Created
February 1, 2018 03:12
-
-
Save jason-idk/77f75e880ce035f4b52ed893ea581182 to your computer and use it in GitHub Desktop.
Some notes on using chef...
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
CHEF Notes: | |
################################################################################################################ | |
~ How it works at a high level: | |
1. Push configs from admin workstation to the chef server. | |
2. Chef server then pushes recipes out to the nodes. | |
**You really don't need to know Ruby to use Chef.** | |
Admin Workstation: /home/user/chef-repo directory is where most things happen. | |
Chef-repo lives here (workbench tools)- where you create the code/recipies to push. | |
Validator-key, user-key, .chef directory. (Needed to talk to server) | |
Knife program | |
Client software lives here (knife is part of this.) | |
Config file (knife.rb) should be kept in chef-repo directory. | |
Chef-Server: | |
Uploaded code comes here from Workstation. | |
Showroom for all your recipes and uploaded code. | |
Validator-key is required to talk to this server. (same on a workstation) | |
User-key needs to also be shown to talk to server. | |
Server software lives here. | |
Nodes: All systems recieving configs from the chef-server. | |
Pulls configs from chef-server. (Cron job requests) | |
You can bootstrap a node to install chef-client and config from admin workstation using knife. | |
WEB Manager for CHEF-server ---> opscode manage | |
################################################################################################################# | |
~ Creating a Chef Cookbook: Install Apache example | |
################################################################################################################# | |
/home/user/chef-repo/cookbooks | |
- Cookbook | |
- Create | |
- Add recipie | |
- Implement | |
- Assign | |
-----> All one single task. (for example Installing Apache/Configure File) | |
Creating a cookbook: | |
# knife cookbook create apache | |
# cd /home/user/chef-repo/cookbooks/apache/recipies | |
# vi default.rb (which is the default recipie) | |
Edit file... (this is your ruby code example) | |
##################################################### | |
# First install Apache... | |
execute "yum update -y" do | |
command "yum update -y" | |
end | |
# Actually install the program... | |
package "httpd" do | |
action :install | |
end | |
# Start the Apache service and add to bootup... | |
service "httpd" do | |
action [:start, :enable] <------when more than one action put in [] | |
end | |
# Add the file for Apache to serve.. | |
cookbook_file "/var/www/html/index.html" do | |
source "index.html" | |
mode "0644" <------mode = what permissions does this file have? | |
end | |
###################################################### | |
^ | |
We create this file in ~/chef-repo/cookbooks/apache/files/default --> index.html | |
Applying the cookbook (uploading to server): | |
root@server# cd ~/chef-repo | |
root@server# knife cookbook upload apache (now its available on the chef server) access it via web. | |
*Drag it to the run list on the chef-server web page.* | |
SSH to node1... | |
user@server$ sudo chef-client | |
**Pulls the recipie from server and does what you told it to.** | |
Now apache should be started and the index.html should be created. Simple as that. | |
****every time you enter sudo chef-client on one of the nodes it will do any changes made from the server. (this is why you need a cron)**** | |
A collection of recipies make a Cookbook. | |
COOKBOOK = Apache (home/user/chef-repo/cookbooks/apache) | |
-Recipies | |
-default.rb | |
-yum-update.rb | |
-base-files.rb | |
After creating a new recipe for apache, youll have to upload it to the chef-server... | |
# knife cookbook upload apache | |
################################################################################################################# | |
~ Roles | |
################################################################################################################# | |
We will have 2 roles for this example... | |
FROM THE ADMIN WORKSTATION... | |
Roles are efficient because you add recipies to the roles and add the role to the run list rather than adding each recipe to the list. This saves time and keeps everything more organized. | |
/home/user/chef-repo/roles/ubuntu-webserver.rb centos-webserver.rb | |
ubuntu-webserver and centos-webserver | |
________________ ________________ | |
-apt-update -install | |
-install -base-files | |
-base-files | |
Example for ubuntu-webserver.rb | |
########################################## | |
name "ubuntu-webserver" | |
description "Install a webserver on Ubuntu" | |
run_list "recipe[apache::apt-update]","recipe[apache::install]","recipe[apache::base-files] | |
########################################## | |
Example for centos-webserver.rb | |
########################################## | |
name "centos-webserver | |
description "Install webserver on CentOS" | |
run_list "recipe[apache::install]","recipe[apache::base-files]" | |
To make the roles take effect... | |
root@server# knife role from file centos-webserver.rb | |
root@server# knife role from file ubuntu-webserver.rb | |
"knife role list" shows all the roles available. | |
################################################################################################################# | |
~ Dependencies & conditionals with OHAI searching | |
################################################################################################################# | |
Dependencies: If a recipe is in another cookbook, you must define in metadata.rb file. "depends "cookbook" | |
To include another recipe within a new recipe, you would include such as "include_recipe "cookbook::recipe" | |
"apache::apt-get" | |
OHAI: Collects a bunch of information about nodes and allows you to view that info from the workstation using knife. | |
Conditionals: Basically an if then statement that can be used in recipes. For this example "If ubuntu do apt-get update" | |
File: /home/user/chef-repo/cookbooks/apache/recipes/install.rb | |
############################################## | |
if node["platform"] == "ubuntu" | |
execute "apt-get update" do | |
command "apt-get update" | |
end | |
end | |
############################################## | |
(side note: "==" if it is equal to.) | |
In this example were going to add on. If it IS Ubuntu, install apache2. If its CentOS, install httpd. Define package_name accordingly. | |
############################################## | |
if node["platform"] == "ubuntu" | |
execute "apt-get update" do | |
command "apt-get update" | |
end | |
end | |
package_name = "httpd" | |
if node["platform"] == "ubuntu" | |
package_name = "apache2" | |
end | |
package package_name do | |
action :install | |
end | |
############################################## | |
***Dependecies, conditionals, and OHAI all allow you to write more recipes that do not specifically rely on a certain OS. With these tools | |
you can write a single recipe to run on all nodes (no matter the OS) and do exaclty the task you want to do. | |
################################################################################################################# | |
~ File Templates and Atributes (OHAI continues) | |
################################################################################################################# | |
node1 = hostname | |
From the admin workstation, we can view atributes for nodes that are collected by OHAI. | |
knife node show node1 -a (atribute) network.default_gateway (for every atribute further down the list use a .) | |
(network.interfaces.eth0) | |
View attributes by executing "knife node show node1 -l" | |
Custom Attributes stored in /home/user/chef-repo/cookbooks/apache/attributes | |
file = default.rb | |
############################################## | |
# Custom attributes created for node1 | |
default["maintaner"] = "Jason H" | |
default["bandwidth"] = "high" | |
############################################## | |
After editing file, upload the cookbook again to take changed. "knife cookbook upload apache" | |
Once the node updates, you will see the changes by executing "knife node show node1 -a bandwidth" | |
Templates - allow you to efficiently use the same file for multiple nodes. It will use OHAI to get the info you want for each. | |
File: /home/user/chef-repo/cookbooks/apache/templates/default | |
**This is an HTML page that will be on 5 different nodes with different attribute files like above.** | |
############################################## | |
<html> | |
<head> | |
<title>Templates are awesome!</title> | |
</head> | |
<body> | |
<h1>This is our awesome template!</h1> | |
<h3>It is maintained by <%= node["maintanier"] %></h3> | |
<h3>And has a bandwidth requirement of <%= node["bandwidth"] %> | |
<br /> | |
################################################################################################################# | |
~ Creating New Server (Adding Nodes) & Farm Failure recovery | |
################################################################################################################# | |
node2 = hostname | |
Adding a node... | |
from chef admin workstation... | |
root@server# knife bootstrap node2 -x username --sudo -r "role[ubuntu-webserver]" | |
^^^^^^^^^^^^^^ this adds node2 to the chef-server and assigns the same webserver role that node1 has. This means it will have the same | |
runlist as node1 and will almost be identical. | |
Farm Failure recovery... | |
The most important thing to backup is your chef-repo on your admin workstation!!! | |
-You can always re-build a chef server easily. (nothing is really stored here that you can't re-upload from your workstation.) | |
-If you dont have data living on your nodes, you can wasily rebuild them with your chef server. | |
In the event that one of your nodes die... | |
In this example we still have our workstation and chef-server. All we have to do is bootstrap the node (as we did above) and we will have | |
everything back to normal. If you need to change the role, you would do exactly what we did above. | |
################################################################################################################# | |
~ CHEF Enviornments | |
################################################################################################################# | |
/home/user/chef-repo/enviornments | |
Dev/Test/Prod | |
Using CHEF, you can determine what tier recieves what updates. For instance, below we have PHP, Apache, and the app "MyApp"... | |
PHP Dev | |
Apache Test | |
MyApp Prod | |
If we want, we can have PHP and Apache updated to the highest version on all 3 and MyApp running a new version in Dev and Test. | |
in /home/user/chef-repo/enviornments we have 2 files.. | |
test.rb | |
prod.rb | |
##################################### | |
test.rb | |
##################################### | |
name "test" | |
description "Test Servers" | |
cookbook "apache", "= 0.2.0" | |
##################################### | |
##################################### | |
prod.rb | |
##################################### | |
name "production" | |
description "Production Servers" | |
cookbook "apache", "= 0.1.1" | |
##################################### | |
Now that we have enviornments we need to upload them... | |
root@server# knife enviornment from file prod.rb | |
root@server# knife enviornment from file test.rb | |
root@server# knife enviornment list | |
prod | |
test | |
**Now we go to our Chef web page and assign the nodes to the correct enviornments. Nodes> Edit> Enviornments | |
################################################################################################################# | |
Managing Virtual Machines with Vagrant | |
################################################################################################################# | |
Vagrant integrates very well with CHEF. | |
Vagrant allows you to quickly build out VMs (Similar to cloning a template) and change configs as necesary. | |
apt-get install vagrant virtualbox | |
Example command to build... | |
#vagrant box add NAME URL ---> You can find the OS's at vagrantbox.es (URL) | |
#vagrant init NAME -create VagrantFile ---> in the folder you choose. (contains your configs) | |
#vagrant up ---> Start VM | |
#vagrant reload ---> Reload VM and start | |
#Vagrant suspen ---> Pause | |
#vagrant halt ---> Suspend VM | |
#vagrant destroy ---> Erases VM | |
You can edit the configuration file to install chef and run a script in your /home/user/desktop/project file (or anywhere you store it) | |
This can be useful because all in one command, you can build a vm, install chef, assign a role, and set up a new VM exactly as you had it before. | |
################################################################################################################# | |
~ Chef Community | |
################################################################################################################# | |
supermarket.chef.com <--- tons of cookbooks available. | |
Try to keep recipies as simple as possible. Don't make it difficult and complex. | |
-You can download cookbooks from the CHEF community if you need to. (If you modify these you make it more difficult when new versions | |
come out.) | |
*** If you are going to download a cookbook from the site you should use knife to include the dependencies. | |
If you just grab it from the site, you will be missing dependecies. *** | |
Example...(admin workstation) | |
root@server# knife cookbook site install chef-client <---- the name of the cookbook we found on the site. | |
################################################################################################################# | |
~ Common alternative CHEF setups | |
################################################################################################################# | |
**chef-solo** | |
-runs locally | |
-cookbooks on client | |
-works well with vagrant | |
-no knife | |
-no chef-repo | |
-no chef-server | |
For this example, we have /chef/solo.rb & solo.json cookbooks are in /chef/cookbooks | |
solo.rb = file_cache_path '/chef' <---where does chef live and what is the cookbook path | |
cookbook_path '/chef/cookbooks' | |
solo.json = { | |
"run_list": [ "recipe[name]" ] <--- define recipe name and run lists for server. | |
} | |
#sudo chef-solo -c solo.rb -j solo.json |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment