Automate Your Infrastructure With Chef

Will Sterling

Linux & UNIX Consultant

@

PARSEC Group

Agenda

●What is Configuration Management?

●What is Chef?

●Chef architecture

●Deploying Chef

●Deploy Apache onto server using chef

Automate You Infrastructure With Chef

What is Configuration Management?

Configuration management is a process for

establishing and maintaining consistency of a

product’s performance, functional and physical

attributes with its requirements, design and

operational information throughout its life.

*"MIL-HDBK-61A, ""Military Handbook: Configuration Management Guidance". Department of Defense. 07-February-2001. Retrieved 2012-03-24.

Automate You Infrastructure With Chef

CHEF●Configuration Management

●Infrastructure Automation

●Open Source

●Several Deployment Options

● Chef Solo

● Open Source Chef Server - Client

● Hosted Chef

● Private Chef

Automate You Infrastructure With Chef

Chef Architecture

●Server – Client Model

●Public – Private Key Encryption

●Servers store the configuration

●Clients do the work

●Configuration information shared via Cookbooks

Automate You Infrastructure With Chef

Cookbooks

●Cookbooks are used to distribute configurations●The Chef community shares cookbooks at http://communtiy.opscode.com/cookbooks●Cookbooks contain:

● Recipes● Attribute Files● Configuration Artifacts

● Templates● Files● Libraries

Automate You Infrastructure With Chef

Run Lists

Automate You Infrastructure With Chef

Server

Node1

Node 2

YUM Apache Tomcat

YUM MySQL

Roles

Automate You Infrastructure With Chef

Server

WWW 1

DB 1

YUM Apache Tomcat

YUM MySQL

WWW 2

WWW 3

DB 1DB 1

Sample Recipe## Cookbook Name:: yum# Recipe:: yum ## Copyright 2011, Eric G. Wolfe# Copyright 2011, Opscode, Inc.## Licensed under the Apache License, Version 2.0 (the "License");# you may not use this file except in compliance with the License.# You may obtain a copy of the License at## http://www.apache.org/licenses/LICENSE-2.0## Unless required by applicable law or agreed to in writing, software# distributed under the License is distributed on an "AS IS" BASIS,# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.# See the License for the specific language governing permissions and# limitations under the License.#

template "/etc/yum.conf" do source "yum-rhel#{node[:platform_version].to_i}.conf.erb"end

Automate You Infrastructure With Chef

Sample Template# Generated by Chef for <%= node[:fqdn] %># Local modifications will be overwritten.[main]cachedir=/var/cache/yum/$basearch/$releaseverkeepcache=0debuglevel=2logfile=/var/log/yum.logexactarch=1obsoletes=1gpgcheck=1plugins=1installonly_limit=3<%- if node[:yum][:exclude] %>exclude=<%= node[:yum][:exclude].join(" ") %><%- end %><%- if node[:yum][:installonlypkgs] %>installonlypkgs=<%= node[:yum][:installonlypkgs].join(" ") %><%- end %>

# This is the default, if you make this bigger yum won't see if the metadata# is newer on the remote and so you'll "gain" the bandwidth of not having to# download the new metadata and "pay" for it by yum not having correct# information.# It is esp. important, to have correct metadata, for distributions like# Fedora which don't keep old packages around. If you don't like this checking# interupting your command line usage, it's much better to have something# manually check the metadata once an hour (yum-updatesd will do this).# metadata_expire=90m

# PUT YOUR REPOS HERE OR IN separate files named file.repo# in /etc/yum.repos.d

Automate You Infrastructure With Chef

Installing Chef Server on Ubuntu1)Add Opscode APT Repository

1) sudo -s “echo deb http://apt.opscode.com/ lucid-0.10 main > /etc/apt/sources.list.d/opscode.list”

2) sudo mkdir -p /etc/apt/trusted.gpg.d3) gpg --keyserver keys.gnupg.net --recv-keys 83EF826A4) sudo -s “gpg --export packages@opscode.com > /etc/apt/trusted.gpg.d/opscode-

keyring.gpg”5) sudo apt-get update6) sudo apt-get install opscode-keyring7) sudo apt-get upgrade

2)Install Chef and Chef Server packages1) sudo apt-get install chef chef-server

1) Follow on screen configuration questions1) hostname of server2) RabbitMQ queue password3) Temporary WebUI admin password

3)Configure CLI1) mkdir .chef2) sudo cp /etc/chef/validation.pem /etc/chef/webui.pem .chef/3) sudo chown -R wills ~/.chef4) knife configure -i

Change path to validation.pem and webui.pem to be /home/user_name/.chef/*.pem.Everything else can remain the default.

Automate You Infrastructure With Chef

Setup RHEL/Centos Chef Client

chef-client> sudo yum install ruby ruby-devel make gcc chef-server> knife bootstrap chef-client -i ssh_keychef-server> knife node list

Automate You Infrastructure With Chef

Install Cookbooks

Download Cookbooks from Chef Community, http://community.opscode.com/cookbooks

1)chef-server> knife cookbook site download chef-client2)chef-server> tar -xzf chef-client*3)chef-server> knife cookbook site download apache24)chef-server> tar -xzf apache2*5)chef-server> less apache2/README.md6)chef-server> knife cookbook site download yum7)chef-server> tar -xzf yum*8)chef-server> less yum/README.md9)chef-server> knife cookbook upload -a -o ./10)chef-server> knife cookbook list

Automate You Infrastructure With Chef

Create a Run List

1)chef-server> knife node run_list add chef-

client.parsec.com `chef-client`

2)chef-server> knife node run_list add chef-

client.parsec.com 'yum'

3)chef-server> knife node run_list add chef-

client.parsec.com 'yum::epel'

4)chef-client> sudo /usr/bin/chef-client

5)chef-client> sudo chkconfig

6)chef-client> sudo yum repolist

Automate You Infrastructure With Chef

Add Apache to Run List

1) chef-server> vi apache2/attributes/default.rb134 default['apache']['default_modules'] = %w{

status alias auth_basic authn_file authz_default authz_groupfile authz_host authz_user autoindex dir env mime negotiation setenvif logio}

2) chef-server> vi apache2/recipes/mod_logio.rbif platform?("redhat", "centos", "scientific", "fedora", "suse", "arch", "freebsd", "amazon")

apache_module "logio"else

include_recipe "apache2"End

3) chef-server> knife node run_list add chef-client.parsec.com 'apache2'

4) chef-server> knife cookbook upload apache2 -o ./

5) chef-client> chef-client

Automate You Infrastructure With Chef

Add Our Own HTML Content

1) chef-server> sudo vi apache2/files/default/index.html<HTML><BODY>

Hello World!

</BODY></HTML>

2) chef-server> vi apache2/recipes/default.rb66 cookbook_file "/var/www/index.html" do

source "index.html"

mode 0755

owner "root"

group node[:apache][:root_group]

end

3) chef-server> knife cookbook upload apache2 -o ./

4) chef-client> chef-client

Automate You Infrastructure With Chef

Resources

●linux@parsec.com

●http://www.parsec.com

●http://wiki.opscode.com/

●http://community.opscode.com/

●http://community.opscode.com/cookbooks

Automate You Infrastructure With Chef