_client" => {
"interval" => 300
}
)
Update the production.rb
57
- 74. $ knife environment from file production.rb
Upload the production environment
Updated Environment production
58
- 77. root 8933 0.3 2.2 130400 37816 ? Sl 03:19
0:01 /opt/chef/embedded/bin/ruby /usr/bin/chef-client -d -c /
etc/chef/client.rb -L /var/log/chef/client.log -P /var/run/
chef/client.pid -i 300 -s 300
Exercise: Verify chef-client is running
60
- 78. root@module6$ ps awux | grep chef-client
root 8933 0.3 2.2 130400 37816 ? Sl 03:19
0:01 /opt/chef/embedded/bin/ruby /usr/bin/chef-client -d -c /
etc/chef/client.rb -L /var/log/chef/client.log -P /var/run/
chef/client.pid -i 300 -s 300
Exercise: Verify chef-client is running
60
- 80. Additional Tools for Windows
62
• chef-client - works on Windows!
• Windows-specific resource types
• batch
• powershell_script
• registry_key
• Knife plugins
• knife windows
• knife azure
- 81. Usual suspects
• Most resources work the same way they would in a
Unix- or Linux-like environment
• Including:
• package
• service
• template
• user
• group
63
- 82. Special attributes
• File-based resources have attributes that are unique
to Microsoft Windows
• inherits - for file inheritance
• mode - for octal modes
• rights - for access control lists (ACLs)
64
- 83. Bootstrap a Windows node
• Install the knife-windows gem
• Configure Windows Remote Management (WinRM)
on the target node
•knife windows bootstrap winrm ...
65
- 85. Six Episode Series
• Module 1 - Overview of Chef
• Module 2 - Node Setup, Chef Resources & Recipes
• Module 3 - Working with the Node object & Roles
• Module 4 - Common configuration data with
Databags
• Module 5 - Environments and knife-ec2
• Today - Community Cookbooks and Further
Resources
- 86. Additional Resources
• Chef Fundamentals Webinar Series
• https://www.youtube.com/watch?
v=S5lHUpzoCYo&list=PL11cZfNdwNyPnZA9D1MbVqldGuOWqbum
Z
• Discussion group for webinar participants
• https://groups.google.com/d/forum/learnchef-fundamentals-webinar
68