Chef 實作

#DevOps 系列課程 (五) - 自動部署

Ming-der Wang

ming@log4analytics.com

TurboTeam 集先鋒科技

Chef 簡介

https://www.chef.io ( 7 year-old)

http://www.rightscale.com/blog/sites/default/files/Cloud%20Computing%20Trends%20DevOps%20Tools%20Use%202015.png

2015 的問卷

"chef engineer average salary"

功能

自動部署環境 (provisioning)
自動部署軟體 (deployment)
沒有 clients 數量的限制
現成 cookbooks 可以用 (in the supermarket)
ruby-based
chef-server or chef-solo
建議公司用 chef-server

其他類似的工具

Puppet (puppet.com)
Ansible (ansible.com)
Salt (saltstack.com)
CFEngine (cfengine.com)
RunDesk (rundeck.org)

＊Docker 算不算?

Chef Server, W/S, Nodes概念

CHEF SERVER

NODES

Workstation

cookbooks 放在哪裡?

用 Git 來管理 chef-repo

chef 有哪些重要元件?

用 Git 來管理

docker

containers 等級
Cattle 類
ex. ELK? Redis?
micro services
stateless
testing Environment
其他 ...

chef

VMs or bare metal 等級
Pets 類
ex. kubernetes clusters
DB?
persistence
Single Sign On?
其他 ...

哪些該用 Chef ? 哪些該用 docker-compose ?

? <------------- 開發環境 ----------> ?

? <------------- Production ----------> ?

? <------------- gitlab? redmine? jenkins ----------> ?

Chef 安裝

Download Page

Pricing Page

實作一：Chef solo

（在沒有 chef server 情況下

cookbook 初體驗）

需安裝

git
Oracle VM VirtualBox
vagrant -> https://www.vagrantup.com/downloads.html
chef DK -> https://downloads.chef.io/chef-dk/
還需安裝 knife solo

chef gem install knife-solo

或

gem install knife-solo

hello

http://www.webcyou.com/?p=4776

照這個 Link 做 hands-on (15 分鐘)

Source Tree

$ vagrant init forumone/centos64-64

$ knife solo init chef-repo

vagrant up

$ vagrant up

$ vagrant ssh-config --host hogege >> ~/.ssh/config

$ ssh hogege

// 記得要 prepare your node (chef-server 叫 bootstraping)

$ knife solo prepare hogege

my first cookbook

$ knife solo init chef-repo
$ cd chef-repo

$ knife cookbook create hello -o site-cookbooks/

or $ cd site-cookbooks; chef generate cookbook hello (新方法)

照著 link (http://www.webcyou.com/?p=4776) 修改一下 hello cookbook

my first node

$ cat nodes/hogege.json

$ knife solo cook hogege

{
"run_list": [
"recipe[hello]"
]
}

實作二：安裝 Chef server

(用 chef 安裝 chef server)

hands-on

$ git clone https://github.com/mingderwang/TaipeiDevOpsMeetup-chef.git

$ cd TaipeiDevOpsMeetup-chef

$ git checkout v2.0.1-log4-chef-server

$ git checkout -b chef-server

Berksfile

$ cat Berksfile
source "https://api.berkshelf.com"

cookbook 'chef-server', '= 2.1.6'

$ berks install

node

$ cat nodes/hogege.json
{
"run_list": [
"recipe[chef-server]",
"recipe[log4-chef-server]"
]
}

cook it

$ cd TaipeiDevOpsMeetup-chef/chef-repo

$ knife solo cook hogege

(if can't SSH)

$ cd TaipeiDevOpsMeetup-chef/

$ rm -r .vagrant

$ vagrant ssh-config --host hogege >> ~/.ssh/config

troubleshooting

$ cat .chef/knife.rb
cookbook_path ["cookbooks", "site-cookbooks"]
node_path "nodes"
role_path "roles"
environment_path "environments"
data_bag_path "data_bags"
#encrypted_data_bag_secret "data_bag_key"

knife[:berkshelf_path] = "cookbooks"
Chef::Config[:ssl_verify_mode] = :verify_peer if defined? ::Chef

安裝成功

實作三：

Wrapper Cookbook

參考 https://blog.chef.io/2013/12/03/doing-wrapper-cookbooks-right/

(如何客製化你的 cookbook)

- 也將成為公司規定 -

絕對不要 git clone cookbook, 直接修改

use ntp as an example

Create log4-ntp

$ knife cookbook create log4-ntp -o site-cookbooks

$ cd site-cookbooks

$ berks cookbook log4-ntp

install cookbook in Berksfile

$ cat Berksfile

source "https://api.berkshelf.com"
cookbook 'ntp', '~> 3.2.0'

depends in your metadata.rb

$ cat metadata.rb
name 'log4-ntp'
maintainer 'YOUR_COMPANY_NAME'
maintainer_email 'YOUR_EMAIL'
license 'All rights reserved'
description 'Installs/Configures log4-ntp'
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
version '0.1.0'

depends 'ntp'

in your cookbook

log4-ntp/attributes/default.rb

default['ntp']['peers'] = ['ntp1.acmeco.com', 'ntp2.acmeco.com']

log4-ntp/recipes/default.rb

include_recipe 'ntp'

change your run_list

$ cat nodes/hogege.json
{
"run_list":[
"recipe[log4-ntp::default]"
]
}