Chef in 20 Minutes

Sarah Novotny

  • Cloud disrupted traditional systems administration - a focus on hardware, and a lot of control; great flexibility; but cloud is harder to manage.
  • Infrastructure as code.
  • Deploy, manage environments through code, so you can manage with many of the same techniques you use to manage code.
  • knife is the command line API tool.
  • Build, configure.
  • Golden images are not the answer.
  • Aiming for thousands of machines per admin.
  • Programmatically provision and configure.
  • Treat as a codebase. Check in/check out/roll back/roll forward.
  • Reconstruct from bare metal on up.
  • And sometimes you need to. Fires. Floods. Plagues of serpents.

How it Works

  • Chefs configures resources, a set of abstractions over the top of your operating systems.
  • Declarative interfaces; say what you want, not step-by-step hows.
  • Uses Ruby as its DSL, so anything you can do in Ruby, you can do in Chef.
  • Recipies are collections of resources.
  • Cookbooks contain everything that lets a recipie function: scripts, templates, static assets, and so on.
  • chef-client runs a tool ‘ohai’. Lulz. It then talks to chef-server and chef-server tells the client what to be.
  • recipies can search chef-server so you can, e.g. have load balancers find everything they’re supposed to be be balancing, and it can be updated as infrastructure scales in and out.
  • “At one point we wanted to move from EC2 to another provider. We were able to do that in the time it took to reload our datastore. It took us 30 minutes to move all our infrastructure”. The time taken was purely a function of reloading MySQL and CouchDB.

Questions

  • What are the advantages of Chef vs Puppet vs cfengine? Searchability. The fact that the data is kept in a searchable datastore and do things based on that.
  • Platforms? Linux, some BSDs, Windows, AIX, community supports HP-UX.
  • Pull or Push? Can only ever pull, never pushes.
  • Write once then run many? Yes: you right things once, store in version control, and update as needed.
  • Is there support for tracing manual behaviour? Not at the moment.
  • How resilient/redundant are the chef servers? We can’t pull from chef servers across netowrk zones, can we replicate chef servers in sync to place it about the place? Well, the reference architecture for Enterprise Chef is for dual datastores and web servers etc. But there’s no recipie for automagically pushing out to the edge of the network.
Share