Send the link below via email or IMCopy
Present to your audienceStart remote presentation
- Invited audience members will follow you as you navigate and present
- People invited to a presentation do not need a Prezi account
- This link expires 10 minutes after you close the presentation
- A maximum of 30 users can follow your presentation
- Learn more about this feature in our knowledge base article
Do you really want to delete this prezi?
Neither you, nor the coeditors you shared it with will be able to recover it again.
Make your likes visible on Facebook?
Connect your Facebook account to Prezi and let your likes appear on your timeline.
You can change this under Settings & Account at any time.
Transcript of Chef Intro
are another object in your infrastructure, it will usually represent a single host, physical / virtual
On the Node we will find a chef client which is the one performing the "heavy lifting"
The client runs
which applies configuration [to itself]
based on a set of
This entire process is
referred to as a
A component of the
which discovers data about the node, info like disk, ram, ip address, FQDN etc etc.
do it ?
"My personal Test lab"
My laptop :: Ubuntu 12.10 host [Desktop edition]
Virtual Box [4.2.2]
Vnet0 172.20.20.1 [172.20.20.0/24] + ipforwarding and iptables MASQ.
Dnsmasq for dns + dhcp
milkyway.local private domain name for local hosts
csrv for OSS Chef Server [CentOS-5.8]
cws for Chef workstation [ ubutnu srv 10.04 ]
n1e1 + n2e1 for "environment #1"
n2e1 + n2e2 for "environment #2"
"_default env always configured and cannot be edited
1. On Chef server create an admin user
2. On Workstation install Chef
3. Copy user to workstation
4. Knife configure
Currentely there are no "nodes" to manage
} Default users
Add Some nodes
Using Chef strap
We now have 4 nodes managed by chef
I would usually use
for this kind of query ...
tikal@cws:~$ knife environment create 'dev'
Create environment from file:
knife environment from file prod.json
Use OpsCode Chef's repository as base structure (you don't have to)
git clone git://github.com/opscode/chef-repo.git
Traceable and "Owned" infrastructural changes
Add remote repository [default remote is opscode ... ]
git remote add github https://github.com/tikalk/chef-intro-repo.git
[your custom url]
This intro's git repo is:
edit an existing env "from file":
knife edit from file environments/prod.json
Add an existing node to an environment
knife node edit n1e1.milkyway.local
Saving updated chef_environment on node n1e1.milkyway.local
Chef In Practice
"Play Ground" / Setup
Setting up OSSCS
In this Intro, chef server was installed on CentOS 5.8 via Git
issues / suggestions / forks are welcome
“Today we are SURE that we made the right decision, choosing Tikal”Guy Ben-Porat - Development Manager “ExLibris”
We help companies build, deliver,
deploy, manage and optimize their products.
12+ Years old
“Actions speak louder than words”
Tikal by Numbers
Haggai Philip Zagury
Devops & Configuration management Engineer
“I am a member of Tikal's ALM group.
With over 12 members, we meet, share, contribute and code together on a monthly basis. “
Knife is like a pipe + tee
One side you create / edit and commit
On the other you push to Chef Server
Knife | tee repo | tee chef server
Test your recipes locally then commit ...
Setting up A Workstation
perquisite :: Chef Server
Clone and existing cookbook(s)
knife cookbook site install chef-client
Cookbook chef-client version 2.1.6 successfully installed
A good time to mention
What is Chef & what does it solve
Chef components chef-server, chef-client, knife etc
Chef environment intro
Setting up Chef server
Setting up Chef Workstation (knife conf)
chef bootstrap, [webui/api/search]
chef client [configuring & running]
Introduction to Cookbooks
Reusing existing cookbooks
Writing your own cookbooks
SCM integration (git)
Open Questions Time.
Care to probe angry sysadmins @ 2 AM ?
It's flexible [not OS specific !? - debatable]
A set of tools for each daunting task
DRY - Don't repeat yourself / D&F
Infrastructure as code
As you "
mature with chef
" you will learn of more great reasons ...
sudo apt-get install ruby ruby-dev libopenssl-ruby rdoc ri irb build-essential wget ssl-cert curl
curl -O http://production.cf.rubygems.org/rubygems/rubygems-1.8.10.tgz
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 243k 100 243k 0 0 168k 0 0:00:01 0:00:01 --:--:-- 344k
tar zxf rubygems-1.8.10.tgz
sudo ruby setup.rb --no-format-executable
RubyGems 1.8.10 installed
Install Chef Gem
sudo gem install chef --no-ri --no-rdoc
scp root@csrv:/etc/chef/*.pem ~/.chef
knife configure -i
WARNING: No knife configuration file found
Where should I put the config file? [/home/tikal/.chef/knife.rb]
Please enter the chef server URL: [http://cws2.milkyway.local:4000]
Please enter a clientname for the new client: [tikal]
Please enter the existing admin clientname: [chef-webui]
Please enter the location of the existing admin client's private key: [/etc/chef/webui.pem]
Please enter the validation clientname: [chef-validator]
Please enter the location of the validation key: [/etc/chef/validation.pem]
Please enter the path to a chef repository (or leave blank):
Creating initial API user...
Configuration file written to /home/tikal/.chef/knife.rb
Validating workstation setup
Create your own
based on http://wiki.opscode.com/display/chef/Guide+to+Creating+A+Cookbook+and+Writing+A+Recipe
19 hours ago, n2e2.milkyway.local, n2e2.milkyway.local, 172.20.20.214, centos 6.3.
19 hours ago, n1e1.milkyway.local, n1e1.milkyway.local, 172.20.20.243, ubuntu 12.04.
19 hours ago, n1e2.milkyway.local, n1e2.milkyway.local, 172.20.20.196, ubuntu 12.04.
19 hours ago, n2e1.milkyway.local, n2e1.milkyway.local, 172.20.20.211, centos 6.3.
knife client show n1e1.milkyway.local
public_key: -----BEGIN RSA PUBLIC KEY-----
-----END RSA PUBLIC KEY-----
knife client show n1e1.milkyway.local
"public_key": "-----BEGIN RSA PUBLIC KEY-----\nMIIBCgKCAQEAtTFjQMx9GgpUOoh+AnjDf9vYg8owQMucs5QyrlpWgXGLScsh4iXE\nzxpMNYqPxzjwnCIiIZRaNkAxc0p8YiTzZcgPYUvYLhe4I88z3+WfOBwR2Bc7TKx1\nmwuJu0ytzl3GQ4SAJykTZkutTL8WVc2/FExFqB8cPo8hI3ZUZjjJ5ayJGZ1RKNo0\n0DHshUh1UDSNzMHkBEHv6e9R/xiTkPxyJxKB8cEO1BmPP/hE2ASlS+GjKInqkbNO\nogCgLaX7vP0jhnnjAXZXJtHznIlF6FNmcbQB1xkwspSMcoH64fFIS3jgJR40EBU0\nK9XoiYGu1DWMkC3qPUuBWVL4A+ryC1psNQIDAQAB\n-----END RSA PUBLIC KEY-----\n",
(Return as json)
A simple chef recipe
A simple role
role + nested role
including discussed recipes (chef-server + ntp)
knife node edit
add role for the node
use override_attribute to override defaults
<= Scale =>
<= Rest =>
create file from template
start & enable service
Or DSL format
knife cookbook create ntp
** Creating cookbook ntp
** Creating README for cookbook: ntp
** Creating CHANGELOG for cookbook: ntp
** Creating metadata for cookbook: ntp
Write the recipe
Configure Knife [ workstation ]
Bootstrap node => affiliate to environment
cookbook (clone/myown) => server
Role<= recipes + attributes => server
Wait for chef-client run
Push to SCM
knife configure -i
git clone ... [chef-repo]
knife environment from file envname.json
knife cookbook site download "kookbook name"
knife role from file base.json
Upload recipe to chef server [knife cookbook upload ...]
knife bootstrap -x user -P passwd -r "role[rolename]"
knife node edit nodename (add recipe)
Push to SCM
Wait for chef-client to run
Our Actions thought this introduction
We used sudo cookbook
Sudo cookbook defines users in /etc/sudoers file ...
After chef run we got locked out of the system
Roles are a way to group recipes for
re-use / share between nodes
Offline (SCM) way to store
configuration and share
A mechanism for managing different groups of nodes with specific environmental attributes [and runlists]
Create a role with knife
knife role list
list existing roles
knife role create demorole
tikal@cws:~$ knife role from file \
or rolename.erb [dsl format]
Do the same but from
file (in SCM)
Role "onemin"* includes all the
attributes & recipes
from "base", and will override the
*onemin is named after "run chef-client every minute which with time became 30 seconds...
knife search node ip*:'172.20.20.21'*
Use -Fj and you will get all the output + ohai properties of that node !
Search for all nodes with IP 172.20.20.21[10-55]
Search for all centos nodes
knife node edit n2e2.milkyway.local
Add role(s) to node
As a sysadmin
We keep hacking systems
Relaying on memory
No SCM / traceability
Repeating our selves
A little Deeper
The Problem with this recipe
ntp server address is "hard coded"
only one server !
"ntpd" is correct only on
Attributes to the rescue ...
Template file needs to support:
Our "servers" Array
Flexible Service name
add a new file
Create a servers array with default values
Determine service name according to OS
evaluated to "
For each ntp server in:
which will set your own ntp servers
tu & c
ntos case package name is
The service name will be evaluated by chef in attributes file (appended to the node attributes at run time )
Apply recipe to your role (we did previously in role "base")
Update cookbook version [
Upload recipe to chef server [
knife cookbook upload ntp
Test this recipe on centos + ubuntu ...
basic & manual
testing : use
Test the recipe !
This is just an example there is a more extensive ntp cookbook !!!
Improve your recipe(s)
" - ubu
" - centos
What's in A Chef
A Chef Run
Building the node object
Ohai OS attribute discovery
Previous run data collection from
Any JSON Attributes or Recipes
All the Ohai attributes
Chef Server Registration / Authentication
If exists :: /etc/chef/client.pem validated against server
If not :: validation.pem is used to register the node and store private key in /etc/chef/client.pem
Build , Register / Authenticate
Server Cookbooks => /var/chef/cache/cookbooks/
Chef will not start executing unless the entire cookbook(s), Extract all Libraries, Attributes, Definitions and Recipes from these cookbooks.
This assures that a chef-client will not "get stuck" whilst applying configuration.
from all cookbooks, making any language extensions or ruby classes available.
from all Attribute files => update Node attributes and Recipes.
Definitions must be loaded before Recipes, since they create new pseudo-Resources.
At this point, the Recipes themselves are evaluated. We are not taking any action on the resources in the recipes at this stage - we are taking each evaluated resource and putting it in the Resource Collection.
This is essentially an Array of each evaluated resource, along with some helpful functions.
Plain Ruby code outside of resources is evaluated, however.
If you would like Ruby code executed with other resources, use a Ruby Block Resource.
You can have Chef Evaluate and Run Resources at Compile Time, too.
Start / Stop services
Configure / Auto configure
servers and services
Share configurations among servers / the global community
Anything else .... you might need to run
What does chef do ?
That's not all ....
Files / Templates