SlideShare a Scribd company logo

Community Cookbooks & further resources - Fundamentals Webinar Series Part 6

Chef
Chef

The document provides an agenda and overview for a Chef Fundamentals webinar. The webinar will cover topics such as setting up a Chef workstation, managing nodes, using Chef resources and recipes, roles, data bags, environments, and community cookbooks. It instructs attendees to ask questions during the webinar using the chat window or discussion forum. The slides and recorded video will be made available after the webinar.

Related slideshows

Chef Fundamentals Training Series Module 1: Overview of Chef
Chef Fundamentals Training Series Module 1: Overview of ChefChef Fundamentals Training Series Module 1: Overview of Chef
Chef Fundamentals Training Series Module 1: Overview of Chef
 
Opscode Webinar: Managing Your VMware Infrastructure with Chef
Opscode Webinar: Managing Your VMware Infrastructure with ChefOpscode Webinar: Managing Your VMware Infrastructure with Chef
Opscode Webinar: Managing Your VMware Infrastructure with Chef
 
Introduction to Chef: Automate Your Infrastructure by Modeling It In Code
Introduction to Chef: Automate Your Infrastructure by Modeling It In CodeIntroduction to Chef: Automate Your Infrastructure by Modeling It In Code
Introduction to Chef: Automate Your Infrastructure by Modeling It In Code
 
1 of 87
Download to read offline
Chef Fundamentals training@getchef.com Copyright (C) 2014 Chef Software, Inc.
Nathen Harvey • Community Director • Co-host of the Food Fight Show Podcast • @nathenharvey
Questions & Answers • Ask questions in the chat window when they come to you • We’ll answer as many questions as we can at the end of the session
Questions & Answers • Ask questions in the Google Discussion Forum • This can be used during the webinar and outside of the webinar, too. • https://groups.google.com/d/ forum/learnchef-fundamentals- webinar
Slides and Video • This webinar is being recorded. The video will be made available shortly after the session has ended. • The slides used throughout this webinar will be made available at the end of each webinar. • Watch http://learnchef.com for updates.
Agenda 6
Topics • Overview of Chef • Workstation Setup • Node Setup • Chef Resources and Recipes • Working with the Node object • Roles • Common configuration with Data Bags • Environments and knife-ec2 • Community Cookbooks and Further Resources
Quick Recap Where are we? 8
In the last module • Login to the node in your Chef Training Lab • Install Chef nodes using "knife bootstrap" • Included a run_list so that the server was a web server when the bootstrap process completed • Managed Chef Cookbook versions for each Environment 9
Where did my Node go? • We still need a CentOS machine to manage • The one we launched last time has likely expired • Launch a new one using the Chef Lab • Hopefully, you’ve already done this. We’re not going to spend time walking through it now. 10
Launch Chef Training Lab 11
$ ssh root@<EXTERNAL_ADDRESS> Lab - Login The authenticity of host 'uvo1qrwls0jdgs3blvt.vm.cld.sr (69.195.232.110)' can't be established. RSA key fingerprint is d9:95:a3:b9:02:27:e9:cd: 74:e4:a2:34:23:f5:a6:8b. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'uvo1qrwls0jdgs3blvt.vm.cld.sr, 69.195.232.110' (RSA) to the list of known hosts. root@uvo1qrwls0jdgs3blvt.vm.cld.sr's password: Last login: Mon Jan 6 16:26:24 2014 from host86-145-117-53.range86-145.btcentralplus.com [root@CentOS63 ~]$ 12
Checkpoint • At this point you should have • One virtual machine (VM) or server that you’ll use for the lab exercises • The IP address or public hostname • An application for establishing an ssh connection • 'sudo' or 'root' permissions on the VM 13
name "production" description "For Prods!" cookbook "apache", "= 0.2.0" OPEN IN EDITOR: environments/production.rb SAVE FILE! Update the production environment • Upgrade the apache cookbook to version 0.2.0 14
Upload the production environment Updated Environment production 15
$ knife environment from file production.rb Upload the production environment Updated Environment production 15
{ "name" : "webserver", "default_attributes" : { "apache" : { "greeting" : "Webinar" } }, "run_list" : [ "recipe[apache]", "recipe[apache::vhosts]" ] } OPEN IN EDITOR: roles/webserver.rb SAVE FILE! Update the webserver role • add the vhosts recipe 16
Upload the role Updated Role webserver! 17
$ knife role from file webserver.rb Upload the role Updated Role webserver! 17
$ knife bootstrap <EXTERNAL_ADDRESS> -x root -P chef -N ‘module6’ -r ‘role[webserver]’ -E production "Bootstrap" the Target Instance Bootstrapping Chef on uvo1qrwls0jdgs3blvt.vm.cld.sr ... ... uvo1qrwls0jdgs3blvt.vm.cld.sr Creating a new client identity for module3 using the validator key. uvo1qrwls0jdgs3blvt.vm.cld.sr resolving cookbooks for run list: [] uvo1qrwls0jdgs3blvt.vm.cld.sr Synchronizing Cookbooks: uvo1qrwls0jdgs3blvt.vm.cld.sr Compiling Cookbooks... uvo1qrwls0jdgs3blvt.vm.cld.sr [2014-01-28T11:03:14-05:00] WARN: Node module3 has an empty run list. uvo1qrwls0jdgs3blvt.vm.cld.sr Converging 0 resources uvo1qrwls0jdgs3blvt.vm.cld.sr Chef Client finished, 0 resources updated 18
Exercise: Verify that the home page works • Open a web browser • Type in the the URL for your test node 19
v2.1.0 Using Community Cookbooks Open Source: Saving you time! 20
• After completing the lesson, you will be able to • Find, preview, and download cookbooks from the Chef Community site • Use knife to work with the Community Site API • Download, extract, examine and implement cookbooks from the Community site Lesson Objectives 21
• We've been writing some cookbooks so far... • Hundreds already exist for a large number of use cases and purposes. Many (but only a fraction) are maintained by CHEF Software, Inc. • Think of it like RubyGems.org, CPAN.org, or other focused plugin-style distribution sites. The easy way... 22
The Problem and the Success Criteria • The Problem: The chef-client application should run on a regular basis on our nodes. • Success Criteria: chef-client is running as a service on our node. 23
Exercise: Find and preview cookbooks on the community site 24
Exercise: Find and preview cookbooks on the community site Cookbooks! 24
Exercise: Search for a chef-client cookbook 25
Exercise: Search for a chef-client cookbook Search for: chef-client 25
Search Results... 26
Viewing a cookbook 27
You can download cookbooks directly from the site... • You can download cookbooks directly from the community site, but: • It doesn't put them in your Chef Repository • It isn't fast if you know what you're looking for (click, click...) • It isn't necessarily fast if you don't know what you're looking for. • You're already using knife for managing cookbooks and other things in your Chef Repository. 28
Introducing Knife Cookbook Site plugin • Knife includes a "cookbook site" plugin with some sub-commands: • search • show • download • ... and more! 29
v2.1.0 Download and use chef-client cookbook 30
Exercise: Download the chef-client cookbook Downloading chef-client from the cookbooks site at version 3.2.0 to /Users/ johnfitzpatrick/cheftraining/fundamentals2.0/ chef-repo/chef-client-3.2.0.tar.gz Cookbook saved: /Users/YOU/chef-repo/chef- client-3.2.0.tar.gz 31
$ knife cookbook site download chef-client Exercise: Download the chef-client cookbook Downloading chef-client from the cookbooks site at version 3.2.0 to /Users/ johnfitzpatrick/cheftraining/fundamentals2.0/ chef-repo/chef-client-3.2.0.tar.gz Cookbook saved: /Users/YOU/chef-repo/chef- client-3.2.0.tar.gz 31
x chef-client/ x chef-client/attributes/ x chef-client/CHANGELOG.md x chef-client/CONTRIBUTING x chef-client/LICENSE x chef-client/metadata.json x chef-client/metadata.rb x chef-client/README.md x chef-client/recipes/ x chef-client/templates/ x chef-client/templates/arch/ x chef-client/templates/default/ x chef-client/templates/windows/ x chef-client/templates/default/debian/ x chef-client/templates/default/redhat/ x chef-client/templates/default/solaris/ x chef-client/templates/arch/conf.d/ x chef-client/templates/arch/rc.d/ x chef-client/recipes/config.rb x chef-client/recipes/cron.rb x chef-client/recipes/default.rb x chef-client/recipes/delete_validation.rb Exercise: Extract chef-client cookbook tarball 32
$ tar -zxvf chef-client*.tar.gz -C cookbooks/ x chef-client/ x chef-client/attributes/ x chef-client/CHANGELOG.md x chef-client/CONTRIBUTING x chef-client/LICENSE x chef-client/metadata.json x chef-client/metadata.rb x chef-client/README.md x chef-client/recipes/ x chef-client/templates/ x chef-client/templates/arch/ x chef-client/templates/default/ x chef-client/templates/windows/ x chef-client/templates/default/debian/ x chef-client/templates/default/redhat/ x chef-client/templates/default/solaris/ x chef-client/templates/arch/conf.d/ x chef-client/templates/arch/rc.d/ x chef-client/recipes/config.rb x chef-client/recipes/cron.rb x chef-client/recipes/default.rb x chef-client/recipes/delete_validation.rb Exercise: Extract chef-client cookbook tarball 32
Review Dependencies 33
depends 'cron', '>= 1.2.0' depends 'logrotate', '>= 1.2.0' Cookbook Dependencies • Cookbooks are built in a way that allows for easy composition • Dependencies are described in each cookbook’s metadata.rb file 34
Exercise: Download the cron cookbook Downloading cron from the cookbooks site at version 1.2.8 to /Users/YOU/chef-repo/cron-1.2.8.tar.gz Cookbook saved: /Users/YOU/chef-repo/ cron-1.2.8.tar.gz 35
$ knife cookbook site download cron Exercise: Download the cron cookbook Downloading cron from the cookbooks site at version 1.2.8 to /Users/YOU/chef-repo/cron-1.2.8.tar.gz Cookbook saved: /Users/YOU/chef-repo/ cron-1.2.8.tar.gz 35
x cron/ x cron/CHANGELOG.md x cron/README.md x cron/metadata.json x cron/metadata.rb x cron/providers x cron/providers/d.rb x cron/recipes x cron/recipes/default.rb x cron/recipes/test.rb x cron/resources x cron/resources/d.rb x cron/templates x cron/templates/default x cron/templates/default/cron.d.erb Exercise: Extract cron cookbook tarball 36
$ tar -zxvf cron*.tar.gz -C cookbooks/ x cron/ x cron/CHANGELOG.md x cron/README.md x cron/metadata.json x cron/metadata.rb x cron/providers x cron/providers/d.rb x cron/recipes x cron/recipes/default.rb x cron/recipes/test.rb x cron/resources x cron/resources/d.rb x cron/templates x cron/templates/default x cron/templates/default/cron.d.erb Exercise: Extract cron cookbook tarball 36
Exercise: Download the logrotate cookbook Downloading logrotate from the cookbooks site at version 1.4.0 to /Users/johnfitzpatrick/ cheftraining/chef-repo/logrotate-1.4.0.tar.gz Cookbook saved: /Users/YOU/chef-repo/ logrotate-1.4.0.tar.gz 37
$ knife cookbook site download logrotate Exercise: Download the logrotate cookbook Downloading logrotate from the cookbooks site at version 1.4.0 to /Users/johnfitzpatrick/ cheftraining/chef-repo/logrotate-1.4.0.tar.gz Cookbook saved: /Users/YOU/chef-repo/ logrotate-1.4.0.tar.gz 37
x logrotate/ x logrotate/CHANGELOG.md x logrotate/README.md x logrotate/attributes x logrotate/attributes/default.rb x logrotate/definitions x logrotate/definitions/logrotate_app.rb x logrotate/libraries x logrotate/libraries/logrotate_config.rb x logrotate/metadata.json x logrotate/metadata.rb x logrotate/recipes x logrotate/recipes/default.rb x logrotate/recipes/global.rb x logrotate/templates x logrotate/templates/default x logrotate/templates/default/logrotate-global.erb x logrotate/templates/default/logrotate.erb Exercise: Extract logrotate cookbook tarball 38
$ tar -zxvf logrotate*.tar.gz -C cookbooks/ x logrotate/ x logrotate/CHANGELOG.md x logrotate/README.md x logrotate/attributes x logrotate/attributes/default.rb x logrotate/definitions x logrotate/definitions/logrotate_app.rb x logrotate/libraries x logrotate/libraries/logrotate_config.rb x logrotate/metadata.json x logrotate/metadata.rb x logrotate/recipes x logrotate/recipes/default.rb x logrotate/recipes/global.rb x logrotate/templates x logrotate/templates/default x logrotate/templates/default/logrotate-global.erb x logrotate/templates/default/logrotate.erb Exercise: Extract logrotate cookbook tarball 38
What we just did... • Cookbooks are distributed as a versioned .tar.gz archive. • The latest version is downloaded by default (you can specify the version). • Extract the cookbook into the "cookbooks" directory with tar. • Next, let's examine the contents. 39
Best practice: well written cookbooks have a README! • Documentation for cookbooks doesn't need to be extensive, but a README should describe some important aspects of a cookbook: • Expectations (cookbooks, platform, data) • Recipes and their purpose • LWRPs, Libraries, etc. • Usage notes • Read the README first! 40
Best Practice: This runs as root! • So, you just downloaded source code from the internet. • As root. • To load in the magic machine that: • Makes your computers run code • Read the entire cookbook first! 41
Exercise: Upload the cookbooks Updated cookbooks/cron Updated cookbooks/logrotate Updated cookbooks/chef-client 42
$ knife upload cookbooks Exercise: Upload the cookbooks Updated cookbooks/cron Updated cookbooks/logrotate Updated cookbooks/chef-client 42
Examining the chef-client cookbook • We're going to use two recipes on the node from the chef-client cookbook. • delete_validation • service (via default) 43
Best Practice: Delete the validation certificate when it isn't required • Once Chef enters the actual run, synchronizing cookbooks, it has registered its own API client with the validation certificate • That certificate is no longer required. We do this first because in case the run fails for another reason, we know at least the validation certificate is gone 44
OPEN IN EDITOR: SAVE FILE! unless chef_server? file Chef::Config[:validation_key] do action :delete backup false only_if { ::File.exists?(Chef::Config[:client_key]) } end end Exercise: View the chef-client::delete_validation recipe 45
OPEN IN EDITOR: SAVE FILE! cookbooks/chef-client/recipes/delete_validation.rb unless chef_server? file Chef::Config[:validation_key] do action :delete backup false only_if { ::File.exists?(Chef::Config[:client_key]) } end end Exercise: View the chef-client::delete_validation recipe 45
OPEN IN EDITOR: SAVE FILE! # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # include_recipe "chef-client::service" Exercise: View the chef-client::default recipe 46
OPEN IN EDITOR: SAVE FILE! cookbooks/chef-client/recipes/default.rb # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # include_recipe "chef-client::service" Exercise: View the chef-client::default recipe 46
Best Practice: Sane defaults do "pretty much" what you expect • The main point of the "chef-client" cookbook is managing the "chef-client" program. It is designed that it can run as a daemonized service. • The least surprising thing for most users is that the default recipe starts the service. • You can manage the service in a number of ways, see the cookbook's README.md. 47
supported_init_styles = [ 'arch', 'bluepill', 'bsd', 'daemontools', 'init', 'launchd', 'runit', 'smf', 'upstart', 'winsw' ] init_style = node["chef_client"]["init_style"] # Services moved to recipes if supported_init_styles.include? init_style include_recipe "chef-client::#{init_style}_service" else log "Could not determine service init style, manual intervention required to start up the chef-client service." end OPEN IN EDITOR: cookbooks/chef-client/recipes/service.rb Exercise: View the chef-client::service recipe • The recipe supports a number of service providers and styles. • It works on a lot of platforms. • Everything is controllable through attributes. 48
Best Practice: Well-written cookbooks change behavior based on attributes • Ideally, you don't have to modify the contents of a cookbook to use it for your specific use case. • Look at the attributes directory for things you can override through roles to affect behavior of the cookbook. • Of course, well written cookbooks have sane defaults, and a README to describe all this. 49
OPEN IN EDITOR: SAVE FILE! roles/chef-client.json { "name" : "chef-client", "description" : "Manages the chef-client", "run_list" : [ "recipe[chef-client]", "recipe[chef-client::delete_validation]" ] } Exercise: Add a chef-client role 50
Exercise: Upload the chef-client role Updated Role chef-client! 51
$ knife role from file chef-client.json Exercise: Upload the chef-client role Updated Role chef-client! 51
Exercise: Re-run the Chef Client ... Recipe: chef-client::delete_validation * file[/etc/chef/validation.pem] action delete[2014-01-07T09:05:43-05:00] INFO: Processing file[/etc/chef/validation.pem] action delete (chef-client::delete_validation line 25) [2014-01-07T09:05:43-05:00] INFO: file[/etc/chef/validation.pem] deleted file at /etc/chef/validation.pem - delete file /etc/chef/validation.pem ... * service[chef-client] action enable[2014-01-07T09:05:46-05:00] INFO: Processing service[chef-client] action enable (chef- client::init_service line 32) [2014-01-07T09:05:47-05:00] INFO: service[chef-client] enabled - enable service service[chef-client] * service[chef-client] action start[2014-01-07T09:05:47-05:00] INFO: Processing service[chef-client] action start (chef- client::init_service line 32) [2014-01-07T09:05:48-05:00] INFO: service[chef-client] started - start service service[chef-client] ... [2014-01-07T09:05:55-05:00] INFO: template[/etc/init.d/chef-client] sending restart action to service[chef-client] (delayed) Recipe: chef-client::init_service * service[chef-client] action restart[2014-01-07T09:05:55-05:00] INFO: Processing service[chef-client] action restart (chef- client::init_service line 32) [2014-01-07T09:06:01-05:00] INFO: service[chef-client] restarted - restart service service[chef-client] [2014-01-07T09:06:01-05:00] INFO: Chef Run complete in 29.341053545 seconds 52
root 8933 0.3 2.2 130400 37816 ? Sl 03:19 0:01 /opt/chef/embedded/bin/ruby /usr/bin/chef-client -d -c / etc/chef/client.rb -L /var/log/chef/client.log -P /var/run/ chef/client.pid -i 1800 -s 300 Exercise: Verify chef-client is running 53
root@module6$ ps awux | grep chef-client root 8933 0.3 2.2 130400 37816 ? Sl 03:19 0:01 /opt/chef/embedded/bin/ruby /usr/bin/chef-client -d -c / etc/chef/client.rb -L /var/log/chef/client.log -P /var/run/ chef/client.pid -i 1800 -s 300 Exercise: Verify chef-client is running 53
Convergent infrastructure • Our node is now running chef-client as a daemon, and it will converge itself over time on a (by default) 30 minute interval. • The amount of resources converged may vary with longer intervals, depending on configuration drift on the system. • Because Chef resources work using the “test and repair” cycle, Chef will only configure what it needs to each run. 54
The Problem and the Success Criteria • The Problem: The chef-client application should check-in every five minutes in the production environment. • Success Criteria: chef-client runs every five minutes in production. 55
Best Practice: Specify cookbook versions in production • We’ve just added three new cookbooks to our run list. • A cookbook version should be set for all cookbooks in your production environment 56
OPEN IN EDITOR: SAVE FILE! environments/production.rb name "production" description "For Production!" cookbook_versions({ "apache" => "= 0.2.0", "chef-client" => "= 3.6.0", "logrotate" => "= 1.6.0", "cron" => "= 1.4.0" }) default_attributes( "chef_client" => { "interval" => 300 } ) Update the production.rb 57
Upload the production environment Updated Environment production 58
$ knife environment from file production.rb Upload the production environment Updated Environment production 58
Exercise: Verify chef-client is running 59
root@module6$ sudo chef-client Exercise: Verify chef-client is running 59
root 8933 0.3 2.2 130400 37816 ? Sl 03:19 0:01 /opt/chef/embedded/bin/ruby /usr/bin/chef-client -d -c / etc/chef/client.rb -L /var/log/chef/client.log -P /var/run/ chef/client.pid -i 300 -s 300 Exercise: Verify chef-client is running 60
root@module6$ ps awux | grep chef-client root 8933 0.3 2.2 130400 37816 ? Sl 03:19 0:01 /opt/chef/embedded/bin/ruby /usr/bin/chef-client -d -c / etc/chef/client.rb -L /var/log/chef/client.log -P /var/run/ chef/client.pid -i 300 -s 300 Exercise: Verify chef-client is running 60
Chef for Windows 61
Additional Tools for Windows 62 • chef-client - works on Windows! • Windows-specific resource types • batch • powershell_script • registry_key • Knife plugins • knife windows • knife azure
Usual suspects • Most resources work the same way they would in a Unix- or Linux-like environment • Including: • package • service • template • user • group 63
Special attributes • File-based resources have attributes that are unique to Microsoft Windows • inherits - for file inheritance • mode - for octal modes • rights - for access control lists (ACLs) 64
Bootstrap a Windows node • Install the knife-windows gem • Configure Windows Remote Management (WinRM) on the target node •knife windows bootstrap winrm ... 65
Chef Fundamentals Webinar Series
Six Episode Series • Module 1 - Overview of Chef • Module 2 - Node Setup, Chef Resources & Recipes • Module 3 - Working with the Node object & Roles • Module 4 - Common configuration data with Databags • Module 5 - Environments and knife-ec2 • Today - Community Cookbooks and Further Resources
Additional Resources • Chef Fundamentals Webinar Series • https://www.youtube.com/watch? v=S5lHUpzoCYo&list=PL11cZfNdwNyPnZA9D1MbVqldGuOWqbum Z • Discussion group for webinar participants • https://groups.google.com/d/forum/learnchef-fundamentals-webinar 68
Additional Resources • Learn Chef • http://learnchef.com • Documentation • http://docs.opscode.com 69

More Related Content

Community Cookbooks & further resources - Fundamentals Webinar Series Part 6

  • 2. Nathen Harvey • Community Director • Co-host of the Food Fight Show Podcast • @nathenharvey
  • 3. Questions & Answers • Ask questions in the chat window when they come to you • We’ll answer as many questions as we can at the end of the session
  • 4. Questions & Answers • Ask questions in the Google Discussion Forum • This can be used during the webinar and outside of the webinar, too. • https://groups.google.com/d/ forum/learnchef-fundamentals- webinar
  • 5. Slides and Video • This webinar is being recorded. The video will be made available shortly after the session has ended. • The slides used throughout this webinar will be made available at the end of each webinar. • Watch http://learnchef.com for updates.
  • 7. Topics • Overview of Chef • Workstation Setup • Node Setup • Chef Resources and Recipes • Working with the Node object • Roles • Common configuration with Data Bags • Environments and knife-ec2 • Community Cookbooks and Further Resources
  • 9. In the last module • Login to the node in your Chef Training Lab • Install Chef nodes using "knife bootstrap" • Included a run_list so that the server was a web server when the bootstrap process completed • Managed Chef Cookbook versions for each Environment 9
  • 10. Where did my Node go? • We still need a CentOS machine to manage • The one we launched last time has likely expired • Launch a new one using the Chef Lab • Hopefully, you’ve already done this. We’re not going to spend time walking through it now. 10
  • 12. $ ssh root@<EXTERNAL_ADDRESS> Lab - Login The authenticity of host 'uvo1qrwls0jdgs3blvt.vm.cld.sr (69.195.232.110)' can't be established. RSA key fingerprint is d9:95:a3:b9:02:27:e9:cd: 74:e4:a2:34:23:f5:a6:8b. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'uvo1qrwls0jdgs3blvt.vm.cld.sr, 69.195.232.110' (RSA) to the list of known hosts. root@uvo1qrwls0jdgs3blvt.vm.cld.sr's password: Last login: Mon Jan 6 16:26:24 2014 from host86-145-117-53.range86-145.btcentralplus.com [root@CentOS63 ~]$ 12
  • 13. Checkpoint • At this point you should have • One virtual machine (VM) or server that you’ll use for the lab exercises • The IP address or public hostname • An application for establishing an ssh connection • 'sudo' or 'root' permissions on the VM 13
  • 14. name "production" description "For Prods!" cookbook "apache", "= 0.2.0" OPEN IN EDITOR: environments/production.rb SAVE FILE! Update the production environment • Upgrade the apache cookbook to version 0.2.0 14
  • 15. Upload the production environment Updated Environment production 15
  • 16. $ knife environment from file production.rb Upload the production environment Updated Environment production 15
  • 17. { "name" : "webserver", "default_attributes" : { "apache" : { "greeting" : "Webinar" } }, "run_list" : [ "recipe[apache]", "recipe[apache::vhosts]" ] } OPEN IN EDITOR: roles/webserver.rb SAVE FILE! Update the webserver role • add the vhosts recipe 16
  • 18. Upload the role Updated Role webserver! 17
  • 19. $ knife role from file webserver.rb Upload the role Updated Role webserver! 17
  • 20. $ knife bootstrap <EXTERNAL_ADDRESS> -x root -P chef -N ‘module6’ -r ‘role[webserver]’ -E production "Bootstrap" the Target Instance Bootstrapping Chef on uvo1qrwls0jdgs3blvt.vm.cld.sr ... ... uvo1qrwls0jdgs3blvt.vm.cld.sr Creating a new client identity for module3 using the validator key. uvo1qrwls0jdgs3blvt.vm.cld.sr resolving cookbooks for run list: [] uvo1qrwls0jdgs3blvt.vm.cld.sr Synchronizing Cookbooks: uvo1qrwls0jdgs3blvt.vm.cld.sr Compiling Cookbooks... uvo1qrwls0jdgs3blvt.vm.cld.sr [2014-01-28T11:03:14-05:00] WARN: Node module3 has an empty run list. uvo1qrwls0jdgs3blvt.vm.cld.sr Converging 0 resources uvo1qrwls0jdgs3blvt.vm.cld.sr Chef Client finished, 0 resources updated 18
  • 21. Exercise: Verify that the home page works • Open a web browser • Type in the the URL for your test node 19
  • 22. v2.1.0 Using Community Cookbooks Open Source: Saving you time! 20
  • 23. • After completing the lesson, you will be able to • Find, preview, and download cookbooks from the Chef Community site • Use knife to work with the Community Site API • Download, extract, examine and implement cookbooks from the Community site Lesson Objectives 21
  • 24. • We've been writing some cookbooks so far... • Hundreds already exist for a large number of use cases and purposes. Many (but only a fraction) are maintained by CHEF Software, Inc. • Think of it like RubyGems.org, CPAN.org, or other focused plugin-style distribution sites. The easy way... 22
  • 25. The Problem and the Success Criteria • The Problem: The chef-client application should run on a regular basis on our nodes. • Success Criteria: chef-client is running as a service on our node. 23
  • 26. Exercise: Find and preview cookbooks on the community site 24
  • 27. Exercise: Find and preview cookbooks on the community site Cookbooks! 24
  • 28. Exercise: Search for a chef-client cookbook 25
  • 29. Exercise: Search for a chef-client cookbook Search for: chef-client 25
  • 32. You can download cookbooks directly from the site... • You can download cookbooks directly from the community site, but: • It doesn't put them in your Chef Repository • It isn't fast if you know what you're looking for (click, click...) • It isn't necessarily fast if you don't know what you're looking for. • You're already using knife for managing cookbooks and other things in your Chef Repository. 28
  • 33. Introducing Knife Cookbook Site plugin • Knife includes a "cookbook site" plugin with some sub-commands: • search • show • download • ... and more! 29
  • 35. Exercise: Download the chef-client cookbook Downloading chef-client from the cookbooks site at version 3.2.0 to /Users/ johnfitzpatrick/cheftraining/fundamentals2.0/ chef-repo/chef-client-3.2.0.tar.gz Cookbook saved: /Users/YOU/chef-repo/chef- client-3.2.0.tar.gz 31
  • 36. $ knife cookbook site download chef-client Exercise: Download the chef-client cookbook Downloading chef-client from the cookbooks site at version 3.2.0 to /Users/ johnfitzpatrick/cheftraining/fundamentals2.0/ chef-repo/chef-client-3.2.0.tar.gz Cookbook saved: /Users/YOU/chef-repo/chef- client-3.2.0.tar.gz 31
  • 37. x chef-client/ x chef-client/attributes/ x chef-client/CHANGELOG.md x chef-client/CONTRIBUTING x chef-client/LICENSE x chef-client/metadata.json x chef-client/metadata.rb x chef-client/README.md x chef-client/recipes/ x chef-client/templates/ x chef-client/templates/arch/ x chef-client/templates/default/ x chef-client/templates/windows/ x chef-client/templates/default/debian/ x chef-client/templates/default/redhat/ x chef-client/templates/default/solaris/ x chef-client/templates/arch/conf.d/ x chef-client/templates/arch/rc.d/ x chef-client/recipes/config.rb x chef-client/recipes/cron.rb x chef-client/recipes/default.rb x chef-client/recipes/delete_validation.rb Exercise: Extract chef-client cookbook tarball 32
  • 38. $ tar -zxvf chef-client*.tar.gz -C cookbooks/ x chef-client/ x chef-client/attributes/ x chef-client/CHANGELOG.md x chef-client/CONTRIBUTING x chef-client/LICENSE x chef-client/metadata.json x chef-client/metadata.rb x chef-client/README.md x chef-client/recipes/ x chef-client/templates/ x chef-client/templates/arch/ x chef-client/templates/default/ x chef-client/templates/windows/ x chef-client/templates/default/debian/ x chef-client/templates/default/redhat/ x chef-client/templates/default/solaris/ x chef-client/templates/arch/conf.d/ x chef-client/templates/arch/rc.d/ x chef-client/recipes/config.rb x chef-client/recipes/cron.rb x chef-client/recipes/default.rb x chef-client/recipes/delete_validation.rb Exercise: Extract chef-client cookbook tarball 32
  • 40. depends 'cron', '>= 1.2.0' depends 'logrotate', '>= 1.2.0' Cookbook Dependencies • Cookbooks are built in a way that allows for easy composition • Dependencies are described in each cookbook’s metadata.rb file 34
  • 41. Exercise: Download the cron cookbook Downloading cron from the cookbooks site at version 1.2.8 to /Users/YOU/chef-repo/cron-1.2.8.tar.gz Cookbook saved: /Users/YOU/chef-repo/ cron-1.2.8.tar.gz 35
  • 42. $ knife cookbook site download cron Exercise: Download the cron cookbook Downloading cron from the cookbooks site at version 1.2.8 to /Users/YOU/chef-repo/cron-1.2.8.tar.gz Cookbook saved: /Users/YOU/chef-repo/ cron-1.2.8.tar.gz 35
  • 43. x cron/ x cron/CHANGELOG.md x cron/README.md x cron/metadata.json x cron/metadata.rb x cron/providers x cron/providers/d.rb x cron/recipes x cron/recipes/default.rb x cron/recipes/test.rb x cron/resources x cron/resources/d.rb x cron/templates x cron/templates/default x cron/templates/default/cron.d.erb Exercise: Extract cron cookbook tarball 36
  • 44. $ tar -zxvf cron*.tar.gz -C cookbooks/ x cron/ x cron/CHANGELOG.md x cron/README.md x cron/metadata.json x cron/metadata.rb x cron/providers x cron/providers/d.rb x cron/recipes x cron/recipes/default.rb x cron/recipes/test.rb x cron/resources x cron/resources/d.rb x cron/templates x cron/templates/default x cron/templates/default/cron.d.erb Exercise: Extract cron cookbook tarball 36
  • 45. Exercise: Download the logrotate cookbook Downloading logrotate from the cookbooks site at version 1.4.0 to /Users/johnfitzpatrick/ cheftraining/chef-repo/logrotate-1.4.0.tar.gz Cookbook saved: /Users/YOU/chef-repo/ logrotate-1.4.0.tar.gz 37
  • 46. $ knife cookbook site download logrotate Exercise: Download the logrotate cookbook Downloading logrotate from the cookbooks site at version 1.4.0 to /Users/johnfitzpatrick/ cheftraining/chef-repo/logrotate-1.4.0.tar.gz Cookbook saved: /Users/YOU/chef-repo/ logrotate-1.4.0.tar.gz 37
  • 47. x logrotate/ x logrotate/CHANGELOG.md x logrotate/README.md x logrotate/attributes x logrotate/attributes/default.rb x logrotate/definitions x logrotate/definitions/logrotate_app.rb x logrotate/libraries x logrotate/libraries/logrotate_config.rb x logrotate/metadata.json x logrotate/metadata.rb x logrotate/recipes x logrotate/recipes/default.rb x logrotate/recipes/global.rb x logrotate/templates x logrotate/templates/default x logrotate/templates/default/logrotate-global.erb x logrotate/templates/default/logrotate.erb Exercise: Extract logrotate cookbook tarball 38
  • 48. $ tar -zxvf logrotate*.tar.gz -C cookbooks/ x logrotate/ x logrotate/CHANGELOG.md x logrotate/README.md x logrotate/attributes x logrotate/attributes/default.rb x logrotate/definitions x logrotate/definitions/logrotate_app.rb x logrotate/libraries x logrotate/libraries/logrotate_config.rb x logrotate/metadata.json x logrotate/metadata.rb x logrotate/recipes x logrotate/recipes/default.rb x logrotate/recipes/global.rb x logrotate/templates x logrotate/templates/default x logrotate/templates/default/logrotate-global.erb x logrotate/templates/default/logrotate.erb Exercise: Extract logrotate cookbook tarball 38
  • 49. What we just did... • Cookbooks are distributed as a versioned .tar.gz archive. • The latest version is downloaded by default (you can specify the version). • Extract the cookbook into the "cookbooks" directory with tar. • Next, let's examine the contents. 39
  • 50. Best practice: well written cookbooks have a README! • Documentation for cookbooks doesn't need to be extensive, but a README should describe some important aspects of a cookbook: • Expectations (cookbooks, platform, data) • Recipes and their purpose • LWRPs, Libraries, etc. • Usage notes • Read the README first! 40
  • 51. Best Practice: This runs as root! • So, you just downloaded source code from the internet. • As root. • To load in the magic machine that: • Makes your computers run code • Read the entire cookbook first! 41
  • 52. Exercise: Upload the cookbooks Updated cookbooks/cron Updated cookbooks/logrotate Updated cookbooks/chef-client 42
  • 53. $ knife upload cookbooks Exercise: Upload the cookbooks Updated cookbooks/cron Updated cookbooks/logrotate Updated cookbooks/chef-client 42
  • 54. Examining the chef-client cookbook • We're going to use two recipes on the node from the chef-client cookbook. • delete_validation • service (via default) 43
  • 55. Best Practice: Delete the validation certificate when it isn't required • Once Chef enters the actual run, synchronizing cookbooks, it has registered its own API client with the validation certificate • That certificate is no longer required. We do this first because in case the run fails for another reason, we know at least the validation certificate is gone 44
  • 56. OPEN IN EDITOR: SAVE FILE! unless chef_server? file Chef::Config[:validation_key] do action :delete backup false only_if { ::File.exists?(Chef::Config[:client_key]) } end end Exercise: View the chef-client::delete_validation recipe 45
  • 57. OPEN IN EDITOR: SAVE FILE! cookbooks/chef-client/recipes/delete_validation.rb unless chef_server? file Chef::Config[:validation_key] do action :delete backup false only_if { ::File.exists?(Chef::Config[:client_key]) } end end Exercise: View the chef-client::delete_validation recipe 45
  • 58. OPEN IN EDITOR: SAVE FILE! # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # include_recipe "chef-client::service" Exercise: View the chef-client::default recipe 46
  • 59. OPEN IN EDITOR: SAVE FILE! cookbooks/chef-client/recipes/default.rb # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # include_recipe "chef-client::service" Exercise: View the chef-client::default recipe 46
  • 60. Best Practice: Sane defaults do "pretty much" what you expect • The main point of the "chef-client" cookbook is managing the "chef-client" program. It is designed that it can run as a daemonized service. • The least surprising thing for most users is that the default recipe starts the service. • You can manage the service in a number of ways, see the cookbook's README.md. 47
  • 61. supported_init_styles = [ 'arch', 'bluepill', 'bsd', 'daemontools', 'init', 'launchd', 'runit', 'smf', 'upstart', 'winsw' ] init_style = node["chef_client"]["init_style"] # Services moved to recipes if supported_init_styles.include? init_style include_recipe "chef-client::#{init_style}_service" else log "Could not determine service init style, manual intervention required to start up the chef-client service." end OPEN IN EDITOR: cookbooks/chef-client/recipes/service.rb Exercise: View the chef-client::service recipe • The recipe supports a number of service providers and styles. • It works on a lot of platforms. • Everything is controllable through attributes. 48
  • 62. Best Practice: Well-written cookbooks change behavior based on attributes • Ideally, you don't have to modify the contents of a cookbook to use it for your specific use case. • Look at the attributes directory for things you can override through roles to affect behavior of the cookbook. • Of course, well written cookbooks have sane defaults, and a README to describe all this. 49
  • 63. OPEN IN EDITOR: SAVE FILE! roles/chef-client.json { "name" : "chef-client", "description" : "Manages the chef-client", "run_list" : [ "recipe[chef-client]", "recipe[chef-client::delete_validation]" ] } Exercise: Add a chef-client role 50
  • 64. Exercise: Upload the chef-client role Updated Role chef-client! 51
  • 65. $ knife role from file chef-client.json Exercise: Upload the chef-client role Updated Role chef-client! 51
  • 66. Exercise: Re-run the Chef Client ... Recipe: chef-client::delete_validation * file[/etc/chef/validation.pem] action delete[2014-01-07T09:05:43-05:00] INFO: Processing file[/etc/chef/validation.pem] action delete (chef-client::delete_validation line 25) [2014-01-07T09:05:43-05:00] INFO: file[/etc/chef/validation.pem] deleted file at /etc/chef/validation.pem - delete file /etc/chef/validation.pem ... * service[chef-client] action enable[2014-01-07T09:05:46-05:00] INFO: Processing service[chef-client] action enable (chef- client::init_service line 32) [2014-01-07T09:05:47-05:00] INFO: service[chef-client] enabled - enable service service[chef-client] * service[chef-client] action start[2014-01-07T09:05:47-05:00] INFO: Processing service[chef-client] action start (chef- client::init_service line 32) [2014-01-07T09:05:48-05:00] INFO: service[chef-client] started - start service service[chef-client] ... [2014-01-07T09:05:55-05:00] INFO: template[/etc/init.d/chef-client] sending restart action to service[chef-client] (delayed) Recipe: chef-client::init_service * service[chef-client] action restart[2014-01-07T09:05:55-05:00] INFO: Processing service[chef-client] action restart (chef- client::init_service line 32) [2014-01-07T09:06:01-05:00] INFO: service[chef-client] restarted - restart service service[chef-client] [2014-01-07T09:06:01-05:00] INFO: Chef Run complete in 29.341053545 seconds 52
  • 67. root 8933 0.3 2.2 130400 37816 ? Sl 03:19 0:01 /opt/chef/embedded/bin/ruby /usr/bin/chef-client -d -c / etc/chef/client.rb -L /var/log/chef/client.log -P /var/run/ chef/client.pid -i 1800 -s 300 Exercise: Verify chef-client is running 53
  • 68. root@module6$ ps awux | grep chef-client root 8933 0.3 2.2 130400 37816 ? Sl 03:19 0:01 /opt/chef/embedded/bin/ruby /usr/bin/chef-client -d -c / etc/chef/client.rb -L /var/log/chef/client.log -P /var/run/ chef/client.pid -i 1800 -s 300 Exercise: Verify chef-client is running 53
  • 69. Convergent infrastructure • Our node is now running chef-client as a daemon, and it will converge itself over time on a (by default) 30 minute interval. • The amount of resources converged may vary with longer intervals, depending on configuration drift on the system. • Because Chef resources work using the “test and repair” cycle, Chef will only configure what it needs to each run. 54
  • 70. The Problem and the Success Criteria • The Problem: The chef-client application should check-in every five minutes in the production environment. • Success Criteria: chef-client runs every five minutes in production. 55
  • 71. Best Practice: Specify cookbook versions in production • We’ve just added three new cookbooks to our run list. • A cookbook version should be set for all cookbooks in your production environment 56
  • 72. OPEN IN EDITOR: SAVE FILE! environments/production.rb name "production" description "For Production!" cookbook_versions({ "apache" => "= 0.2.0", "chef-client" => "= 3.6.0", "logrotate" => "= 1.6.0", "cron" => "= 1.4.0" }) default_attributes( "chef_client" => { "interval" => 300 } ) Update the production.rb 57
  • 73. Upload the production environment Updated Environment production 58
  • 74. $ knife environment from file production.rb Upload the production environment Updated Environment production 58
  • 76. root@module6$ sudo chef-client Exercise: Verify chef-client is running 59
  • 77. root 8933 0.3 2.2 130400 37816 ? Sl 03:19 0:01 /opt/chef/embedded/bin/ruby /usr/bin/chef-client -d -c / etc/chef/client.rb -L /var/log/chef/client.log -P /var/run/ chef/client.pid -i 300 -s 300 Exercise: Verify chef-client is running 60
  • 78. root@module6$ ps awux | grep chef-client root 8933 0.3 2.2 130400 37816 ? Sl 03:19 0:01 /opt/chef/embedded/bin/ruby /usr/bin/chef-client -d -c / etc/chef/client.rb -L /var/log/chef/client.log -P /var/run/ chef/client.pid -i 300 -s 300 Exercise: Verify chef-client is running 60
  • 80. Additional Tools for Windows 62 • chef-client - works on Windows! • Windows-specific resource types • batch • powershell_script • registry_key • Knife plugins • knife windows • knife azure
  • 81. Usual suspects • Most resources work the same way they would in a Unix- or Linux-like environment • Including: • package • service • template • user • group 63
  • 82. Special attributes • File-based resources have attributes that are unique to Microsoft Windows • inherits - for file inheritance • mode - for octal modes • rights - for access control lists (ACLs) 64
  • 83. Bootstrap a Windows node • Install the knife-windows gem • Configure Windows Remote Management (WinRM) on the target node •knife windows bootstrap winrm ... 65
  • 85. Six Episode Series • Module 1 - Overview of Chef • Module 2 - Node Setup, Chef Resources & Recipes • Module 3 - Working with the Node object & Roles • Module 4 - Common configuration data with Databags • Module 5 - Environments and knife-ec2 • Today - Community Cookbooks and Further Resources
  • 86. Additional Resources • Chef Fundamentals Webinar Series • https://www.youtube.com/watch? v=S5lHUpzoCYo&list=PL11cZfNdwNyPnZA9D1MbVqldGuOWqbum Z • Discussion group for webinar participants • https://groups.google.com/d/forum/learnchef-fundamentals-webinar 68
  • 87. Additional Resources • Learn Chef • http://learnchef.com • Documentation • http://docs.opscode.com 69