chef 0.10 overview

Copyright © 2011 Opscode, Inc. – Creative Commons Attribution-ShareAlike 3.0 Unported

Matt Ray Sr. Technical Evangelist

‣ [email protected]‣ @mattray‣ www.opscode.com

Speaker:

Chef 0.10 Overview

1

Copyright © 2011 Opscode, Inc. – Creative Commons Attribution-ShareAlike 3.0 Unported

Agenda

EnvironmentsKnife PluginsEncrypted Data BagsWindows SupportCookbook Updates

2

Copyright © 2011 Opscode, Inc. – Creative Commons Attribution-ShareAlike 3.0 Unported 3

Environments


# name and description are what you'd expectname "development"description "The development environment"

# use version 11.0.0 *only*cookbook_versions "couchdb" => "= 11.0.0",

# use versions greater than 0.99.0# and less than 0.100.0"application" => "~> 0.99"

# default attributes for this environmentattributes "apache2" => { "listen_ports" => [ "80", "443" ] }

Environments - Ruby DSL


{ "name": "development", "default_attributes": { "apache2": { "listen_ports": [ "80", "443" ] } }, "json_class": "Chef::Environment", "description": "The development environment", "cookbook_versions": { "couchdb" => "11.0.0", "application" => "~> 0.99" }, "chef_type": "environment"}

Environments - JSON


Environments - knife environment

$ knife environment** ENVIRONMENT COMMANDS **knife environment list (options)knife environment show ENVIRONMENT (options)knife environment edit ENVIRONMENT (options)knife environment create ENVIRONMENT (options)knife environment from file FILE (options)knife environment delete ENVIRONMENT (options)

$ knife environment list development preproduction production qa

$ knife environment create dev


Environments - knife node

$ knife node create --help| grep environment -E, --environment ENVIRONMENT Set the Chef environment

$ knife bootstrap --help | grep environment -E, --environment ENVIRONMENT Set the Chef environment


Environments - knife cookbook

$ knife cookbook upload redis --freeze Uploading redis... upload complete

$ knife cookbook show redis 0.1.6 |grep frozen frozen?:! true

$ knife cookbook upload redis Uploading redis... ERROR: Version 0.1.6 of cookbook redis is frozen. Use --force to override.


{ "name": "webserver", "default_attributes": { }, "json_class": "Chef::Role", "run_list": [ "role[base]", "recipe[apache]" ], "env_run_lists" : { "production" : [], "preprod" : [], "dev": [ "role[base]", "recipe[apache]", "recipe[apache::copy_dev_configs]", ], "test": [ "role[base]", "recipe[apache]" ] }, "description": "The webserver role", "chef_type": "role", "override_attributes": {} }

Environments - Run Lists in Roles


Environments - Workflows

How important is it to keep your environment files in source control?

Only edit source filesEverything in version control

Do you want to edit environments in the management console (Web UI)?

Use role-based access controls to restrict changes


Knife Plugins

http://www.flickr.com/photos/75659300@N00/2615848530/




Knife Pluginsrequire 'chef/knife'

module Kallistec class Grep < Chef::Knife

deps do require 'chef/knife/search' end banner "knife grep QUERY"

def run unless @query = name_args.first ui.error "You need to specify a query term" exit 1 end

fuzzier_query = "tags:*#{@query}* OR roles:*#{@query}* OR fqdn" knife_search = Chef::Knife::Search.new knife_search.name_args = ['node', fuzzier_query] knife_search.run

end endend







end endend


Knife Plugins$ knife grep ghost 1 items found

Node Name: ghost.localEnvironment: productionFQDN: ghost.localIP: 172.16.185.135Run List: recipe[tmux]Roles: Recipes tmuxPlatform: ubuntu 10.04


Knife Plugins

Cloud commands are now knife plugins

knife-ec2knife-rackspaceknife-blueboxknife-slicehostknife-terremarkknife-openstackknife-windows


Knife Output

$ knife node show crushinator.localdomainNode Name: crushinator.localdomainEnvironment: _defaultFQDN: crushinator.localdomainIP: 192.168.11.64Run List: recipe[apt::cacher-client], role[nova-ami-urls], role[nova-multi-controller]Roles: nova-ami-urls, nova-super-user-setup, nova-cloud-controller, nova-head, nova-mysql-server, nova-rabbitmq-server, nova-support-server, nova-multi-controllerRecipes apt::cacher-client, build-essential, nova::mysql, apt, rabbitmq, nova::rabbit, nova::api, nova::objectstore, nova::scheduler, nova::network, nova::setup, nova::creds, nova::finalizePlatform: ubuntu 10.10


Knife Updates

knife cookbook site installwas "knife cookbook site vendor"

knife helpgreatly expanded, each subcommand covered


Encrypted Data Bags

http://www.flickr.com/photos/genbug/3883032678/




Encrypted Data Bags

Create a new encrypted data bag item

$ openssl rand -base64 512 > /tmp/my_data_bag_key$ knife data bag create --secret_file /tmp/my_data_bag_key passwords mysql# Enter user and password credentials in the editor and save


Encrypted Data Bags

Verify that the data bag has been created and encrypted

$ knife data bag show passwords mysql{ "id": "mysql", "pass": "trywgFA6R70NO28PNhMpGhEvKBZuxouemnbnAUQsUyo=\n", "user": "e/p+8WJYVHY9fHcEgAAReg==\n"}


Encrypted Data Bags

Decrypt an encrypted data bag item

$ knife data bag show --secret_file /tmp/my_data_bag_key passwords mysql

{

"id": "mysql",

"pass": "thesecret123",

"user": "fred"

}


Windows Support

http://www.flickr.com/photos/captaintim/2511680887/




Windows

Managing your infrastructure with knife from Windows

Install RubyRuby Dev KitGit

gem install ruby-wmi windows-api windows-prchef

Create a Chef repository$ knife node list

http://devopscloud.net/2011/04/17/managing-chef-from-windows-7/




Windows

Chef-client Installation on Windows

InstallRuby Dev Kit (via VB script)Ruby Installer

gem installwin32-open3 ruby-wmi windows-api windows-prchef

chef-client -c c:\chef\client.rb


Windows


Ohai!Resources/ProvidersEnvironmentUserGroupGemPackage Remote File Cookbook File MountServiceRuby Block Execute


Windows


Cookbookshttps://github.com/dougm/site-cookbooks/tree/master/windowsregistry providershortcut providerunzip providerwindows_privileged libraryproxy recipeactivate recipeupdate reciperdp recipedotnetfx recipesysinternals recipebginfo recipegit recipeant recipemaven recipejava recipelua recipe

https://github.com/dougm/site-cookbooks/tree/master/windows

https://github.com/dougm/site-cookbooks/tree/master/windows


Windows

knife winrm$ knife winrm "role:web" "net stats srv" -x Administrator -P 'password'$ knife winrm 'ec2-50-xx-xx-124.compute-1.amazonaws.com' 'chef-client -c c:/chef/client.rb' -m -x Administrator -P 'password' ec2-50-xx-xx-124.compute-1.amazonaws.com [Fri, 04 Mar 2011 22:00:49 +0000] INFO: Starting Chef Run (Version 0.9.12) ec2-50-xx-xx-124.compute-1.amazonaws.com [Fri, 04 Mar 2011 22:00:50 +0000] WARN: Node ip-0A502FFB has an empty run list. ec2-50-xx-xx-124.compute-1.amazonaws.com [Fri, 04 Mar 2011 22:00:53 +0000] INFO: Chef Run complete in 4.383966 seconds ec2-50-xx-xx-124.compute-1.amazonaws.com [Fri, 04 Mar 2011 22:00:53 +0000] INFO: cleaning the checksum cache ec2-50-xx-xx-124.compute-1.amazonaws.com [Fri, 04 Mar 2011 22:00:53 +0000] INFO: Running report handlers ec2-50-xx-xx-124.compute-1.amazonaws.com [Fri, 04 Mar 2011 22:00:53 +0000] INFO: Report handlers complete


Windows

knife winrm bootstrap$ knife winrm bootstrap ec2-50-xx-xx-124.compute-1.amazonaws.com -r 'role[webserver]','role[production]' -x Administrator -P 'password'


Cookbook Updates

http://www.flickr.com/photos/patrick_q/199986515/




‣ [email protected]‣ www.opscode.com

Questions?

http://www.flickr.com/photos/mrchippy/443960682/

mailto:[email protected]

mailto:[email protected]

http://www.opscode.com

http://www.opscode.com



chef 0.10 overview

Technology

knife deps

development environment

knife bootstrap

knife pluginscopyright

environments knife cookbook

environment environmentset

environments knife node

environment commands