Chef training Day4
•
3 recomendaciones•2,244 vistas
Presentation for Day4 training held by SmartMe http://www.smartme.com.ua/courses/nachala-devops-konfiguriruem-server-s-pomoshchyu-opscode-chef
Recomendados
Más contenido relacionado
La actualidad más candente
La actualidad más candente (20)
Destacado
Destacado (20)
Similar a Chef training Day4
Similar a Chef training Day4 (20)
Más de Andriy Samilyak
Más de Andriy Samilyak (13)
Último
Último (20)
Chef training Day4
- 1. Начала DevOps: Opscode Chef Day 4 Andriy Samilyak samilyak@gmail.com skype: samilyaka
- 2. Goals ● Pull deployment with Chef ● Environments ● More about Berkshelf+Vagrant way ● Chef in real live - base_server ● Exception/Report handlers ● Debugging with Chef ● Testing with Chef
- 3. Deployment strategies PULL vs PUSH
- 4. Pull deployment with Chef # http://community.opscode.com/cookbooks/application application "my_app" do path "/var/www" repository "git://github.com/werdan/hpmor.git" end copy/paste from http://goo.gl/6sEYT5
- 5. Deployment with Chef - Plan ● Application cookbook (Berksfile/metadata.rb) ● Application resource in default.rb ● git installation ● docroot correction
- 6. Capistrano way ● ● ● ● Check your /var/www after chef-client run /var/www/current is a symlink to one of releases /var/www/releases contains code releases /var/www/shared – anything that is not kept in repository
- 7. Example of solution webserver/attributes/default.rb: default['apache']['docroot_dir'] = "/var/www/current" webserver/recipes/default.rb: package "git" application "my_app" do path "/var/www" repository "https://github.com/werdan/hpmor.git" end
- 8. Git flow ● New release is ready for deployement ● It is in 'develop' branch ● ● Our current server is going to be now QA testing We should maintain the second server (LIVE) with master branch deployed
- 9. Branch deployment with Chef application "my_app" do path "/var/www" repository "git://github.com/werdan/hpmor.git" revision 'your_branch' # specified with attribute end
- 10. Environments LIVE server run_list: role[node] recipes: recipe[webserver] git_branch: master DEV server run_list: role[node] recipes: recipe[webserver] git_branch: develop
- 12. Environments ● environments/production.rb name "production" default_attributes 'webserver' => { 'revision' => 'master' } ● environments/development.rb name "development" default_attributes 'webserver' => { 'revision' => 'develop' }
- 13. Default attribute value ● webserver/attributes/default.rb default['webserver']['revision'] = 'master'
- 14. Environments: knife knife environment from file production.rb knife environment from file development.rb knife environment list knife environment show production
- 15. Configuring DEV server ● set environment to 'development' > knife node edit your_node > Chef Server GUI ● ● run chef-client check result in browser (is it in English now?)
- 16. Branch deployment with Chef application "my_app" do path "/var/www" repository "git://github.com/werdan/hpmor.git" revision 'your_branch' # specified with attribute end
- 17. Another PCI DSS failure Go to http://YOUR_NODE_ADDRESS/icons/
- 18. Apache configuration patch <Directory /usr/share/apache2/icons> Options -Indexes </Directory> copy/paste from http://goo.gl/6sEYT5
- 19. Environments LIVE server run_list: role[node] recipes: recipe[webserver] templates: no patch DEV server run_list: role[node] recipes: recipe[webserver] templates: with patch!
- 20. We have to keep LIVE stable! ● ● ● environments/production.rb cookbook "webserver", "= 0.1.0" webserver/metadata.rb version '0.1.1' upload cookbook ● upload production environment ● knife cookbook show webserver
- 21. Better Berksfile strategy cookbook 'apache2' cookbook 'htpasswd', git: …. cookbook 'application' cookbook 'webserver', path: 'cookbooks/webserver' ● berks install ● berks upload
- 22. Frozen cookbooks ● Try now knife cookbook upload webserver knife cookbook show webserver 0.1.1 > frozen?: true ● ● berks update && berks upload → no changes knife cookbook upload webserver --force
- 23. Vagrant provision Real demonstration now – hold your breath!
- 24. Vagrant provision chef-repo/Vagrantfile Vagrant.configure("2") do |config| config.vm.hostname = "webserver" config.vm.box = "webserver" config.vm.box_url = "http://grahamc.com/vagrant/ubuntu-12.04-omnibus-chef.box" config.vm.network :public_network config.berkshelf.berksfile_path = "Berksfile" config.berkshelf.enabled = true config.vm.provision :chef_solo do |chef| chef.run_list = [ ] chef.data_bags_path = "data_bags" chef.roles_path = "roles" chef.add_role("node") chef.environments_path = "environments" chef.environment = 'production' end end
- 25. Vagrant provision - chef-solo ● No API (no databag search , for instance) ● No cookbook version pin in environment ● No persistent attributes (normal[..][..])
- 27. base_server ● ● ● Create new cookbook with Berks cd cookbooks berks cookbook base_server Add base_server to Berskfile Include dependences on apt, ntp, chef-client, cron, openssh ● Include base_server to role[node] run_list
- 28. Recipes to include base_server/recipes/default.rb include_recipe "chef-client" include_recipe "chef-client::delete_validation" include_recipe "chef-client::config" include_recipe "ntp" include_recipe "cron" include_recipe "apt" include_recipe "openssh" ● Bump minor cookbook version of 'base_server' copy/paste from http://goo.gl/6sEYT5
- 29. base_server configuration default[:openssh][:server][:password_authentication] = 'no' default[:openssh][:server][:allow_agent_forwarding] = 'yes' default[:openssh][:server][:allow_tcp_forwarding] = 'no' default[:openssh][:server][:use_dns] = 'no' copy/paste from http://goo.gl/6sEYT5
- 30. chef_client On node: ps ajx | grep chef-client On workstation: knife status NB! It is a good idea to establish internal procedure to check knife status on regular basis
- 31. chef_restart include_recipe "cron" cron "Chef: Node-specific cronjobs: chef-client-restart" do minute "#{node[:chef_restart_minute] ||= rand(59)}" hour "#{node[:chef_restart_hour] ||= rand(23)}" day "*" month "*" weekday "*" command "ps ax | grep -q [c]hef-client && sleep $(( $RANDOM % 1800 )) && invoke-rc.d chef-client restart >/dev/null 2>&1" user "root" end
- 32. Exception handlers ● Report about any exceptions in chef run ● Many community handlers are available: – Airbrake – Email – Syslog – Graphite – HipChat
- 35. Debugging with Chef sudo chef-client -ldebug -Fdoc sudo chef-client --why-run sudo chef-client -o recipe['apache2::mod_dav']
- 36. 'puts driven development' Chef::log.info("Your message") log("Your message to put it simple") abort
- 37. chef-shell # chef-shell -z chef> run_chef chef> chef_run.skip_back 40 chef> chef_run.step chef> node['apache']['dir']
- 38. Pry - installation ● Run on node: /opt/chef/embedded/bin/gem install --no-ri --no-rdoc pry pry-nav pry-doc ● Insert into webserver/recipes/default.rb require 'pry'; binding.pry copy/paste from http://goo.gl/6sEYT5
- 39. pry # chef-client pry> ls node pry> ls node.name pry> ls node.default pry> ls node.normal pry> step pry> next pry > continue
- 40. Chef-testing ● Semantic testing → Foodcritics ● Unit testing → ChefSpec ● Integration testing → with ChefZero – Test Kitchen –
- 41. Foodcritic lint gem install foodcritic --no-ri --no-rdoc cd CHEF_REPO foodcritic cookbooks/webserver .. see http://acrmp.github.io/foodcritic/
- 42. More rules cd CHEF_REPO git clone git://github.com/custominkwebops/foodcritic-rules.git foodcritic/customink git clone git://github.com/etsy/foodcriticrules.git foodcritic/etsy foodcritic -I foodcritic/* cookbooks/webserver copy/paste from http://goo.gl/6sEYT5
- 43. Functional spec example from PagerDuty http://goo.gl/9k5Fj2