introduction to chef
DESCRIPTION
A presentation I gave at the 2013 Salishan High Speed Computing conference. With 2 hours' notice :)TRANSCRIPT
An Extemporaneous IntroductionTo Chef
Kevin A. SmithDirector of Server Engineering
Who am I?
• Director of Server Engineering @ Opscode
• Software developer for 17 years
• 7 years with Erlang
• Alumni of DCRI, SAS, Red Hat, Basho
• Erlang In Practice @ PragProg
Agenda
• Infrastructure as Code
• Configuration Management
• Chef 101
• Chef in Large Environments
http://www.flickr.com/photos/koalazymonkey/3590953001/
Infrastructure as Code
Building and managing infrastructure programmatically
Infrastructure as Code
Enable the reconstruction of the business from
nothing but a source code repository, an application
data backup, and bare metal resources.
Infrastructure as Code
Configuration Management
The Old Way
Manual Configuration
• Labor intensive
• Error prone
• Hard to reproduce
Scripting
• Very brittle
• Throw away, one off scripts
• grep sed awk perl
• curl | bash
File Distribution
• NFS mounts
• rdist
• scp-on-a-for-loop
• rsync on cron
This does not scale!
for i in `cat servers.txt` ; do scp ntp.conf root@$i:/etc/ntpd.conf ; donefor i in `cat servers.txt` ; do ssh root@$i /etc/init.d/ntpd restart ; donefor i in `cat servers.txt` ; do ssh root@$i chkconfig ntpd on ; done
See nodes grow.
Load Balancer
ApplicationServer
Database
ApplicationServer
Load Balancer
ApplicationServer
Database
ApplicationServer
Load Balancer
Database
Grow, nodes. Grow!
Datacenter #1
Load Balancer
AppServer
Database
AppServer
Load Balancer
Database
Datacenter #2
Load Balancer
AppServer
Database
AppServer
Load Balancer
Database
Internet
There are a lot of nodes!
A New Way
Declarative Configuration
• Define policy
• Say what, not how
• Abstract interface to resources
Idempotence
• Property of a declarative interface
• f(x) = x
• Eliminates brittleness
• Safe to run over and over
package "ntp" do action :installend
template "/etc/ntp.conf" do source "ntp.conf.erb" owner "root" group "root" mode 0644 notifies :restart, "service[ntpd]"end
service "ntpd" do action [:enable,:start]end
Convergence
• Running an agent “converges” a system onto desired state
• Fights entropy and unauthorized changes
• Update function inputs to deal with changing requirements
$ echo “boom” > /etc/ntp.conf$ chef-client
$ grep server /etc/ntp.conf | head -n 1us.pool.ntp.org
$ ps -e | grep ntp 1799 ? 00:00:00 ntpd
$ /etc/init.d/ntpd stop$ chef-client
ps -e | grep ntp 1822 ? 00:00:00 ntpd
Chef 101
http://www.flickr.com/photos/lapstrake/2711240606/in/photostream/
The chef-client runs on your systems.
Clients talk to a Chef server.
Client server conversations are protected with SSL and
RSA signatures.
Each system running Chef is called a Managed Node.
Chef API Server
RDBMS
Search Engine
Asset Store
Managed Node
ChefClient
System Architecture
Nodes have attributes
{ "kernel": { "machine": "x86_64", "name": "Darwin", "os": "Darwin", "version": "Darwin Kernel Version 10.4.0: Fri Apr 23 18:28:53 PDT 2010; root:xnu-1504.7.4~1/RELEASE_I386", "release": "10.4.0" }, "platform_version": "10.6.4", "platform": "mac_os_x", "platform_build": "10F569", "domain": "local", "os": "darwin", "current_user": "mray", "ohai_time": 1278602661.60043, "os_version": "10.4.0", "uptime": "18 days 17 hours 49 minutes 18 seconds", "ipaddress": "10.13.37.116", "hostname": "morbo", "fqdn": "morbomorbo.local", "uptime_seconds": 1619358 }
Platform
Kernel
Hostname, etc.
Node attributes are searchable.
$ knife search node ‘platform:mac_os_x’
search(:node, ‘platform:mac_os_x’)
Nodes have “to do” lists.
Nodes have a Run List
% knife node show hadoop-prod.example.com -r{ "run_list": [ "role[base]", "role[hadoop-worker]" ]}
Nodes can have Roles.
Aspirational Roles
• webserver
• database_master
• monitoring
• hadoop-worker
Roles have Attributes and a run list.
Roles
name "hadoop-worker"description "Hadoop cluster member”
run_list( "role[base]", "recipe[java]", "recipe[hadoop]", “recipe[hadoop-config]")
default_attributes( "hadoop-config" => { "config_path" => “/etc/hadoop” })
chef-client configures resources on managed nodes.
cookbook_file
template service
package
deploy
git
http_request
link
ruby_block
logbash
execute
remote_file
user
Chef Resources
• Have a type.
• Have a name.
• Have parameters.
• Take action to put the resource in the declared state.
• Can send notifications to other resources.
package "apache2" do action :installend
template "/etc/apache2/apache2.conf" do source "apache2.conf.erb" owner "root" group "root" mode 0644 notifies :restart, "service[apache2]"end
service "apache2" do supports :restart => true action [:enable, :start]end
package “hadoop” { yum install hadoopapt-get install hadooppacman sync hadooppkg_add -r hadoop
Chef Providers
Recipes are collections of resources.
Chef Recipes
• Resources are evaluated in the order they appear.
package "haproxy" do action :installend
template "/etc/haproxy/haproxy.cfg" do source "haproxy.cfg.erb" owner "root" group "root" mode 0644 notifies :restart, "service[haproxy]"end
service "haproxy" do supports :restart => true action [:enable, :start]end
Chef Recipes
• Recipes can include other recipes.
• Included recipes are also evaluated in order.
include_recipe "apache2"include_recipe "apache2::mod_rewrite"include_recipe "apache2::mod_deflate"include_recipe "apache2::mod_headers"include_recipe "apache2::mod_php5"
Chef Recipes
• Extend recipes with Ruby.
%w{ php5 php5-dev php5-cgi }.each do |pkg|
package pkg do action :install end
end
• Dynamic configuration through search.
pool_members = search("node", "role:app_server")
template "/etc/haproxy/haproxy.cfg" do source "haproxy.cfg.erb" owner "root" group "root" mode 0644 variables :pool_members => pool_members notifies :restart, "service[haproxy]"end
Chef Recipes
Cookbooks are packages for recipes and related files.
Cookbook Metadata
maintainer "Opscode, Inc."maintainer_email "[email protected]"license "Apache 2.0"description "Installs/Configures tomcat"long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))version "0.10.3"
%w{ java jpackage }.each do |cb| depends cbend
%w{ debian ubuntu centos redhat fedora }.each do |os| supports osend
recipe "tomcat::default", "Installs and configures Tomcat"
Cookbooks are Source Code
% git logcommit d640a8c6b370134d7043991894107d806595cc35Author: jtimberman <[email protected]>
Import nagios version 1.0.0
commit c40c818498710e78cf73c7f71e722e971fa574e7Author: jtimberman <[email protected]>
installation and usage instruction docs
commit 99d0efb024314de17888f6b359c14414fda7bb91Author: jtimberman <[email protected]>
Import haproxy version 1.0.1
commit c89d0975ad3f4b152426df219fee0bfb8eafb7e4Author: jtimberman <[email protected]>
add mediawiki cookbook
commit 89c0545cc03b9be26f1db246c9ba4ce9d58a6700Author: jtimberman <[email protected]>
multiple environments in data bag for mediawiki
OSS & Community Oriented
• Apache 2.0 License
• Wiki, mailing lists, shared cookbook repos
• http://community.opscode.com
• Healthy ecosystem
• 20k+ users
• Hundreds of contributors
• Community tooling: Food Critic, Test Kitchen, Berkshelf
Chef In“Large” Environments
New Server
• Ground up rewrite Ruby/C Erlang
• Order of magnitude more scalable
• 2k nodes 20k+ nodes per server*
*Depending on specific work load
High Scalability Users
• Cycle Computing
• edmunds.com
Push Execution
• Converge infrastructure on demand
• Real-timey view of managed infrastructure
• Reduces change latency
• 4k nodes now, 10k soon
Network Automation
• Network provisioning and configuration
• VLANs, QoS, etc.
• Partnered w/Arista on PoC (Fall 2012)
• More coming soon!
Thank You