Chef talk for the Architecture Meetup on the 23rd July 2013.

1. Chef
Introduction and overview to managing your
systems
Adrian Moisey

2. Why Chef (or puppet or Bcfg2 or
CFEngine)?
- Infrastructure as code

3. Why Chef (or puppet or Bcfg2 or
CFEngine)?
- Infrastructure as code
- Reproducible

4. Why Chef (or puppet or Bcfg2 or
CFEngine)?
- Infrastructure as code
- Reproducible
- Version control (SCM)

5. Why Chef (or puppet or Bcfg2 or
CFEngine)?
- Infrastructure as code
- Reproducible
- Version control (SCM)
- Removes the human factor

6. Why Chef (or puppet or Bcfg2 or
CFEngine)?
- Infrastructure as code
- Reproducible
- Version control (SCM)
- Removes the human factor
- Tests

7. Basic Chef Architecture
- Executes various "recipes" which configure
your system in the desired way

8. Basic Chef Architecture
- Executes various "recipes" which configure
your system in the desired way
- A node definition is required in order for chef
to know which recipes to run and with which
attributes to run them

9. Basic Chef Architecture
- Executes various "recipes" which configure
your system in the desired way
- A node definition is required in order for chef
to know which recipes to run and with which
attributes to run them
- Allows you to decide what and how
components are configured using attributes,
environment definitions and node definitions.

10. Basic Chef Architecture
Server/client:
- chef-server stores all your cookbooks,
environments, roles and nodes

11. Basic Chef Architecture
Server/client:
- chef-server stores all your cookbooks,
environments, roles and nodes
- chef-client connects and gets given the
relevant cookbooks and attributes from chef-
server and executes them

12. Basic Chef Architecture
Server/client:
- chef-server stores all your cookbooks,
environments, roles and nodes
- chef-client connects and gets given the
relevant cookbooks and attributes from chef-
server and executes them
You can run your own server or use the
opscode hosted chef (for a fee)

13. Basic Chef Architecture
Chef-solo:
- Standalone, doesn't connect to a server

14. Basic Chef Architecture
Chef-solo:
- Standalone, doesn't connect to a server
- Uses static cookbooks and nodes on the local
filesystem

15. Basic Chef Architecture
Chef-solo:
- Standalone, doesn't connect to a server
- Uses static cookbooks and nodes on the local
filesystem
- Unable to perform searches (because nodes
are stand-alone with no central directory)

16. Cookbook
From the wiki:
A cookbook is the fundamental unit of
configuration and policy distribution in Chef.
Each cookbook defines a scenario, such as
everything needed to install and configure
MySQL, and then it contains all of the
components that are required to support that
scenario.

17. Cookbook
Can contain:
- recipes
- attributes
- providers
- definitions
- templates
- files
- metadata
http://docs.opscode.
com/essentials_cookbooks.html

18. Cookbook
$ cat cookbooks/ntp/recipe/default.rb
['openntpd','ntpdate'].each do |p|
package p do
action :install
end
end
template 'ntpd.conf' do
path '/etc/openntpd/ntpd.conf'
source 'ntpd.conf.erb'
owner 'root'
group 'root'
mode 0600
notifies :restart, 'service[openntpd]'
end

19. Cookbook
$ cat cookbooks/ntp/attributes/default.rb
default[:ntp][:servers] = [
"0.pool.ntp.org",
"1.pool.ntp.org",
"2.pool.ntp.org",
"3.pool.ntp.org"
]

20. Role
$ cat roles/ntp.rb
name "ntp"
description "Install openntpd"
run_list("recipe[ntp]")

21. Environment
$ cat environments/cluster01.rb
name "cluster01"
description "Cluster 01"
default_attributes({
:ntp => {
:servers => [
"ntp01.mycorp.com",
"ntp02.mycorp.com"
]
}
})
cookbook_versions({
"ntp" => "0.0.1"
})

22. Nodes
$ cat nodes/server01.mycorp.com.json
{
"chef_type": "node",
"name": "server01.mycorp.com",
"normal": {},
"default": {},
"chef_environment": "cluster01",
"run_list": [ "role[ntp]" ],
"override": {},
"json_class": "Chef::Node",
"automatic": {}
}

23. Knife
Knife is a command-line tool that provides an
interface between a local Chef repository and
the Chef Server.
Examples:
knife cookbook upload apache2
knife node edit web1.mycorp.com
knife list clients
knife search node 'role:web' -a fqdn

24. Upload all of this to the chef-server
$ knife cookbook upload ntp -o cookbooks/
$ knife role from file roles/ntp.rb
$ knife environment from file environment/cluster01.rb

25. Data bags
- global variable
- stored in JSON
- accessible from the chef server
- can be searched
- can also be encrypted
For example: to store all your users

26. Community cookbooks
https://github.com/opscode-cookbooks/
apache, chef-server, chef-client, mysql, build-
essential, cron, php, nagios, logrotate, erlang,
python, jenkins, squid, iptables, samba,
unicorn, munin, jira, screen, tftp

27. Community cookbooks - tips
- Use the community cookbooks unmodified

28. Community cookbooks - tips
- Use the community cookbooks unmodified
- Write wrapper cookbooks around them - most
of them were designed with this in mind

29. Community cookbooks - tips
- Use the community cookbooks unmodified
- Write wrapper cookbooks around them - most
of them were designed with this in mind
- Send bug fixes upstream

30. Cookbook versioning
- Cookbooks can contain versions

31. Cookbook versioning
- Cookbooks can contain versions
- Cookbooks can depend on specific versions
of other cookbooks

32. Cookbook versioning
- Cookbooks can contain versions
- Cookbooks can depend on specific versions
of other cookbooks
- Different environments can depend on
different versions of cookbooks (allows you to
have 0.0.2 in testing and 0.0.1 in production)

33. Tests
- foodcritic: linting tool which checks against a
community list of rules

34. Tests
- foodcritic: linting tool which checks against a
community list of rules
- chef-spec: unit tests for recipe code (not
functional)

35. Tests
- foodcritic: linting tool which checks against a
community list of rules
- chef-spec: unit tests for recipe code (not
functional)
- test-kitchen: Framework for running
integration tests in an isolated environment (<3
vagrant)

36. Live demo!
- Remove a Yola employee
- Create a pull request
- Push it to the chef-server
- Ensure that it has been done
- Take a look at some things that knife can do

37. Some cool things
- chef-solo can run the chef-server cookbook in
order to bootstrap your chef-server
- knife ec2 allows you to create an EC2
instance and configure it as a chef-client

38. The End
Questions?
Thanks to Jonathan for help with the slides