Weitere ähnliche Inhalte Ähnlich wie Chef in the cloud [dbccg] (20) Kürzlich hochgeladen (20) Chef in the cloud [dbccg]1. Chef in the Cloud
Speaker:
Joshua Timberman Technical Evangelist
‣ joshua@opscode.com
‣ @jtimberman
‣ www.opscode.com
Copyright © 2010 Opscode, Inc - All Rights Reserved 1
Monday, September 27, 2010
2. System administrator
Many environments
Opscode: Training, Services
Copyright © 2010 Opscode, Inc - All Rights Reserved
http://www.flickr.com/photos/anotherphotograph/2100904507/sizes/o/ 2
Monday, September 27, 2010
3. Developers?
Systems Administrators?
“Business” people?
http://www.flickr.com/photos/timyates/2854357446/sizes/l/
Copyright © 2010 Opscode, Inc - All Rights Reserved 3
Monday, September 27, 2010
4. Cloud Infrastructure
Provisioning
Configuration Management
System Integration
Copyright © 2010 Opscode, Inc - All Rights Reserved 4
Monday, September 27, 2010
5. Provisioning
Nodes
lb01
web01
web02
db-master01
db-slave01
db-slave02
Copyright © 2010 Opscode, Inc - All Rights Reserved 5
Monday, September 27, 2010
6. Configuration Management
Roles
loadbalancer
webserver
dbmaster
dbslave
Copyright © 2010 Opscode, Inc - All Rights Reserved 6
Monday, September 27, 2010
7. Systems Integration
Load Balancer
Recipes
Web Server Web Server
haproxy
apache2
myssql DB Master
DB Slave DB Slave
Disk Disk Disk
Copyright © 2010 Opscode, Inc - All Rights Reserved 7
Monday, September 27, 2010
8. Infrastructure as Code
http://www.flickr.com/photos/wonderlane/2306082998/
Copyright © 2010 Opscode, Inc - All Rights Reserved 8
Monday, September 27, 2010
9. Infrastructure as Code is...
A technical
domain revolving
around building
and managing
infrastructure
programmatically
http://www.flickr.com/photos/kwerfeldein/2634561264/sizes/o/
Copyright © 2010 Opscode, Inc - All Rights Reserved 9
Monday, September 27, 2010
10. Enable the reconstruction of
the business from nothing
but a source code
repository, an application
data backup, and bare metal
resources.
Copyright © 2010 Opscode, Inc - All Rights Reserved 10
Monday, September 27, 2010
11. Copyright © 2010 Opscode, Inc - All Rights Reserved 11
http://www.brooklynstreetart.com/theBlog/wp-content/uploads/2008/12/swedish_chef_bork-sleeper-cell.jpg
Monday, September 27, 2010
12. At a High Level...
‣ A library for configuration management
‣ A configuration management system
‣ A systems integration platform
‣ An API for your entire Infrastructure
http://www.flickr.com/photos/asten/2159525309/sizes/l/
Monday, September 27, 2010
13. Chef Client runs on your
systems
Copyright © 2010 Opscode, Inc - All Rights Reserved 13
Monday, September 27, 2010
14. Clients talk to a Chef
Server
Copyright © 2010 Opscode, Inc - All Rights Reserved 14
Monday, September 27, 2010
15. RESTful API w/ JSON
responses
Copyright © 2010 Opscode, Inc - All Rights Reserved 15
Monday, September 27, 2010
16. The Opscode Platform
is a hosted Chef Server
http://www.opscode.com
Copyright © 2010 Opscode, Inc - All Rights Reserved 16
Monday, September 27, 2010
17. We call each system you
configure a Node
Copyright © 2010 Opscode, Inc - All Rights Reserved http://www.flickr.com/photos/peterrosbjerg/3913766224/ 17
Monday, September 27, 2010
18. Nodes have Attributes
Kernel info!
{
"kernel": {
"machine": "x86_64",
"name": "Darwin",
"os": "Darwin",
"version": "Darwin Kernel Version 10.4.0: Fri Apr 23 18:28:53 PDT 2010;
root:xnu-1504.7.4~1/RELEASE_I386",
"release": "10.4.0"
},
"platform_version": "10.6.4",
"platform": "mac_os_x",
"platform_build": "10F569",
"domain": "local",
Platform info!
"os": "darwin",
"current_user": "jtimberman",
"ohai_time": 1278602661.60043,
"os_version": "10.4.0",
"uptime": "18 days 17 hours 49 minutes 18 seconds",
"ipaddress": "10.13.37.116",
"hostname": "cider",
"fqdn": "cider.local",
Hostname and IP!
"uptime_seconds": 1619358
}
Copyright © 2010 Opscode, Inc - All Rights Reserved 18
Monday, September 27, 2010
19. Nodes have a Run List
What Roles or Recipes to apply
in Order
Copyright © 2010 Opscode, Inc - All Rights Reserved 19
Monday, September 27, 2010
20. Nodes have Roles
Copyright © 2010 Opscode, Inc - All Rights Reserved http://www.flickr.com/photos/laenulfean/374398044/ 20
Monday, September 27, 2010
21. Roles have a Run List
What Roles or Recipes to apply
in Order
Copyright © 2010 Opscode, Inc - All Rights Reserved 21
Monday, September 27, 2010
22. remote_file
link
cookbook_file
service
ruby_block
template
execute
Chef manages
Resources on Nodes
package bash git log
deploy
user http_request
Copyright © 2010 Opscode, Inc - All Rights Reserved 22
Monday, September 27, 2010
23. Resources...
Declare a description of the state a part of the node should be in
‣ Have a type package "apache2" do
version "2.2.11-2ubuntu2.6"
action :install
‣ Have a name end
template "/etc/apache2/apache2.conf" do
‣ Have parameters source "apache2.conf.erb"
owner "root"
‣ Take action to put the group "root"
mode 0644
resource in the action :create
declared state end
http://www.flickr.com/photos/xiaming/382205902/sizes/l/
Monday, September 27, 2010
24. Resources take action
through Providers
Copyright © 2010 Opscode, Inc - All Rights Reserved 24
Monday, September 27, 2010
25. Providers...
Know how to actually perform the actions specified by a resource.
Apt, Yum, Rubygems,
Multiple providers
per resource type.
Portage, Macports,
FreeBSD Ports, etc.
http://www.flickr.com/photos/affableslinky/562950216/
Monday, September 27, 2010
26. Resources
Platform
Provider
http://www.flickr.com/photos/acurbelo/2628837104/sizes/o/
Monday, September 27, 2010
27. Recipes are lists of
Resources
http://www.flickr.com/photos/roadsidepictures/2478953342/sizes/o/
Copyright © 2010 Opscode, Inc - All Rights Reserved 27
Monday, September 27, 2010
28. Recipes...
Apply resources in the order they are specified
package "apache2" do
version "2.2.11-2ubuntu2.6"
action :install
1
‣ Evaluates resources in [
end
the order they appear "package[apache2]",
"template[/etc/apache2/apache2.conf]"
template "/etc/apache2/apache2.conf" do
] source "apache2.conf.erb"
‣ Adds each resource to owner "root"
the Resource Collection group "root"
mode 0644
action :create
2
end
http://www.flickr.com/photos/roadsidepictures/2478953342/sizes/o/
Monday, September 27, 2010
29. Order Matters
http://www.infrastructures.org/papers/turing/turing.html
Copyright © 2010 Opscode, Inc - All Rights Reserved 29
Monday, September 27, 2010
30. Cookbooks are
packages for Recipes
Copyright © 2010 Opscode, Inc - All Rights Reserved 30
Monday, September 27, 2010
31. Common Cookbook Components
recipes/
default.rb
files/
templates/
attributes/
default.rb
metadata.rb
Copyright © 2010 Opscode, Inc - All Rights Reserved 31
Monday, September 27, 2010
32. Cookbooks are
shareable!
cookbooks.opscode.com
Copyright © 2010 Opscode, Inc - All Rights Reserved 32
Monday, September 27, 2010
33. Data bags store
arbitrary data
Copyright © 2010 Opscode, Inc - All Rights Reserved 33
Monday, September 27, 2010
34. A user data bag item...
% knife data bag show users jtimberman
{
"comment": "Joshua Timberman",
"groups": "sysadmin",
"ssh_keys": "ssh-rsa SUPERSEKRATS jtimberman@cider",
"files": {
".zshrc": {
"mode": "0644",
"source": "dot-zshrc"
},
".vimrc": {
"mode": "0644",
"source": "dot-vimrc"
}
},
"id": "jtimberman",
"uid": 7004,
"shell": "/usr/bin/zsh",
"openid": "http://jtimberman.myopenid.com/"
}
Copyright © 2010 Opscode, Inc - All Rights Reserved
Monday, September 27, 2010
35. sysadmins = search(:users, 'groups:sysadmin')
sysadminss.each do |u|
user u['id'] do
uid u['id']
shell u['shell']
comment u['comment']
supports :manage_home => true
Data bags make recipes home "/home/#{u['id']}"
end
awesome-r (that’s
directory "/home/#{u['id']}/.ssh" do
owner u['id']
group u['id']
mode 0700
totally a word)
end
template "/home/#{u['id']}/.ssh/authorized_keys" do
source "authorized_keys.erb"
owner u['id']
group u['id']
mode 0600
variables :ssh_keys => u['ssh_keys']
end
end
Copyright © 2010 Opscode, Inc - All Rights Reserved 35
Monday, September 27, 2010
36. Nodes, Roles, Data
Bags are Searchable
% knife search node “role:webserver”
search(:users, “group:sysadmins”)
Copyright © 2010 Opscode, Inc - All Rights Reserved 36
Monday, September 27, 2010
37. Automating the Cloud
with Chef
http://www.flickr.com/photos/46183897@N00/3442880227/sizes/l/
Copyright © 2010 Opscode, Inc - All Rights Reserved 37
Monday, September 27, 2010
38. lb1
web1 web2
Copyright © 2010 Opscode, Inc - All Rights Reserved 38
Monday, September 27, 2010
39. Command-line API
utility, Knife
http://www.flickr.com/photos/myklroventine/3474391066/
Copyright © 2010 Opscode, Inc - All Rights Reserved 39
Monday, September 27, 2010
40. Copyright © 2010 Opscode, Inc - All Rights Reserved 40
Monday, September 27, 2010
41. Fog
EC2
Rackspace/Openstack
Terremark/vcloud
Slicehost
Others...?
Copyright © 2010 Opscode, Inc - All Rights Reserved 41
Monday, September 27, 2010
42. Add your Cloud
credentials to knife.rb
vi ~/chef-repo/.chef/knife.rb
# Cloud credentials
knife[:aws_access_key_id] = ENV['AWS_ACCESS_KEY_ID']
knife[:aws_secret_access_key] = ENV['AWS_SECRET_ACCESS_KEY']
Copyright © 2010 Opscode, Inc - All Rights Reserved 42
Monday, September 27, 2010
43. Download some
cookbooks
% knife cookbook site vendor haproxy
INFO: Downloading haproxy from the cookbooks site at version 0.7.0
...
INFO: Merging changes from haproxy version 0.7.0.
...
INFO: Cookbook haproxy version 0.7.0 successfully vendored!
% knife cookbook site vendor apache2
...
INFO: Cookbook apache2 version 0.12.3 successfully vendored!
Copyright © 2010 Opscode, Inc - All Rights Reserved 43
Monday, September 27, 2010
44. Upload Cookbooks!
knife cookbook upload -a
These run as root, kids.
Let’s not blindly trust the upstream too much!
Copyright © 2010 Opscode, Inc - All Rights Reserved 44
Monday, September 27, 2010
45. Build some roles
% vi roles/lb.rb
name "lb"
description "Load Balancer"
run_list(
"recipe[haproxy]"
)
% vi roles/webserver.rb
name "webserver"
description "Systems that serve HTTP traffic"
run_list(
"recipe[apache2]"
)
default_attributes(
"apache2" => {
"listen_ports" => [ "80" ]
}
)
Copyright © 2010 Opscode, Inc - All Rights Reserved 45
Monday, September 27, 2010
46. Upload Roles
% knife role from file lb.rb
WARN: HTTP Request Returned 404 Not Found: Cannot load role lb
WARN: Updated Role lb!
% knife role from file webserver.rb
WARN: HTTP Request Returned 404 Not Found: Cannot load role webserver
WARN: Updated Role webserver!
Copyright © 2010 Opscode, Inc - All Rights Reserved 46
Monday, September 27, 2010
47. Launch a new Web
Server and Load
Balancer
knife ec2 server create ‘role[webserver]’
knife ec2 server create ‘role[lb]’
Copyright © 2010 Opscode, Inc - All Rights Reserved 47
Monday, September 27, 2010
48. knife ec2 server create
Create EC2 instance via API
Retrieve local configuration
SSH to instance
‣ Write chef configuration and authentication
‣ Install Ruby and Chef
‣ Run Chef with specified run list
Copyright © 2010 Opscode, Inc - All Rights Reserved 48
Monday, September 27, 2010
49. Chef runs on your new
server
sudo chef-client
INFO: Starting Chef Run
...
INFO: Chef Run complete in 211.852033 seconds
Automatically.
Copyright © 2010 Opscode, Inc - All Rights Reserved 49
Monday, September 27, 2010
50. cookbooks/haproxy/recipes/default.rb
webservers = search(:node, "role:webserver")
template "/etc/haproxy/haproxy.cfg" do
source "haproxy.cfg.erb"
owner "root"
group "root"
mode 0644
variables(:webservers => webservers)
notifies :restart, resources(:service => "haproxy")
end
cookbooks/haproxy/templates/default/haproxy.cfg.erb
listen application 0.0.0.0:80
balance roundrobin
<% @webservers.each do |n| -%>
server <%= n[:hostname] %> <%= n[:ipaddress] %>:80 weight 1 maxconn
50 check
<% end -%>
Copyright © 2010 Opscode, Inc - All Rights Reserved 50
Monday, September 27, 2010
51. cookbooks/apache2/templates/default/index.html.erb
<html>
<head>
<title>Welcome to <%= node[:hostname] %></title>
</head>
<body>
You have reached:
<ul>
<li><b>FQDN</b>: <%= node[:fqdn] %></title>
<li><b>Public FQDN</b>: <%= node[:ec2][:public_hostname]%></id>
<li><b>IP Address</b>: <%= node[:ipaddress] %></id>
<li><b>Public IP</b>: <%= node[:ec2][:public_ipv4] %></id>
<li><b>Platform</b>: <%= node[:platform] %></id>
<li><b>Plaform Version</b>: <%= node[:platform_version] %></id>
<li><b>Run List</b>: <%= node.run_list %></id>
</ul>
</body>
</html>
Copyright © 2010 Opscode, Inc - All Rights Reserved 51
Monday, September 27, 2010
52. Lessons Learned
Copyright © 2010 Opscode, Inc - All Rights Reserved 52
Monday, September 27, 2010
53. You own your
Availability
Copyright © 2010 Opscode, Inc - All Rights Reserved http://www.flickr.com/photos/jeffmcneill/4252968654/ 53
Monday, September 27, 2010
54. Copyright © 2010 Opscode, Inc - All Rights Reserved 54
Monday, September 27, 2010
55. AMIs
‣ Amazon Machine Images
‣ Use one AMI with JEOS for each size
‣ Beware of Image Sprawl
‣ Rebundle for long-running installation
http://www.flickr.com/photos/wwworks/3271208324/sizes/l/
Copyright © 2010 Opscode, Inc - All Rights Reserved 55
Monday, September 27, 2010
56. Instances
‣ c1.medium is best bang for the $
‣ User data can inform configuration
‣ Use SSH key only access
‣ Allow SSH in default security group
http://www.flickr.com/photos/wwworks/3271208324/sizes/l/
Copyright © 2010 Opscode, Inc - All Rights Reserved 56
Monday, September 27, 2010
57. Instances
‣ Internal and external network info is not
unique
‣ Only trust the instance-id
http://www.flickr.com/photos/wwworks/3271208324/sizes/l/
Copyright © 2010 Opscode, Inc - All Rights Reserved 57
Monday, September 27, 2010
58. Storage
‣ EBS
‣ Persistent storage
‣ Trivial to snapshot
‣ Snapshots can create new devices
http://www.flickr.com/photos/wwworks/3271208324/sizes/l/
Copyright © 2010 Opscode, Inc - All Rights Reserved 58
Monday, September 27, 2010
59. Elastic IP Addresses
‣ Static public routable addresses
‣ Easy and fast to re-assign
‣ Just an API call away
http://www.flickr.com/photos/wwworks/3271208324/sizes/l/
Copyright © 2010 Opscode, Inc - All Rights Reserved 59
Monday, September 27, 2010
60. Resources/Questions
www.opscode.com/chef
IRC and Mailing lists
‣ irc.freenode.net #chef
‣ lists.opscode.com
Twitter:
‣ @opscode, #opschef
‣ @jtimberman
Questions?
Copyright © 2010 Opscode, Inc - All Rights Reserved 60
Monday, September 27, 2010