Overview of Chef - Fundamentals Webinar Series Part 1

Chef Fundamentals
training@getchef.com
Copyright (C) 2014 Chef Software, Inc.

Nathen Harvey
• Community Director
• Co-host of the Food Fight Show Podcast
• @nathenharvey

Webinar Objectives and Style
3

Multi-week Webinar Series
• After completing of this webinar series you will be
able to
• Automate common infrastructure tasks with Chef
• Describe Chef’s architecture
• Describe Chef’s various tools
• Apply Chef’s primitives to solve your problems

How to learn Chef
• You bring the domain expertise about your business
and infrastructure
• Chef provides a framework for automating your
infrastructure
• Our job is to work together to teach you how to
model and automate your infrastructure with Chef

Chef is a Language
• Learning Chef is like learning the basics of a
language
• 80% fluency will be reached very quickly
• The remaining 20% just takes practice
• The best way to learn Chef is to use Chef

Topics
• Overview of Chef
• Workstation Setup
• Node Setup
• Chef Resources and Recipes
• Introducing the Node object
• Setting Node attributes
• Roles
• Community Cookbooks

Lesson Objectives
• After completing the lesson, you will be able to
• Describe how Chef thinks about Infrastructure
Automation
• Define the following terms:
• Resource
• Recipe
• Node
• Run List
• Search

http://www.ﬂickr.com/photos/michaelheiss/3090102907/
Complexity
11

Items of Manipulation (Resources)
• Networking
• Files
• Directories
• Symlinks
• Mounts
• Registry Keys
• Powershell Scripts
• Users
• Groups
• Packages
• Services
• Filesystems
12

Application
A tale of growth...
13

Application
Application Database
Add a database
14

Application
App Databases
Make database redundant
15

App Servers
App Databases
Application server redundancy
16

App LB
App Servers
App Databases
Add a load balancer
17

App LBs
App Servers
App Databases
Webscale!
18

App LBs
App Servers
App DB Cache
App DBs
Now we need a caching layer
19

App LBs
App Servers
App DB Cache
App DBs
Infrastructure has a Topology
20

Round Robin DNS
App Servers
App DB Cache
App DBs
Floating IP?
Your Infrastructure is a Snowflake
21

App LBs
App Servers
< Shiny!
DB slaves
Cache
DB Cache
DBs
Complexity Increases Quickly
Are we monitoring??
22

App LBs
App Servers
DB slaves
Cache
DB Cache
DBs
...and change happens!
23

App LBs
App Servers
DB slaves
Cache
DB Cache
DBs
Add a Central Log Host
Central Log Host
24

App LBs
App Servers
DB slaves
Cache
DB Cache
DBs
Add a Central Log Host
Update syslog.conf on
all Nodes
Central Log Host
25

Chef Solves This Problem
• But you already
guessed that, didn’t
you?
26

Chef is Infrastructure as Code
• Programmatically
provision and
configure components
http://www.ﬂickr.com/photos/louisb/4555295187/
27

• Treat like any other
code base
28

• Reconstruct business
from code repository,
data backup, and
compute resources
29

• Programmatically
provision and
configure components
• Treat like any other
code base
• Reconstruct business
from code repository,
data backup, and
compute resourceshttp://www.ﬂickr.com/photos/louisb/4555295187/
30

Configuration Code
• Chef ensures each Node complies with the policy
• Policy is determined by the configurations in each
Node’s run list
• Reduce management complexity through abstraction
• Store the configuration of your infrastructure in
version control
31

Declarative Interface to Resources
• You define the policy in your Chef configuration
• Your policy states what state each resource should
be in, but not how to get there
• Chef-client will pull the policy from the Chef Server
and enforce the policy on the Node
32

Managing Complexity
• Resources
• Recipes
• Nodes
• Search
33

Resources
• A Resource represents a piece of the system and its
desired state
• A package that should be installed
• A service that should be running
• A file that should be generated
• A cron job that should be configured
• A user that should be managed
• and more
34

Resources in Recipes
• Resources are the fundamental building blocks of
Chef configuration
• Resources are gathered into Recipes
• Recipes ensure the system is in the desired state
35

Recipes
• Configuration files that describe resources and their
desired state
• Recipes can:
• Install and configure software components
• Manage files
• Deploy applications
• Execute other recipes
• and more
36

Example Recipe
package "httpd" do
action :start
end
template "/etc/httpd/conf/httpd.conf" do
source "httpd.conf.erb"
owner "root"
group "root"
mode "0644"
variables(:allow_override => "All")
notifies :reload, "service[httpd]"
end
service "httpd" do
action [:enable,:start]
supports :reload => true
end
37

Nodes Adhere to Policy
• The chef-client application runs on each node, which
• Gathers the current system configuration of the
node
• Downloads the desired system configuration
policies from the Chef server for that node
• Configures the node such that it adheres to those
policies
39

Run List
Node
Enterprise
Chef chef-client
What policy should I follow?
40

Run List
Node
Enterprise
Chef chef-client
"recipe[ntp::client]"
"recipe[users]"
"role[webserver]"
41

Run List
Enterprise
Chef chef-client
"recipe[ntp::client]"
"recipe[users]"
"role[webserver]"
42

Run List Specifies Policy
• The Run List is an ordered collection of policies that
the Node should follow
• Chef-client obtains the Run List from the Chef
Server
• Chef-client ensures the Node complies with the
policy in the Run List
43

Search
• Search for nodes with Roles
• Find Topology Data
• IP addresses
• Hostnames
• FQDNs
http://www.ﬂickr.com/photos/kathycsus/268677262544

Search for Nodes
pool_members = search("node","role:webserver")
template "/etc/haproxy/haproxy.cfg" do
source "haproxy-app_lb.cfg.erb"
owner "root"
group "root"
mode 0644
variables :pool_members => pool_members.uniq
notifies :restart, "service[haproxy]"
end
45

Webservers
HAProxy Configuration
46
HA Proxy

Webservers
HAProxy Load Balancer
47
HA ProxyEnterprise
Chef

Webservers
48
HA ProxyEnterprise
Chef
Webservers?

Webservers
49
HA ProxyEnterprise
Chef
Webservers?

Webservers
50
HA ProxyEnterprise
Chef
Webservers?
{
"web01" : {
"hostname" : "web01",
"ipaddress" : "10.1.1.1"
},
"web02" : {
"ipaddress" : "10.1.1.2"
},
"web03" : {
"ipaddress" : "10.1.1.3"
},
"web04" : {
"ipaddress" : "10.1.1.4"
},
"web05" : {
"ipaddress" : "10.1.1.5"
},
"web06" : {
"ipaddress" : "10.1.1.6"
}
}

Webservers
51
HA ProxyEnterprise
Chef
Webservers?
{
"web01" : {
"ipaddress" : "10.1.1.1"
},
"web02" : {
"ipaddress" : "10.1.1.2"
},
"web03" : {
"ipaddress" : "10.1.1.3"
},
"web04" : {
"ipaddress" : "10.1.1.4"
},
"web05" : {
"ipaddress" : "10.1.1.5"
},
"web06" : {
"ipaddress" : "10.1.1.6"
}
}

Webservers
52
HA ProxyEnterprise
Chef
Webservers?
{
"web01" : {
"ipaddress" : "10.1.1.1"
},
"web02" : {
"ipaddress" : "10.1.1.2"
},
"web03" : {
"ipaddress" : "10.1.1.3"
},
"web04" : {
"ipaddress" : "10.1.1.4"
},
"web05" : {
"ipaddress" : "10.1.1.5"
},
"web06" : {
"ipaddress" : "10.1.1.6"
}
}
pool_members
{
"web01" : {
"ipaddress" : "10.1.1.1"
},
"web02" : {
"ipaddress" : "10.1.1.2"
},
"web03" : {
"ipaddress" : "10.1.1.3"
},
"web04" : {
"ipaddress" : "10.1.1.4"
},
"web05" : {
"ipaddress" : "10.1.1.5"
},
"web06" : {
"ipaddress" : "10.1.1.6"
}
}

Search for Nodes
template "/etc/haproxy/haproxy.cfg" do
source "haproxy-app_lb.cfg.erb"
owner "root"
group "root"
mode 0644
variables :pool_members => pool_members.uniq
notifies :restart, "service[haproxy]"
end
53

Pass results into Templates
# Set up application listeners here.
listen application 0.0.0.0:80
balance roundrobin
<% @pool_members.each do |member| -%>
server <%= member[:hostname] %> <%= member[:ipaddress] %>:>
weight 1 maxconn 1 check
<% end -%>
<% if node["haproxy"]["enable_admin"] -%>
listen admin 0.0.0.0:22002
mode http
stats uri /
<% end -%>
54

Webservers
55
HA Proxypool_members
{
"web01" : {
"ipaddress" : "10.1.1.1"
},
"web02" : {
"ipaddress" : "10.1.1.2"
},
"web03" : {
"ipaddress" : "10.1.1.3"
},
"web04" : {
"ipaddress" : "10.1.1.4"
},
"web05" : {
"ipaddress" : "10.1.1.5"
},
"web06" : {
"ipaddress" : "10.1.1.6"
}
}
server <%= member[:hostname] %> <%= member[:ipaddress] %>:> weight 1 maxconn 1 check
<% end -%>

Webservers
56
{
"web01" : {
"ipaddress" : "10.1.1.1"
},
"web02" : {
"ipaddress" : "10.1.1.2"
},
"web03" : {
"ipaddress" : "10.1.1.3"
},
"web04" : {
"ipaddress" : "10.1.1.4"
},
"web05" : {
"ipaddress" : "10.1.1.5"
},
"web06" : {
"ipaddress" : "10.1.1.6"
}
}
<% end -%>
haproxy.cfg
server web01 10.1.1.1 weight 1 maxconn 1 check

Webservers
57
{
"web01" : {
"ipaddress" : "10.1.1.1"
},
"web02" : {
"ipaddress" : "10.1.1.2"
},
"web03" : {
"ipaddress" : "10.1.1.3"
},
"web04" : {
"ipaddress" : "10.1.1.4"
},
"web05" : {
"ipaddress" : "10.1.1.5"
},
"web06" : {
"ipaddress" : "10.1.1.6"
}
}
<% end -%>
haproxy.cfg

Webservers
58
{
"web01" : {
"ipaddress" : "10.1.1.1"
},
"web02" : {
"ipaddress" : "10.1.1.2"
},
"web03" : {
"ipaddress" : "10.1.1.3"
},
"web04" : {
"ipaddress" : "10.1.1.4"
},
"web05" : {
"ipaddress" : "10.1.1.5"
},
"web06" : {
"ipaddress" : "10.1.1.6"
}
}
<% end -%>
haproxy.cfg

Webservers
59
{
"web01" : {
"ipaddress" : "10.1.1.1"
},
"web02" : {
"ipaddress" : "10.1.1.2"
},
"web03" : {
"ipaddress" : "10.1.1.3"
},
"web04" : {
"ipaddress" : "10.1.1.4"
},
"web05" : {
"ipaddress" : "10.1.1.5"
},
"web06" : {
"ipaddress" : "10.1.1.6"
}
}
<% end -%>
haproxy.cfg

Webservers
60
{
"web01" : {
"ipaddress" : "10.1.1.1"
},
"web02" : {
"ipaddress" : "10.1.1.2"
},
"web03" : {
"ipaddress" : "10.1.1.3"
},
"web04" : {
"ipaddress" : "10.1.1.4"
},
"web05" : {
"ipaddress" : "10.1.1.5"
},
"web06" : {
"ipaddress" : "10.1.1.6"
}
}
<% end -%>
haproxy.cfg

Webservers
61
{
"web01" : {
"ipaddress" : "10.1.1.1"
},
"web02" : {
"ipaddress" : "10.1.1.2"
},
"web03" : {
"ipaddress" : "10.1.1.3"
},
"web04" : {
"ipaddress" : "10.1.1.4"
},
"web05" : {
"ipaddress" : "10.1.1.5"
},
"web06" : {
"ipaddress" : "10.1.1.6"
}
}
<% end -%>
haproxy.cfg

Jboss App
Memcache
Postgres Slaves
Postgres Master
NagiosGraphite
So when this...
62

Jboss App
Memcache
Postgres Slaves
Postgres Master
NagiosGraphite
...becomes this
63

Memcache
Postgres Slaves
Postgres Master
NagiosGraphite
Jboss App
Memcache
Postgres Slaves
Postgres Master
NagiosGraphite
...this can happen automatically
64

NagiosGraphite NagiosGraphite
Memcache
Postgres Slaves
• Load balancer config
• Nagios host ping
• Nagios host ssh
• Nagios host HTTP
• Nagios host app health
• Graphite CPU
• Graphite Memory
• Graphite Disk
• Graphite SNMP
• Memcache firewall
• Postgres firewall
• Postgres authZ config
• 12+ resource changes for 1 node addition
Count the Resources
Jboss App
65

Manage Complexity
• Determine the desired state of your infrastructure
• Identify the Resources required to meet that state
• Gather the Resources into Recipes
• Compose a Run List from Recipes
• Apply a Run List to each Node in your environment
• Your infrastructure adheres to the policy modeled in
Chef
66

Configuration Drift
• Configuration Drift happens when:
• Your infrastructure requirements change
• The configuration of a server falls out of policy
• Chef makes it easy to manage
• Model the new requirements in your Chef
configuration files
• Run the chef-client to enforce your policies
67

Recap
• In this section, we have
• Described how Chef thinks about Infrastructure
Automation
• Defined the following terms:
• Resource
• Recipe
• Node
• Run List
• Search

What Questions Do You Have?
Nathen Harvey
Community Director
nharvey@getchef.com
@nathenharvey
69

Sign-up for Hosted Chef
• http://getchef.com
• Click “Get Chef”
• Select “Hosted Chef”
• Complete the registration form
• Create an Organization

Their Infrastructure
Organizations
My Infrastructure Your Infrastructure
72

Organizations
• Provide multi-tenancy in Enterprise Chef
• Nothing is shared between Organizations - they're
completely independent
• May represent different
• Companies
• Business Units
• Departments
73

Configure Workstation
• Download and extract Chef starter kit
• Install chef-client
• http://getchef.com/chef/install
74

• Your version may
be different, that’s
ok!
Verify Knife
$ knife --version
Chef: 11.12.4
$ knife client list
ORGNAME-validator
75

OPEN IN EDITOR: chef-repo/.chef/knife.rb
current_dir = File.dirname(__FILE__)
log_level :info
log_location STDOUT
node_name "USERNAME"
client_key "#{current_dir}/USERNAME.pem"
validation_client_name "ORGNAME-validator"
validation_key "#{current_dir}/ORGNAME-validator.pem"
chef_server_url "https://api.opscode.com/organizations/ORGNAME"
cache_type 'BasicFile'
cache_options( :path => "#{ENV['HOME']}/.chef/checksums" )
cookbook_path ["#{current_dir}/../cookbooks"]
knife.rb
76

1.Reads the chef_server_url
from knife.rb
2.Invokes HTTP GET to
#{chef_server_url}/clients
3.Displays the result
77
knife client list

Chef Fundamentals
Webinar Series

Six Week Series
• May 20 - Overview of Chef
• May 27 - Node Setup, Chef Resources & Recipes
• June 3 - Working with the Node object
• June 10 - Common configuration data with Databags
• June 17 - Using Roles and Environments
• June 24 - Community Cookbooks and Further Resources
• * Topics subject to change, schedule unlikely to change

Sign-up for Webinar
• http://pages.getchef.com/
cheffundamentalsseries.html

Additional Resources
• Chef Fundamentals Webinar Series
• https://www.youtube.com/watch?
v=S5lHUpzoCYo&list=PL11cZfNdwNyPnZA9D1MbVqldGuOWqbum
Z
• Discussion group for webinar participants
• https://groups.google.com/d/forum/learnchef-fundamentals-webinar
81

Additional Resources
• Learn Chef
• http://learnchef.com
• Documentation
• http://docs.opscode.com
82

Overview of Chef - Fundamentals Webinar Series Part 1

Related slideshows

More Related Content

Overview of Chef - Fundamentals Webinar Series Part 1