chef 0.10 overview
DESCRIPTION
Bay Area Chef Meetup 4/26/2011 presnentation on what's new in the upcoming Chef 0.10 release. http://www.opscode.com/blog/2011/04/20/april-26th-bay-area-chef-meetup-whats-new-in-chef-0-10/TRANSCRIPT
Copyright © 2011 Opscode, Inc. – Creative Commons Attribution-ShareAlike 3.0 Unported
Matt Ray Sr. Technical Evangelist
‣ [email protected]‣ @mattray‣ www.opscode.com
Speaker:
Chef 0.10 Overview
1
Copyright © 2011 Opscode, Inc. – Creative Commons Attribution-ShareAlike 3.0 Unported
Agenda
EnvironmentsKnife PluginsEncrypted Data BagsWindows SupportCookbook Updates
2
Copyright © 2011 Opscode, Inc. – Creative Commons Attribution-ShareAlike 3.0 Unported 3
Environments
Copyright © 2011 Opscode, Inc. – Creative Commons Attribution-ShareAlike 3.0 Unported 4
# name and description are what you'd expectname "development"description "The development environment"
# use version 11.0.0 *only*cookbook_versions "couchdb" => "= 11.0.0",
# use versions greater than 0.99.0# and less than 0.100.0"application" => "~> 0.99"
# default attributes for this environmentattributes "apache2" => { "listen_ports" => [ "80", "443" ] }
Environments - Ruby DSL
Copyright © 2011 Opscode, Inc. – Creative Commons Attribution-ShareAlike 3.0 Unported 5
{ "name": "development", "default_attributes": { "apache2": { "listen_ports": [ "80", "443" ] } }, "json_class": "Chef::Environment", "description": "The development environment", "cookbook_versions": { "couchdb" => "11.0.0", "application" => "~> 0.99" }, "chef_type": "environment"}
Environments - JSON
Copyright © 2011 Opscode, Inc. – Creative Commons Attribution-ShareAlike 3.0 Unported 6
Environments - knife environment
$ knife environment** ENVIRONMENT COMMANDS **knife environment list (options)knife environment show ENVIRONMENT (options)knife environment edit ENVIRONMENT (options)knife environment create ENVIRONMENT (options)knife environment from file FILE (options)knife environment delete ENVIRONMENT (options)
$ knife environment list development preproduction production qa
$ knife environment create dev
Copyright © 2011 Opscode, Inc. – Creative Commons Attribution-ShareAlike 3.0 Unported 7
Environments - knife node
$ knife node create --help| grep environment -E, --environment ENVIRONMENT Set the Chef environment
$ knife bootstrap --help | grep environment -E, --environment ENVIRONMENT Set the Chef environment
Copyright © 2011 Opscode, Inc. – Creative Commons Attribution-ShareAlike 3.0 Unported 8
Environments - knife cookbook
$ knife cookbook upload redis --freeze Uploading redis... upload complete
$ knife cookbook show redis 0.1.6 |grep frozen frozen?:! true
$ knife cookbook upload redis Uploading redis... ERROR: Version 0.1.6 of cookbook redis is frozen. Use --force to override.
Copyright © 2011 Opscode, Inc. – Creative Commons Attribution-ShareAlike 3.0 Unported 9
{ "name": "webserver", "default_attributes": { }, "json_class": "Chef::Role", "run_list": [ "role[base]", "recipe[apache]" ], "env_run_lists" : { "production" : [], "preprod" : [], "dev": [ "role[base]", "recipe[apache]", "recipe[apache::copy_dev_configs]", ], "test": [ "role[base]", "recipe[apache]" ] }, "description": "The webserver role", "chef_type": "role", "override_attributes": {} }
Environments - Run Lists in Roles
Copyright © 2011 Opscode, Inc. – Creative Commons Attribution-ShareAlike 3.0 Unported 10
Environments - Workflows
How important is it to keep your environment files in source control?
Only edit source filesEverything in version control
Do you want to edit environments in the management console (Web UI)?
Use role-based access controls to restrict changes
Copyright © 2011 Opscode, Inc. – Creative Commons Attribution-ShareAlike 3.0 Unported 11
Knife Plugins
http://www.flickr.com/photos/75659300@N00/2615848530/
Copyright © 2011 Opscode, Inc. – Creative Commons Attribution-ShareAlike 3.0 Unported 12
Knife Pluginsrequire 'chef/knife'
module Kallistec class Grep < Chef::Knife
deps do require 'chef/knife/search' end banner "knife grep QUERY"
def run unless @query = name_args.first ui.error "You need to specify a query term" exit 1 end
fuzzier_query = "tags:*#{@query}* OR roles:*#{@query}* OR fqdn" knife_search = Chef::Knife::Search.new knife_search.name_args = ['node', fuzzier_query] knife_search.run
end endend
Copyright © 2011 Opscode, Inc. – Creative Commons Attribution-ShareAlike 3.0 Unported 13
Knife Pluginsrequire 'chef/knife'
module Kallistec class Grep < Chef::Knife
deps do require 'chef/knife/search' end banner "knife grep QUERY"
def run unless @query = name_args.first ui.error "You need to specify a query term" exit 1 end
fuzzier_query = "tags:*#{@query}* OR roles:*#{@query}* OR fqdn" knife_search = Chef::Knife::Search.new knife_search.name_args = ['node', fuzzier_query] knife_search.run
end endend
Copyright © 2011 Opscode, Inc. – Creative Commons Attribution-ShareAlike 3.0 Unported 14
Knife Pluginsrequire 'chef/knife'
module Kallistec class Grep < Chef::Knife
deps do require 'chef/knife/search' end banner "knife grep QUERY"
def run unless @query = name_args.first ui.error "You need to specify a query term" exit 1 end
fuzzier_query = "tags:*#{@query}* OR roles:*#{@query}* OR fqdn" knife_search = Chef::Knife::Search.new knife_search.name_args = ['node', fuzzier_query] knife_search.run
end endend
Copyright © 2011 Opscode, Inc. – Creative Commons Attribution-ShareAlike 3.0 Unported 15
Knife Pluginsrequire 'chef/knife'
module Kallistec class Grep < Chef::Knife
deps do require 'chef/knife/search' end banner "knife grep QUERY"
def run unless @query = name_args.first ui.error "You need to specify a query term" exit 1 end
fuzzier_query = "tags:*#{@query}* OR roles:*#{@query}* OR fqdn" knife_search = Chef::Knife::Search.new knife_search.name_args = ['node', fuzzier_query] knife_search.run
end endend
Copyright © 2011 Opscode, Inc. – Creative Commons Attribution-ShareAlike 3.0 Unported 16
Knife Plugins$ knife grep ghost 1 items found
Node Name: ghost.localEnvironment: productionFQDN: ghost.localIP: 172.16.185.135Run List: recipe[tmux]Roles: Recipes tmuxPlatform: ubuntu 10.04
Copyright © 2011 Opscode, Inc. – Creative Commons Attribution-ShareAlike 3.0 Unported 17
Knife Plugins
Cloud commands are now knife plugins
knife-ec2knife-rackspaceknife-blueboxknife-slicehostknife-terremarkknife-openstackknife-windows
Copyright © 2011 Opscode, Inc. – Creative Commons Attribution-ShareAlike 3.0 Unported 18
Knife Output
$ knife node show crushinator.localdomainNode Name: crushinator.localdomainEnvironment: _defaultFQDN: crushinator.localdomainIP: 192.168.11.64Run List: recipe[apt::cacher-client], role[nova-ami-urls], role[nova-multi-controller]Roles: nova-ami-urls, nova-super-user-setup, nova-cloud-controller, nova-head, nova-mysql-server, nova-rabbitmq-server, nova-support-server, nova-multi-controllerRecipes apt::cacher-client, build-essential, nova::mysql, apt, rabbitmq, nova::rabbit, nova::api, nova::objectstore, nova::scheduler, nova::network, nova::setup, nova::creds, nova::finalizePlatform: ubuntu 10.10
Copyright © 2011 Opscode, Inc. – Creative Commons Attribution-ShareAlike 3.0 Unported 19
Knife Updates
knife cookbook site installwas "knife cookbook site vendor"
knife helpgreatly expanded, each subcommand covered
Copyright © 2011 Opscode, Inc. – Creative Commons Attribution-ShareAlike 3.0 Unported 20
Encrypted Data Bags
http://www.flickr.com/photos/genbug/3883032678/
Copyright © 2011 Opscode, Inc. – Creative Commons Attribution-ShareAlike 3.0 Unported 21
Encrypted Data Bags
Create a new encrypted data bag item
$ openssl rand -base64 512 > /tmp/my_data_bag_key$ knife data bag create --secret_file /tmp/my_data_bag_key passwords mysql# Enter user and password credentials in the editor and save
Copyright © 2011 Opscode, Inc. – Creative Commons Attribution-ShareAlike 3.0 Unported 22
Encrypted Data Bags
Verify that the data bag has been created and encrypted
$ knife data bag show passwords mysql{ "id": "mysql", "pass": "trywgFA6R70NO28PNhMpGhEvKBZuxouemnbnAUQsUyo=\n", "user": "e/p+8WJYVHY9fHcEgAAReg==\n"}
Copyright © 2011 Opscode, Inc. – Creative Commons Attribution-ShareAlike 3.0 Unported 23
Encrypted Data Bags
Decrypt an encrypted data bag item
$ knife data bag show --secret_file /tmp/my_data_bag_key passwords mysql
{
"id": "mysql",
"pass": "thesecret123",
"user": "fred"
}
Copyright © 2011 Opscode, Inc. – Creative Commons Attribution-ShareAlike 3.0 Unported 24
Windows Support
http://www.flickr.com/photos/captaintim/2511680887/
Copyright © 2011 Opscode, Inc. – Creative Commons Attribution-ShareAlike 3.0 Unported 25
Windows
Managing your infrastructure with knife from Windows
Install RubyRuby Dev KitGit
gem install ruby-wmi windows-api windows-prchef
Create a Chef repository$ knife node list
http://devopscloud.net/2011/04/17/managing-chef-from-windows-7/
Copyright © 2011 Opscode, Inc. – Creative Commons Attribution-ShareAlike 3.0 Unported 26
Windows
Chef-client Installation on Windows
InstallRuby Dev Kit (via VB script)Ruby Installer
gem installwin32-open3 ruby-wmi windows-api windows-prchef
chef-client -c c:\chef\client.rb
Copyright © 2011 Opscode, Inc. – Creative Commons Attribution-ShareAlike 3.0 Unported 27
Windows
Chef-client Installation on Windows
Ohai!Resources/ProvidersEnvironmentUserGroupGemPackage Remote File Cookbook File MountServiceRuby Block Execute
Copyright © 2011 Opscode, Inc. – Creative Commons Attribution-ShareAlike 3.0 Unported 28
Windows
Chef-client Installation on Windows
Cookbookshttps://github.com/dougm/site-cookbooks/tree/master/windowsregistry providershortcut providerunzip providerwindows_privileged libraryproxy recipeactivate recipeupdate reciperdp recipedotnetfx recipesysinternals recipebginfo recipegit recipeant recipemaven recipejava recipelua recipe
Copyright © 2011 Opscode, Inc. – Creative Commons Attribution-ShareAlike 3.0 Unported 29
Windows
knife winrm$ knife winrm "role:web" "net stats srv" -x Administrator -P 'password'$ knife winrm 'ec2-50-xx-xx-124.compute-1.amazonaws.com' 'chef-client -c c:/chef/client.rb' -m -x Administrator -P 'password' ec2-50-xx-xx-124.compute-1.amazonaws.com [Fri, 04 Mar 2011 22:00:49 +0000] INFO: Starting Chef Run (Version 0.9.12) ec2-50-xx-xx-124.compute-1.amazonaws.com [Fri, 04 Mar 2011 22:00:50 +0000] WARN: Node ip-0A502FFB has an empty run list. ec2-50-xx-xx-124.compute-1.amazonaws.com [Fri, 04 Mar 2011 22:00:53 +0000] INFO: Chef Run complete in 4.383966 seconds ec2-50-xx-xx-124.compute-1.amazonaws.com [Fri, 04 Mar 2011 22:00:53 +0000] INFO: cleaning the checksum cache ec2-50-xx-xx-124.compute-1.amazonaws.com [Fri, 04 Mar 2011 22:00:53 +0000] INFO: Running report handlers ec2-50-xx-xx-124.compute-1.amazonaws.com [Fri, 04 Mar 2011 22:00:53 +0000] INFO: Report handlers complete
Copyright © 2011 Opscode, Inc. – Creative Commons Attribution-ShareAlike 3.0 Unported 30
Windows
knife winrm bootstrap$ knife winrm bootstrap ec2-50-xx-xx-124.compute-1.amazonaws.com -r 'role[webserver]','role[production]' -x Administrator -P 'password'
Copyright © 2011 Opscode, Inc. – Creative Commons Attribution-ShareAlike 3.0 Unported 31
Cookbook Updates
http://www.flickr.com/photos/patrick_q/199986515/
Copyright © 2011 Opscode, Inc. – Creative Commons Attribution-ShareAlike 3.0 Unported 32
‣ [email protected]‣ www.opscode.com
Questions?
http://www.flickr.com/photos/mrchippy/443960682/