Download as PDF, PPTX
![Desired Configuration
Node
Chef
Server
chef-client
What policy should I follow?
"recipe[ntp::client]"
"recipe[users]"
"role[webserver]"](https://image.slidesharecdn.com/introductiontochef-ato-141114131603-conversion-gate02/75/Introduction-to-Infrastructure-as-Code-Automation-Introduction-to-Chef-41-2048.jpg)
![Desired Configuration
Chef
Server
chef-client
What policy should I follow?
"recipe[ntp::client]"
"recipe[users]"
"role[webserver]"](https://image.slidesharecdn.com/introductiontochef-ato-141114131603-conversion-gate02/75/Introduction-to-Infrastructure-as-Code-Automation-Introduction-to-Chef-42-2048.jpg)
![$
Recipe: (chef-apply cookbook)::(chef-apply recipe)
* file[/tmp/hello_chef.txt] action create
- create new file /tmp/hello_chef.txt
- update content in file /tmp/hello_chef.txt from none to 79c290
--- /tmp/hello_chef.txt 2014-10-22 19:59:04.000000000 -0400
+++ /tmp/.hello_chef.txt20141022-23075-19aelx1 2014-10-22
19:59:04.000000000 -0400
@@ -1 +1,2 @@
+Hello, Chef
- change mode from '' to '0777'
Apply the policy
sudo chef-apply hello_chef.rb](https://image.slidesharecdn.com/introductiontochef-ato-141114131603-conversion-gate02/75/Introduction-to-Infrastructure-as-Code-Automation-Introduction-to-Chef-56-2048.jpg)
![$
Recipe: (chef-apply cookbook)::(chef-apply recipe)
* file[/tmp/hello_chef.txt] action create (up to date)
Apply the policy
sudo chef-apply hello_chef.rb](https://image.slidesharecdn.com/introductiontochef-ato-141114131603-conversion-gate02/75/Introduction-to-Infrastructure-as-Code-Automation-Introduction-to-Chef-58-2048.jpg)
![$
Recipe: (chef-apply cookbook)::(chef-apply recipe)
* file[/tmp/hello_chef.txt] action create
- update content in file /tmp/hello_chef.txt from e453df to 79c290
--- /tmp/hello_chef.txt 2014-10-22 20:00:20.000000000 -0400
+++ /tmp/.hello_chef.txt20141022-23340-17a7m5t 2014-10-22
20:00:50.000000000 -0400
@@ -1,2 +1,2 @@
-“Hello, #ato2014”
+Hello, Chef
Apply the policy
sudo chef-apply hello_chef.rb](https://image.slidesharecdn.com/introductiontochef-ato-141114131603-conversion-gate02/75/Introduction-to-Infrastructure-as-Code-Automation-Introduction-to-Chef-61-2048.jpg)
![Sample Recipe
package "httpd"
template "/etc/httpd/conf/httpd.conf" do
source "httpd.conf.erb"
owner "root"
group "root"
mode "0644"
notifies :restart, "service[httpd]"
end
service "httpd" do
action [:start, :enable]
end
file "/var/www/html/index.html" do
content "Hello, ATO!"
end](https://image.slidesharecdn.com/introductiontochef-ato-141114131603-conversion-gate02/75/Introduction-to-Infrastructure-as-Code-Automation-Introduction-to-Chef-65-2048.jpg)
![Desired Configuration
Node
Chef
Server
chef-client
What policy should I follow?
"recipe[ntp::client]"
"recipe[users]"
"role[webserver]"](https://crownmelresort.com/image.slidesharecdn.com/introductiontochef-ato-141114131603-conversion-gate02/75/Introduction-to-Infrastructure-as-Code-Automation-Introduction-to-Chef-41-2048.jpg)
![Desired Configuration
Chef
Server
chef-client
What policy should I follow?
"recipe[ntp::client]"
"recipe[users]"
"role[webserver]"](https://crownmelresort.com/image.slidesharecdn.com/introductiontochef-ato-141114131603-conversion-gate02/75/Introduction-to-Infrastructure-as-Code-Automation-Introduction-to-Chef-42-2048.jpg)
![$
Recipe: (chef-apply cookbook)::(chef-apply recipe)
* file[/tmp/hello_chef.txt] action create
- create new file /tmp/hello_chef.txt
- update content in file /tmp/hello_chef.txt from none to 79c290
--- /tmp/hello_chef.txt 2014-10-22 19:59:04.000000000 -0400
+++ /tmp/.hello_chef.txt20141022-23075-19aelx1 2014-10-22
19:59:04.000000000 -0400
@@ -1 +1,2 @@
+Hello, Chef
- change mode from '' to '0777'
Apply the policy
sudo chef-apply hello_chef.rb](https://crownmelresort.com/image.slidesharecdn.com/introductiontochef-ato-141114131603-conversion-gate02/75/Introduction-to-Infrastructure-as-Code-Automation-Introduction-to-Chef-56-2048.jpg)
![$
Recipe: (chef-apply cookbook)::(chef-apply recipe)
* file[/tmp/hello_chef.txt] action create (up to date)
Apply the policy
sudo chef-apply hello_chef.rb](https://crownmelresort.com/image.slidesharecdn.com/introductiontochef-ato-141114131603-conversion-gate02/75/Introduction-to-Infrastructure-as-Code-Automation-Introduction-to-Chef-58-2048.jpg)
![$
Recipe: (chef-apply cookbook)::(chef-apply recipe)
* file[/tmp/hello_chef.txt] action create
- update content in file /tmp/hello_chef.txt from e453df to 79c290
--- /tmp/hello_chef.txt 2014-10-22 20:00:20.000000000 -0400
+++ /tmp/.hello_chef.txt20141022-23340-17a7m5t 2014-10-22
20:00:50.000000000 -0400
@@ -1,2 +1,2 @@
-“Hello, #ato2014”
+Hello, Chef
Apply the policy
sudo chef-apply hello_chef.rb](https://crownmelresort.com/image.slidesharecdn.com/introductiontochef-ato-141114131603-conversion-gate02/75/Introduction-to-Infrastructure-as-Code-Automation-Introduction-to-Chef-61-2048.jpg)
![Sample Recipe
package "httpd"
template "/etc/httpd/conf/httpd.conf" do
source "httpd.conf.erb"
owner "root"
group "root"
mode "0644"
notifies :restart, "service[httpd]"
end
service "httpd" do
action [:start, :enable]
end
file "/var/www/html/index.html" do
content "Hello, ATO!"
end](https://crownmelresort.com/image.slidesharecdn.com/introductiontochef-ato-141114131603-conversion-gate02/75/Introduction-to-Infrastructure-as-Code-Automation-Introduction-to-Chef-65-2048.jpg)
Uploaded byAll Things Open
Introduction to Infrastructure as Code & Automation / Introduction to Chef
The document discusses infrastructure as code and Chef. It introduces Chef as an open source automation framework that allows system administrators to define infrastructure in code. It describes how Chef uses a policy-based approach to ensure nodes comply with defined policies and discusses how this allows for scalable, automated management of infrastructure.
More Related Content
Similar to Introduction to Infrastructure as Code & Automation / Introduction to Chef
Introduction to Infrastructure as Code & Automation / Introduction to Chef
- 1. Chef Fundamentals byChef Software, Inc. is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. Intro to Infrastructure as Code Introduction to Chef All Things Open – October 2014 https://github.com/nathenharvey/ato-2014
- 2. Nathen Harvey • Community Directorat Chef • Co-host of the Food Fight Show • Co-organizer of DevOpsDC meetup • Occasional farmer – http://bit.ly/farmer-nathen • @nathenharvey • nharvey@getchef.com
- 3.
- 4.
- 5.
- 6.
- 7.
- 8. Are you experienced? • Experiencewith Infrastructure as Code or Configuration Management?
- 9. Are you experienced? • Experiencewith Infrastructure as Code or Configuration Management? • Experience with Chef?
- 10. Which version controlsystem do your use?
- 11. Which version controlsystem do your use? • cp foo foo.bak
- 12. Which version controlsystem do your use? • cp foo foo.bak • cp foo{,.`date +%Y%m%d%H%M`}
- 13. Which version controlsystem do your use? • cp foo foo.bak • cp foo{,.`date +%Y%m%d%H%M`} • cp foo{,.`date +%Y%m%d%H%M`-`$USER`}
- 14.
- 15. The Sys Admin’sJourney • ssh
- 16. The Sys Admin’sJourney • ssh • Store notes in ~/server.txt
- 17. The Sys Admin’sJourney • ssh • Store notes in ~/server.txt • Move notes to the wiki
- 18. The Sys Admin’sJourney • ssh • Store notes in ~/server.txt • Move notes to the wiki • Write some scripts (setup.sh, fixit.sh, etc.)
- 19. The Sys Admin’sJourney • ssh • Store notes in ~/server.txt • Move notes to the wiki • Write some scripts (setup.sh, fixit.sh, etc.) • Golden images and snapshots
- 20. The Sys Admin’sJourney • ssh • Store notes in ~/server.txt • Move notes to the wiki • Write some scripts (setup.sh, fixit.sh, etc.) • Golden images and snapshots • Policy-driven configuration management
- 21.
- 22.
- 23. Automation Platform • Creates adependable view of your entire network’s state. • Can handle complex dependencies among the nodes of your network. • Is fault tolerant. • Is secure. • Can handle multiple platforms • Can manage cloud resources • Provides a foundation for innovation
- 24. Infrastructure as Code • Programmatically provisionand configure components
- 25. Infrastructure as Code • Treatlike any other code base
- 26. Infrastructure as Code • Reconstructbusiness from code repository, data backup, and compute resources
- 27. Infrastructure as Code • Programmatically provisionand configure components • Treat like any other code base • Reconstruct business from code repository, data backup, and compute resources
- 28. Policy-based • You capture thepolicy for your infrastructure in code • A program ensures each node in your infrastructure complies with the policy • A control loop keeps the system stable and allows for change when policy is updated
- 29. Sample Infrastructure Graphite Nagios JBoss Memcache PostgresSlaves Postgres Master
- 30. New Compliance Mandate! GraphiteNagios JBoss Memcache Postgres Slaves Postgres Master
- 31. New Compliance Mandate! GraphiteNagios JBoss Memcache Postgres Slaves Postgres Master • Move SSH off of port 22 • Let’s put it on 2022
- 32. 6 Golden Imagesto Update Graphite Nagios JBoss Memcache Postgres Slaves Postgres Master 1 3 4 5 6 2 /etc/ssh/sshd_config --- a/sshd_config +++ b/sshd_config -Port 22 +Port 2202
- 33. 12 Instances toreplace Graphite Nagios JBoss Memcache Postgres Slaves Postgres Master 1 3 2 5 6 74 8 10 9 11 12 • Launch • Delete • Repeat • Typically manually
- 34. Done in maintenancewindow Graphite Nagios JBoss Memcache Postgres Slaves Postgres Master 1 3 2 5 6 74 8 10 9 11 12 • High stakes • Late hours • Risky change
- 35. New configurations required? GraphiteNagios JBoss Memcache Postgres Slaves Postgres Master Do the new instances have new IP Addresses? * Not all connections shown
- 36. Chef Fast, scalable, flexibleIT automation
- 37. What is Chef • Opensource framework for managing complexity in your infrastructure through policy- driven automation code • A community of professionals • A company
- 38.
- 39. Chef Server –Policy & State
- 40. Desired Configuration Node Chef Server chef-client What policyshould I follow?
- 41. Desired Configuration Node Chef Server chef-client What policyshould I follow? "recipe[ntp::client]" "recipe[users]" "role[webserver]"
- 42. Desired Configuration Chef Server chef-client What policyshould I follow? "recipe[ntp::client]" "recipe[users]" "role[webserver]"
- 43. Chef Server –Policy & State
- 44.
- 45. HA Proxy Configuration Webservers HAProxyChef Server
- 46. HA Proxy Configuration Webservers HAProxyChef Server Webservers?
- 47. HA Proxy Configuration Webservers HAProxyChef Server Webservers?
- 48. HA Proxy Configuration Webservers HAProxyChef Server Webservers? { "web01" : { "hostname" : "web01", "ipaddress" : "10.1.1.1" }, "web02" : { "hostname" : "web02", "ipaddress" : "10.1.1.2" }, "web03" : { "hostname" : "web03", "ipaddress" : "10.1.1.3" }, "web04" : { "hostname" : "web04", "ipaddress" : "10.1.1.4" }
- 49. HA Proxy Configuration Webservers HAProxyChef Server Webservers? { "web01" : { "hostname" : "web01", "ipaddress" : "10.1.1.1" }, "web02" : { "hostname" : "web02", "ipaddress" : "10.1.1.2" }, "web03" : { "hostname" : "web03", "ipaddress" : "10.1.1.3" }, "web04" : { "hostname" : "web04", "ipaddress" : "10.1.1.4" }
- 50. HA Proxy Configuration Webservers HAProxyChef Server Webservers? { "web01" : { "hostname" : "web01", "ipaddress" : "10.1.1.1" }, "web02" : { "hostname" : "web02", "ipaddress" : "10.1.1.2" }, "web03" : { "hostname" : "web03", "ipaddress" : "10.1.1.3" }, "web04" : { "hostname" : "web04", "ipaddress" : "10.1.1.4" } pool_members { "web01" : { "hostname" : "web01", "ipaddress" : "10.1.1.1" }, "web02" : { "hostname" : "web02", "ipaddress" : "10.1.1.2" }, "web03" : { "hostname" : "web03", "ipaddress" : "10.1.1.3" }, "web04" : { "hostname" : "web04", "ipaddress" : "10.1.1.4" }
- 51. HA Proxy Configuration Webservers HAProxy haproxy.cfg server web01 10.1.1.1 weight 1 maxconn 1 check server web02 10.1.1.2 weight 1 maxconn 1 check server web03 10.1.1.3 weight 1 maxconn 1 check server web04 10.1.1.4 weight 1 maxconn 1 check pool_members { "web01" : { "hostname" : "web01", "ipaddress" : "10.1.1.1" }, "web02" : { "hostname" : "web02", "ipaddress" : "10.1.1.2" }, "web03" : { "hostname" : "web03", "ipaddress" : "10.1.1.3" }, "web04" : { "hostname" : "web04", "ipaddress" : "10.1.1.4" }
- 52.
- 53. Building your policy Resourcesand Recipes
- 54. Resources • Piece of thesystem and its desired state • Package that should be installed • Service that should be running • File that should be generated • Cron job that should be configured • User that should be managed • And more • docs.getchef.com/chef/resources.html
- 55. OPEN IN EDITOR: SAVEFILE! Hello, Chef! file "/tmp/hello_chef.txt" do content "Hello, Chef" mode "0777" end ~/hello_chef.rb
- 56. $ Recipe: (chef-apply cookbook)::(chef-applyrecipe) * file[/tmp/hello_chef.txt] action create - create new file /tmp/hello_chef.txt - update content in file /tmp/hello_chef.txt from none to 79c290 --- /tmp/hello_chef.txt 2014-10-22 19:59:04.000000000 -0400 +++ /tmp/.hello_chef.txt20141022-23075-19aelx1 2014-10-22 19:59:04.000000000 -0400 @@ -1 +1,2 @@ +Hello, Chef - change mode from '' to '0777' Apply the policy sudo chef-apply hello_chef.rb
- 57. Resources • Describe the desiredstate • Do not need to tell Chef how to get there • What happens when you re-apply the policy?
- 58. $ Recipe: (chef-apply cookbook)::(chef-applyrecipe) * file[/tmp/hello_chef.txt] action create (up to date) Apply the policy sudo chef-apply hello_chef.rb
- 59. Resources • A piece ofthe system • Its desired state file "/tmp/hello_chef.txt" do content "Hello, Chef" mode "0777" end
- 60. $ Change the stateof the system echo “Hello, #ato2014” > /tmp/hello_chef.txt
- 61. $ Recipe: (chef-apply cookbook)::(chef-applyrecipe) * file[/tmp/hello_chef.txt] action create - update content in file /tmp/hello_chef.txt from e453df to 79c290 --- /tmp/hello_chef.txt 2014-10-22 20:00:20.000000000 -0400 +++ /tmp/.hello_chef.txt20141022-23340-17a7m5t 2014-10-22 20:00:50.000000000 -0400 @@ -1,2 +1,2 @@ -“Hello, #ato2014” +Hello, Chef Apply the policy sudo chef-apply hello_chef.rb
- 62. Resources – Testand Repair • Resources use a test and repair model • Resource currently in the desired state? • Yes – Do nothing • No – Bring the resource into the desired state (repair)
- 63. Built-in Resources • package • template • service • cron • directory • mount • user • group • registry_key • remote_directory • route • and manymore… docs.getchef.com/chef/resources.html
- 64. Recipes • Policy is definedas a collection of resources in recipes. There are lots of abstractions on top of this but resources are the basic building blocks.
- 65. Sample Recipe package "httpd" template"/etc/httpd/conf/httpd.conf" do source "httpd.conf.erb" owner "root" group "root" mode "0644" notifies :restart, "service[httpd]" end service "httpd" do action [:start, :enable] end file "/var/www/html/index.html" do content "Hello, ATO!" end
- 66. Test-driven Infrastructure Change policywith confidence
- 67. New policy mandate • Apacheshould listen on port 81, not the default port! • Verify policy changes BEFORE applying the changes to production
- 68. Questions to askwhen testing • Did chef-client complete successfully? • Did the recipe put the node in the desired state? • Are the resources properly defined? • Does the code following our style guide?
- 69. Chef client successstatus • Requirements to verify chef-client success: • A place to store the cookbook artifact
- 70. Chef client successstatus • Requirements to verify chef-client success: • A place to store the cookbook artifact • A chef-client with access to the cookbook
- 71. Chef client successstatus • Requirements to verify chef-client success: • A place to store the cookbook artifact • A chef-client with access to the cookbook • A target server running the same OS as production
- 72. Test Kitchen • Test harnessto execute code on one or more platforms • Driver plugins to allow your code to run on various cloud and virtualization providers • Includes support for many testing frameworks • Included with ChefDK
- 73. Test Kitchen Lifecycle • kitchencreate • kitchen list • kitchen converge • kitchen login • kitchen destroy
- 74. Questions to askwhen testing ü Did chef-client complete successfully? • Did the recipe put the node in the desired state? • Are the resources properly defined? • Does the code following our style guide?
- 75. $ kitchen@localhost's password: Manually Inspectwith kitchen login kitchen login
- 76. $ kitchen@localhost's password: Manually Inspectwith kitchen login kitchen login kitchen
- 77. $ kitchen@localhost's password: Last login:Wed Sep 24 04:30:29 2014 from 172.17.42.1 Manually Inspect with kitchen login kitchen login kitchen
- 78. $ Hello, ATO! Manually Inspectwith kitchen login curl http://localhost
- 79. Serverspec • Write RSpec teststo verify your servers • Not dependent on Chef • Defines many resource types • package, service, user, etc. • Works well with Test Kitchen • http://serverspec.org/
- 80. OPEN IN EDITOR: SAVEFILE! Serverspec Test require 'serverspec' set :backend, :exec describe "apahce" do it "has httpd package installed" do expect(package('httpd')).to be_installed end it "is listening on port 80" do expect(port(80)).to be_listening end it "displays our home page" do expect(command("curl http://localhost").stdout).to match /ATO/ end end test/integration/default/serverspec/default_spec.rb
- 81. $ -----> Setting upBusser Creating BUSSER_ROOT in /tmp/busser Creating busser binstub Plugin serverspec installed (version 0.2.6) -----> Running postinstall for serverspec plugin Finished setting up <default-centos-64> (0m32.59s). -----> Verifying <default-centos-64>... Suite path directory /tmp/busser/suites does not exist, skipping. Uploading /tmp/busser/suites/serverspec/default_spec.rb (mode=0664) -----> Running serverspec test suite /opt/chef/embedded/bin/ruby -I/tmp/busser/suites/serverspec -S /opt/chef/embedded/bin/rspec /tmp/busser/suites/serverspec/default_spec.rb --color --format documentation apache is installed Finished in 0.29547 seconds 1 example, 0 failures Finished verifying <default-centos-64> (0m4.44s). -----> Kitchen is finished. (1m25.74s) Verify the kitchen kitchen verify
- 82. Questions to askwhen testing ü Did chef-client complete successfully? ü Did the recipe put the node in the desired state? • Are the resources properly defined? • Does the code following our style guide?
- 83. Now for ournew mandate • Update the tests • Watch them fail • Update the policy • See tests pass • Roll-out changes to production
- 84.
- 85. We’ve only scratchedthe surface https://www.getchef.com/chef/
- 86. Build Anything • Simple internalapplications • Complex external applications • Workstations • Hadoop clusters • IaaS infrastructure • PaaS infrastructure • SaaS applications • Storage systems • You name it http://www.flickr.com/photos/hyku/245010680/
- 87. And Manage itSimply • Automatically reconfigure everything • Linux, Windows, Unixes, BSDs • Load balancers • Metrics collection systems • Monitoring systems • Cloud migrations become trivial http://www.flickr.com/photos/helico/404640681/
- 88. What questions doyou have? • Ask me anything! • @nathenharvey • nharvey@getchef.com • Thank you!