What's New in Chef 11 at PhillyDevOps

Nathen Harvey Opscode, Food Fight Show co-host

Slides

introduction

Chef is automation platform to capture infrasturecure as code.

Think about infrastructure as collections of resources: users, files, directories, etc.

Your infrastructure evolves and can quickly grow out of control.

Chef configuration management to the rescue!

“Golden images are not the answer”

You can rebuild your entire business with 3 things:

  • bare metal resources
  • backup of data
  • source code repo

Chef recipes provide declarative interface into resources.

“Discoverable and searchable infrastructure”

first, what’s out in chef 11?

  • couchdb
  • ruby-based chef-server-api
  • depsolver, gecode, treetop
  • merb
  • openid support in webui

that’s cool but what’s new in chef 11?

  • postgresql
  • erchef
  • nginx
  • rails
  • bookshelf - abstraction on top of file system, much like s3
  • omnibus-chef server
  • chef-apply - allows to apply recipe without writing out full cookbook
  • partial search
  • users with key par
  • partials in templates

why rewrite chef server in erlang?

  • concurent, fault tolerant
  • distributed systems
  • complete chef server api rewrite

Hosted chef currently runs on mysql, but licensing complications forced opscode to ship open source chef with postgres only.

chef-server-ctl command to manage chef-server

chef-apply is the answer to problem of writing entire cookbook just to test something out chef-apply /path/to/recipe_file

partial search

partial_search(:node, ‘role:web’, keys: { ‘name’: [‘name’] }.each do |result| puts result[‘name’] end * instead of entire node, just the pieces you want * massive reduction in bandwidth and memory

Nodes are updated with ohai during chef run and then saved to node at end of chef run

cookbook - whitelist attributes

  • list attributes you want to return to the server
  • re-opens node.save method and strips out attributes not on whitelist

knife user

  • users can have key pairs, just like clients
  • knife actions as a user instead of a client
  • post a public key when you create a user/client
  • knife user (11.2.0)

partials in templates

partials just go in with the templates. as you do.

knife-essentials

  • treat local chef-repo and chef-server like a filesystem
  • knife download
  • knife diff
  • knife show
  • knife upload cookbooks/apache2
  • knife list

breaking changes

  • shef now called chef-shell
  • interactive shell for chef
  • no implicit node attr
  • no more node[‘foo’] = ‘blah’
  • attr files can access role and environment attributes
  • delayed nofiications run after failed converge
  • encrypted data bag item format change
  • chef-client lock so safe from simultaneous runs

FAQ / Q&A

  • Is their Opscode support for open source chef server? Yes.

  • Suggestion to send restart notifications via Chef only if file modified time is less than time service was last started. -@matschaffer

  • What does Chef use rabbitmq for? Persisting data into Chef search index. -@bear

  • Organizations don’t really exist in open source chef, you split them into separate chef servers to mock orgs. WebUI is also slightly different between open source chef and hosted chef.

  • What happens when two users edit a data bag simultaneously? You can encounter race conditions. There is no solution for this currently. -@justincampbell