Chef and Rickshaw
Chef Overview
Code as Infrastructure
- Treat like any other code base [1]
- Reconstruct business logic from code
- Programmatically provision and configure
- Ensure Nodes are in comply with policies
- Managing complexity via Recipes, Resources and Nodes
[1] https://learn.chef.io/fundamentals-series/week-1/Chef Server
- Store cookbooks, recipes and data bags
Chef Client
- Software that run on the Node
- Mutating the Node to a declared state
Knife
- Manage Clients remotely
- Uses Chef Server's API
Cookbook
- Collection of recipes, attributes and resources
Berksfile Gemfile Rakefile chefignore recipes test
DEBUG.md README.md attributes metadata.rb templates
name "catheral"
maintainer "Bao Nguyen"
maintainer_email "bao@fastly.com"
license "All rights reserved"
description "Where bishop goes"
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
version "0.0.1"
depends "partial_search"
depends "arista-eapi"
depends "credentials"
depends "fst-base"Resource
directory "/home/hello" do
owner "hello"
group "hello"
mode 0755
action :create
end- Represent a piece of a system in a desire state
- Idempotent
Attribute (node)
- State of a Node
default['rickshaw']['netops'] = [
"tjd",
"joao",
"nimby",
"joel",
"tpiderit",
"artur",
"eturnquist",
"jasonc",
"tyler",
"dormando",
"drwelco",
"py",
"pangulo",
"dwayne",
"frank",
"bao"
]
Rickshaw Workflow
$ knife node show oob-iad2107
Node Name: oob-iad2107
Environment: production
FQDN: oob-iad2107
IP: 198.32.107.62
Run List: recipe[datacenter::iad], role[fantomtest], role[oob], recipe[rickshaw::iad]
Roles:
Recipes: rickshaw::iad
Platform: ubuntu 12.04
Tags: fantomtest, public, rickshaw$ knife data bag show datacenter iad
datacenter:
city: Ashburn
cluster: IAD
name: IAD
region: US-East
ganglia:
gmond_port: 8956
id: iad
netboot:
netmap:
p3p1: 172.16.130.
p3p2: 172.16.134.
p5p1: 172.16.128.
p5p2: 172.16.132.
subnet: 172.16.24.0/21
ospf_disabled: true
powderhorn:
network: production
public_net: 23.235.46.0/24
timeservers:
time1.apple.com
time2.apple.com
time3.apple.com
time4.apple.com
unbound:
forwarders:
172.16.130.20
172.16.130.21
172.16.134.20
varnish:
healthcheck_disable: false
novcl: 1$ kitchen converge
-----> Converging <default-ubuntu>...
Preparing files for transfer
Resolving cookbook dependencies with Berkshelf 3.2.2...
Removing non-cookbook files before transfer
Preparing data bags
Transfering files to <default-ubuntu>
[2015-03-03T17:46:13+00:00] INFO: Started chef-zero at http://localhost:8889 with repository at /tmp/kitchen, /tmp/kitchen
One version per cookbook
[2015-03-03T17:46:13+00:00] INFO: Forking chef instance to converge...
Starting Chef Client, version 12.0.3
[2015-03-03T17:46:14+00:00] INFO: *** Chef 12.0.3 ***
[2015-03-03T17:46:14+00:00] INFO: Chef-client pid: 28
Creating a new client identity for default-ubuntu using the validator key.
[2015-03-03T17:46:15+00:00] INFO: Client key /tmp/kitchen/client.pem is not present - registering
[2015-03-03T17:46:15+00:00] WARN: Child with name 'dna.json' found in multiple directories: /tmp/kitchen/dna.json and /tmp/kitchen/dna.json
[2015-03-03T17:46:15+00:00] WARN: Child with name 'dna.json' found in multiple directories: /tmp/kitchen/dna.json and /tmp/kitchen/dna.json
[2015-03-03T17:46:15+00:00] INFO: HTTP Request Returned 404 Not Found : Object not found: http://localhost:8889/nodes/default-ubuntu
[2015-03-03T17:46:15+00:00] INFO: Setting the run_list to ["recipe[rickshaw::local]"] from CLI options
[2015-03-03T17:46:15+00:00] INFO: Run List is [recipe[rickshaw::local]]
[2015-03-03T17:46:15+00:00] INFO: Run List expands to [rickshaw::local]
[2015-03-03T17:46:15+00:00] INFO: Starting Chef Run for default-ubuntu
[2015-03-03T17:46:15+00:00] INFO: Running start handlersknife cookbook upload rickshaw
knife ssh "tag:rickshaw" "sudo chef-client -o rickshaw::_user"
or limited list
knife ssh "name:oob-iad2107" "sudo chef-client -o rickshaw::_user"