Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Chef at Parallels: Automate all the things!

Chef at Parallels: Automate all the things!

These are slides I used in my presentation on Tallinn DevOps Meetup at Nov 1, 2016
https://www.meetup.com/Tallinn-DevOps-Meetup/events/234118577/

Mikhail Zholobov

November 01, 2016
Tweet

More Decks by Mikhail Zholobov

Other Decks in Programming

Transcript

  1. • Multiple components to build on OS X, Windows and

    Linux • Dozens of dependencies: Xcode, Visual Studio, Qt, SDKs, etc. • Keep reproducible environments for different product versions The Build System
  2. • Production systems: User Account, License Server, Report System, etc.

    • Official web-resources: Website, Forum, KB, Request Tracker, etc. • Internal services: JIRA, Bitbucket, Confluence, etc. On-line Services
  3. • Supports all the OSes we need • Very active

    community and support • Easy to customize • Suitable to manage complex systems in multiple environments Chef Configuration Management
  4. Chef Overview Nodes Cookbooks Chef Server Policies Data Bags Clients

    Workstation Built-In Plugins Built-In Plugins Chef Clients
  5. Chef Cookbook • Fundamental unit of configuration • Contain recipes,

    templates, custom resources, etc. • Code reuse and modularity • Dozens of them on https://supermarket.chef.io
  6. Recipe # recipes/default.rb package "demo-app" do action :install end user

    "systemguy" do comment "system guy" system true shell "/bin/false" end directory "/opt/demo-app/" do mode "0755" owner "systemguy" recursive true end service "demo-app" do action [:enable, :start] end
  7. Attributes # recipes/default.rb package "demo-app" do action :install end user

    node["demo-app"]["username"] do comment "system guy" system true shell "/bin/false" end directory node["demo-app"]["path"] do mode "0755" owner node["demo-app"]["username"] recursive true end # ... # attributes/default.rb default["demo-app"]["username"] = "systemguy" default["demo-app"]["path"] = "/opt/demo-app"
  8. Templates # recipes/default.rb template "#{node["demo-app"]["path"]}/config.ini" do source "config.ini.erb" owner node["demo-app"]["username"]

    mode "0640" values({ address: "127.0.0.1", port: "1234" }) action :create end # ... # templates/default/config.ini.erb HOSTNAME = "<%= node["fqdn"] %>" LISTEN_ADDRESS = "<%= @address %>" LISTEN_PORT = "<%= @port %>"
  9. Policies • Policy - the exact set of cookbooks to

    run • Policyfile - source code for a policy • Compiled Policy - snapshot of a policy • Policy Group - a set of nodes that share the same revision of Compiled Policy
  10. Policyfile # Policyfile.rb name "demo" run_list "apache2::default", "demo-app::default" default_source :supermarket

    # Specify a custom source for some cookbooks: cookbook "demo-app", path: "./" cookbook "apache2", git: "https://github.com/svanzoest-cookbooks/apache2.git" $ chef install Policyfile.rb # => ./Policyfile.lock.json Compile the policy and download cookbooks:
  11. Compiled Policy # Policyfile.lock.json { "revision_id": "1413a5e42dc52540d461a7067e6c6813d665a1", "name": "demo", "run_list":

    [ "recipe[apache2::default]", "recipe[demo-app::default]" ], "cookbook_locks": { "demo-app": { "version": "0.1.0", "identifier": "9f018bfe70059ced22ac6fe752a55714822e0da8", "source": ".", "cache_key": null, "source_options": { "path": "." } }, "apache2": { "version": "3.2.2", "identifier": "d3825799e048de0d292d44c52e8cdd5fe5c5931e", "cache_key": "apache2-ceb3df90b30bdf89a481a276cc2408ee9c51b91b", "origin": "https://github.com/svanzoest-cookbooks/apache2.git", "source_options": { "git": "https://github.com/svanzoest-cookbooks/apache2.git", "revision": "ceb3df90b30bdf89a481a276cc2408ee9c51b91b" } } } # ... }
  12. Push it! $ chef push Policyfile.rb staging $ chef push

    Policyfile.rb production Upload cookbooks to Chef Server and apply policy lock to the policy group:
  13. Bootstrap the Node $ knife bootstrap demo.example.com \ --policy-name demo

    \ --policy-group staging • Logs in to the node (SSH) • Installs Chef Client • Starts Chef Client with provided options Run on the workstation:
  14. Chef-Client Run • Authorizes on the Chef Server • Fetches

    all the cookbooks needed • Determines node attributes • Compiles the resource collection • Runs all the resources subsequently • Updates node’s object on the Chef Server
  15. Chef-Client Run $ sudo chef-client $ sudo chef-client --daemonize 300

    On demand (manually or via CI): ... or periodically:
  16. Test your food • ChefSpec - framework for testing Chef

    cookbooks • Write RSpec examples and generate coverage reports for recipes Unit Tests
  17. Test your food • Test Kitchen - integration tool for

    testing infrastructure code and software on isolated target platforms. Acceptance & Integration Tests • InSpec - testing framework for infrastructure. Compliance as a code.
  18. ... Our Workflow A single top-level cookbook per project “prl-base”

    “nginx” “mysql” “certificates” Internal base cookbook External, community-driven cookbooks Cookbook “myapp” loadbalancer database storage backend Recipes:
  19. Our Workflow A single policy per node type Policies myapp-loadbalancer

    myapp-database # policies/myapp-backend.rb name "myapp-backend" run_list "myapp::backend" default_source :supermarket cookbook "myapp", path: "../" myapp-backend myapp-storage
  20. Prepare the release Commit policy locks to git Make changes

    in cookbook Recompile policies $ chef update ./policyfile.rb $ git add ./policyfile.lock.json $ git commit ... Test the infrastructure locally $ kitchen test
  21. Deploy to staging Apply policy locks to policy group Run

    Chef Client on nodes $ sudo chef-client # on the node ... $ chef push ./policyfile.rb staging
  22. Deploy to production Apply policy locks to policy group Run

    Chef Client on nodes $ sudo chef-client # on the node $ chef push ./policyfile.rb production
  23. Oops... Rollback! Apply policy locks to policy group Run Chef

    Client on nodes ... Checkout the required git ref $ git checkout release/v1.0.2 $ sudo chef-client # on the node $ chef push ./policyfile.rb production
  24. Summary • Chef - “Infrastructure as Code” • “One-click deploy”

    - automate the routine with CI • Deploy the app via Chef - is not ideal, but it works
  25. • Chef Tutorials: https://learn.chef.io/ • Community Cookbooks: https://supermarket.chef.io • TestKitchen:

    http://kitchen.ci/ • Using Policyfiles: https://yolover.poise.io/ Useful links