Scenario:
-
Our organization uses chef to deploy medical record application
-
For that we have
- Dev Environment
- System Testing ENV (ST)
- Load Testing ENV (LT)
- Pre-Production ENV (Pre-PROD)
- Production ENV
-
Architecute:
-
Since we deploy with chef the Infrastructure look as shown below
Practical Problems & Solutions
-
For the application server i want convergance to happen every 60 minutes and for database i want convergance to happen every 24 hours
- Use a supermarket cookbook called as chef-client
- Add depends statement to tomcat cookbook and also to postgres cookbook
- Navigate to attributes/default.rb (create if not present) and add the following line
default['chef_client']['interval'] = 3600 # for tomcat default['chef_client']['interval'] = 86400 #- Add chef_client to the run_list of appserver and db server
- Use a supermarket cookbook called as chef-client
-
You Dev Team is using Java 8 for application server now, they want to move from Java 8 to Java 11 in the new version which will be first tested by Dev then testing and after that released to customers
- For the application server in various environments the run_list is same and when i upload a new version of cookbook it will be impacting all the environments
- To solve this problem, chef has a concept called as environments. Refer Here
- Environment is chef’s way of mapping real-world environments to chef infra structure.
All the nodes in chef will have some environment. All these days we ignored (_default).
- Chef Environment is all about
- putting restrictions on which version of cookbook has to applied
- For this environment what will be attribute value
- Create two envs dev and qa and add generate a cookbook appserver with two versions 1.0.0 & 1.1.0 with some changes in recipe’s resources. dev should have the restriction of ‘appserver ~= 1.1.0’ and qa should have restriction of ‘appserver = 1.0.0’
- Now add app server to run list of both the servers and if you look at ui it looks as shown below
- Solution is to use environments
- For creating environments from file refer here for formats and for management
-
You have 5 environments in which you have appserver and they have the same runlist and different environment and for dbserver you have to maintain the same runlist
- Why i should i do the same thing multiple times? and chef has a solution this with chef roles refer here
- Chef role is all about generalizing run_lists and setting attributes
- Create a role called as appserver and define what should be its run_list and also dbserver role and defind what should be run_list of db servers
- Now navigate to nodes and change the run_lists from individual recipes to roles
-
How to maintain secrets in Chef?
- In chef the secrets like passwords can be maintained using encrpytion by a concept called as Databags.
- Attribute is maintained at cookbook level and can be changed in
- Recipe
- Role
- Environment
- Whereas Databag is stored at the chef server level which means it is shared to all the cookbooks
- Refer Here for official docs
- Follow what has been done in class
- To access the decrypted value inside recipes use the following syntax Refer Here
data_bag_item('<databag Name>', '<item name>', '<secret>') -
How is chef used mostly in Cloud-Enabled or Virtual-Enabled Enterprises?
- Chef is used as a provisioning tool from
- Terraform
- Packer
- Cloudformation (AWS)
- ARM Template (AZURE)
- Cloud-init (AWS and Azure for Linux)
- Important References
- Chef is used as a provisioning tool from
-
How to fail chef cookbook execution?
- the script in recipe looks as shown below
if <some unsupported> do
raise 'error message'
end
- Where does chef server stores cookbooks?
- INternally has Postgres db and a rabbit mq
- Chef has a component designed which is called as bookshelf to store cookbooks in servers
- I have thousands of servers, do i need to bootstrap all of the manually?
- No, Use chef unattended bootstrap Refer Here
