In “The Moving Parts of Opscode Chef” there was an interesting discussion about the need of a highly available chef server if you want to use opscode chef as your configuration management tool of choice. Especially for small to medium sized enviroments running your own chef server is overkill. If you don’t want to use chef-solo (a local “push” tool instead of the client-server model of chef), you can sign up for an account at the opscode chef platform. The opscode chef platform gives you an highly available chef server in the cloud. After sign up, it’s only a matter of minutes to get your first client (or ‘node’ in chef speak) under configuration management control.
Bootstrap A Chef-Client With Knife
If you have a box you want to have managed by the chef platform all you need is ssh access to it and chef installed on your local workstation. Just run
knife bootstrap www.example.com
(be sure you have the
Net::SSH::Multi gem installed on your local workstation:
$ sudo gem install net-ssh-multi)
to get chef-client installed and hooked up to the chef platform. After a few minutes you’ll find your brand new node ready to run cookbooks.
Roles, Nodes, And Cookbooks
Now you have the opscode chef platform acting as your chef server and another box acting as chef-client. It’s time to get something installed on that client using chef. Before we write any code, let’s have a look at how everything plays together:
- Node: Every box you want to manage with Opscode Chef is a node. The node definition lives only on the chef server and can be modified by the command line tool
knife. To display all the attributes of a node you simply type
knife node show www.example.comat your local workstation.
- Role: Roles define what a node should be. Examples of roles could be mysql_master, load_balancer, gateway, etc. Within roles you define so called “run_list”s of recipies (or other roles) telling chef what to install on every box having this role assigned.
- Recipes: A recipe is a set of instructions which ensures that a node has everying setup as you need it. You can define a variety of resources like users, directories, packages, files, etc. You could have e.g. a recipe called
nginx::sourcewhich will grab the source tarball of nginx form a website, unpack it, configure, make, make install it, and upload configuration files as well as setting up a runit service for it. As you’ve already seen, you tell a role which recipes it shall run on every node having that role.
- Cookbooks: Cookbooks are collections of recipes. There are simple cookbooks including only one recipe (like the logrotate cookbook) and others having multiple recipes (like the nginx cookbook which includes recipes for installing nginx from source or using a package manager). Opscode provides a huge set of ready made cookbooks. If you want to use them you can include them into your chef setup by using knife:
knife cookbook site vendor nginx -d.
Assign A Role To A Node
Assuming you have a set of roles and cookbooks ready (that means: edited them on your local workstation and then uploaded them to the chef platform using e.g.
knife cookbook upload load_balancer) its time now to get something installed on your new node. Just type
knife node run_list add [NODE] [ENTRY] where [NODE] could be http://www.example.com and [ENTRY] could be
role[load_balancer] if you want to assign the role
load_balancer to your node http://www.example.com.
Now just run
chef-client on http://www.example.com and it will grab the required cookbook and run its default recipe.