TXLF: Chef- Software Defined Infrastructure Today & Tomorrow

Chef: Software Defined Infrastructure Today & TomorrowMatt Ray TXLF June 14, 2014

Introductions• Matt Ray

• Director of Partner Integration at Chef

• [email protected]

• mattray GitHub|IRC|Twitter

http://www.flickr.com/photos/michaelheiss/3090102907/

Complexity

4

Items of Manipulation (Resources)• Networking • Files • Directories • Symlinks • Mounts • Registry Keys • Powershell Scripts

• Users • Groups • Packages • Services • Filesystems • and so much more

5

Application

A tale of growth...

6

Application

Application Database

Add a database

7

Application

App Databases

Make database redundant

8

App Servers

App Databases

Application server redundancy

9

App LB

App Servers

App Databases

Add a load balancer

10

App LBs

App Servers

App Databases

Webscale!

11

App LBs

App Servers

App DB Cache

App DBs

Now we need a caching layer

12

App LBs

App Servers

App DB Cache

App DBs

Infrastructure has a Topology

13

Round Robin DNS

App Servers

App DB Cache

App DBs

Floating IP?

Your Infrastructure is a Snowflake

14

App LBs

App Servers

< Shiny!

DB slaves

Cache

DB Cache

DBs

Complexity Increases Quickly

Are we monitoring??

15

App LBs

App Servers

DB slaves

Cache

DB Cache

DBs

...and change happens!

16

App LBs

App Servers

DB slaves

Cache

DB Cache

DBs

...and change happens!

Add a Central Log Host

Central Log Host

17

App LBs

App Servers

DB slaves

Cache

DB Cache

DBs

...and change happens!

Add a Central Log Host!

!

Update syslog.conf on

all Nodes

Central Log Host

18

Chef Solves This Problem• But you already

guessed that, didn’t you?

19

Chef is Infrastructure as Code• Programmatically

provision and configure components

http://www.flickr.com/photos/louisb/4555295187/

20

Chef is Infrastructure as Code• Treat like any other

code base

http://www.flickr.com/photos/louisb/4555295187/

21

Chef is Infrastructure as Code• Reconstruct business

from code repository, data backups, and compute resources

http://www.flickr.com/photos/louisb/4555295187/

22

Chef is Infrastructure as Code• Programmatically

provision and configure components

• Treat like any other code base

• Reconstruct business from code repository, data backup, and compute resourceshttp://www.flickr.com/photos/louisb/4555295187/

23

Configuration Code• Chef ensures each Node complies with the policy • Policy is determined by the configurations in each

Node’s run list • Reduce management complexity through abstraction • Store the configuration of your infrastructure in

version control

24

Declarative Interface to Resources• You define the policy in your Chef configuration • Your policy states what state each resource should

be in, but not how to get there • Chef-client will pull the policy from the Chef Server

and enforce the policy on the Node

25

How does it work?

http://i3.kym-cdn.com/photos/images/original/000/046/123/magnets.jpg

Managing Complexity• Organizations • Environments • Roles • Nodes • Recipes • Cookbooks • Search

27

Their Infrastructure

OrganizationsMy Infrastructure Your Infrastructure

28

EnvironmentsDevelopment Staging Production

29

Environments Define Policy• Environments may include data attributes necessary

for configuring your infrastructure, e.g. • The URL of your payment service’s API • The location of your package repository • The version of the Chef configuration files that

should be used

30

RolesLoad Balancers

Application Servers

DB Cache

Database

31

Roles Define Policy• Roles may include an ordered list of Chef

configuration files that should be applied • This list is called a Run List • Order is always important in the Run List

• Roles may include data attributes necessary for configuring your infrastructure, for example: • The port that the application server listens on • A list of applications that should be deployed

32

Nodes

33

Node• Each Node will

• Belong to one Organization • Belong to one Environment • Have zero or more Roles

34

Nodes Adhere to Policy• The chef-client application runs on each node, which

• Gathers the current system configuration of the node

• Downloads the desired system configuration policies from the Chef server for that node

• Configures the node such that it adheres to those policies

35

Resources• A Resource represents a piece of the system and its

desired state • A package that should be installed • A service that should be running • A file that should be generated • A cron job that should be configured • A user that should be managed • and more

36

Resources in Recipes• Resources are the fundamental building blocks of

Chef configuration • Resources are gathered into Recipes • Recipes ensure the system is in the desired state

37

Recipes• Configuration files that describe resources and their

desired state • Recipes can:

• Install and configure software components • Manage files • Deploy applications • Execute other recipes • and more

38

package "apache2"

template "/etc/apache2/apache2.conf" do! source "apache2.conf.erb"! owner "root"! group "root"! mode "0644"! variables(:allow_override => "All")! notifies :reload, "service[apache2]"!end

service "apache2" do! action [:enable,:start]! supports :reload => true!end

Example Recipe

Cookbooks• Recipes are stored in

Cookbooks • Cookbooks contain recipes,

templates, files, custom resources, etc

• Code re-use and modularity

http://www.flickr.com/photos/shutterhacks/4474421855/

40

Run List

Node

Enterprise Chef

chef-client

What policy should I follow?

41

Run List

Node

Enterprise Chef

chef-client

What policy should I follow?

"recipe[ntp::client]" "recipe[users]"

"role[webserver]"42

Run List

Enterprise Chef

chef-client

What policy should I follow?

"recipe[ntp::client]" "recipe[users]"

"role[webserver]"

43

Run List Specifies Policy• The Run List is an ordered collection of policies that

the Node should follow • Chef-client obtains the Run List from the Chef

Server • Chef-client ensures the Node complies with the

policy in the Run List

44

Search• Search for nodes with Roles • Find Topology Data !

• IP addresses • Hostnames • FQDNs

http://www.flickr.com/photos/kathycsus/268677262545

Search for Nodespool_members = search("node","role:webserver")!!

template "/etc/haproxy/haproxy.cfg" do! source "haproxy-app_lb.cfg.erb"! owner "root"! group "root"! mode 0644! variables :pool_members => pool_members.uniq! notifies :restart, "service[haproxy]"!end

46

Search for Nodespool_members = search("node","role:webserver")!!

template "/etc/haproxy/haproxy.cfg" do! source "haproxy-app_lb.cfg.erb"! owner "root"! group "root"! mode 0644! variables :pool_members => pool_members.uniq! notifies :restart, "service[haproxy]"!end

47

Pass results into Templates# Set up application listeners here.!

listen application 0.0.0.0:80! balance roundrobin! <% @pool_members.each do |member| -%>! server <%= member[:hostname] %> <%= member[:ipaddress] %>:> weight 1 maxconn 1 check! <% end -%>!<% if node["haproxy"]["enable_admin"] -%>!listen admin 0.0.0.0:22002! mode http! stats uri /!<% end -%>

48

Pass results into Templates# Set up application listeners here.!

listen application 0.0.0.0:80! balance roundrobin! <% @pool_members.each do |member| -%>! server <%= member[:hostname] %> <%= member[:ipaddress] %>:> weight 1 maxconn 1 check! <% end -%>!<% if node["haproxy"]["enable_admin"] -%>!listen admin 0.0.0.0:22002! mode http! stats uri /!<% end -%>

49

# Set up application listeners here.!

listen application 0.0.0.0:80! balance roundrobin! <% @pool_members.each do |member| -%>! server <%= member[:hostname] %> <%= member[:ipaddress] %>:> weight 1 maxconn 1 check! <% end -%>!<% if node["haproxy"]["enable_admin"] -%>!listen admin 0.0.0.0:22002! mode http! stats uri /!<% end -%>

Pass results into Templates

50

Jboss App

Memcache

Postgres Slaves

Postgres Master

NagiosGraphite

So when this...

51

Jboss App

Memcache

Postgres Slaves

Postgres Master

NagiosGraphite

...becomes this

52

Memcache

Postgres Slaves

Postgres Master

NagiosGraphite

!!! !!

Jboss App

Memcache

Postgres Slaves

Postgres Master

NagiosGraphite

...this can happen automatically

53

NagiosGraphite

!!! !!

NagiosGraphite

Memcache

Postgres Slaves

• Load balancer config

• Nagios host ping

• Nagios host ssh

• Nagios host HTTP

• Nagios host app health

• Graphite CPU

• Graphite Memory

• Graphite Disk

• Graphite SNMP

• Memcache firewall

• Postgres firewall

• Postgres authZ config

• 12+ resource changes for 1 node addition

Count the Resources

Jboss App

54

Which Operating Systems?• Many supported

platforms and architectures

• Relatively easy to port • Omnibus-Chef

• AIX, Arch, Fedora, Gentoo, OmniOS, OpenBSD, Rasbian, SmartOS and more

55

The Chef Community• Apache License, Version 2.0 • Thousands of Individual and Corporate contributors. • Thousands of cookbooks available from the

community • http://community.opscode.com

The Chef API and Server• HTTPS, RESTful API w/ JSON, RSA key auth • Infrastructure data store such as node data • Environments • Search Service • Data bags • SSH and Push jobs

http://www.flickr.com/photos/core-materials/4419853626/sizes/o/in/photostream/

knife

knife - with the Chef Server• knife node

• create / edit / delete • list

• knife cookbook ... • knife role ... • knife environment ...

59

knife - with clouds• knife azure

• knife cloudstack

• knife do

• knife ec2

• knife gce

• knife hp

• knife openstack

• knife rackspace

• knife vcloud

• knife vsphere

• ...and many others

60

Virtualization and Containers?• Docker • Hyper-V • KVM • LXC • OpenVZ • Vagrant

• Virtualbox • VMware • Xen • Zones

61

Test Kitchen• Integration testing for your

infrastructure code • Tests your cookbooks on all

the supported platforms with “real” machines

62

™

Desktop, Virtualization & Cloud

• Vagrant

• VMware

• CloudStack

• Eucalyptus

• OpenStack

• bare metal

• AWS

• Rackspace

• HP

• Google

• Azure

• many others

• AWS

• Rackspace

• HP

• Google

• Azure

• many others

Desktop, Virtualization & Cloud

• Vagrant

• VMware

• CloudStack

• Eucalyptus

• OpenStack

• bare metal

™

How about Storage?• Ceph • EMC • Gluster • NetApp • Nexenta • and more

65

What about Networking?• Routers and switches • Load balancers • Firewalls • SDN

66

Chef Metal• Chef recipes for deploying infrastructure • Libraries for repeatably creating machines and

deployments with Chef primitives • Bootstrappers for many infrastructure types • Provisioner nodes, remote command execution

68

Chef Metal: Providers• Cloud

• Digital Ocean, EC2, Fog, OpenStack • Virtualization

• Vagrant (VirtualBox, Fusion), vSphere • Containers

• Docker & LXC • SSH • PXE in progress

69

Chef Metal: Example Recipemachine 'mario' do! recipe 'mydb'! tag 'mydb_master'!end!num_webservers = 1!1.upto(num_webservers) do |i|! machine "luigi#{i}" do! recipe 'mywebapp'! end!end

70

What does this all mean?•Every infrastructure is a unique snowflake •Infrastructure as Code brings transparency and traceability •Test your deployments at every stage •Use the same infrastructure code for wherever you want to deploy

™

Austin, Texas• Lots of Chef users in Austin • Austin Chef Meetup

• Wednesday June 18, Maudies Triangle 8:30-10:30am

• Austin DevOps Meetup • www.meetup.com/austin-devops/

• Agile Austin DevOps • Cloud, Docker, OpenStack, etc..

72

Thanks!Matt Ray [email protected] @mattray