Chef 0.8, Knife & EC2
      The Bleeding Edge
Building Chef from Git


BTM’s GIST: chef 0.8 alpha installation

Git Clone & Build Gems ohai, mixlib-log,
mixlib-authentication, chef, chef-server,
chef-server-api, chef-server-webui, chef-
solar
Make a Baseline EC2
AMI with Chef Client
Set up Apt for multiverse, update, upgrade

Install fundamental packages and gems

   emacs, ruby, rubygems, ec2_tools, merb...

Install Chef Client related gems you built

Set up /etc/chef/client.rb

Clean up and run Eric Hammond’s ec2 build

AMI ends up in S3 and registered as an AMI
Generic client.rb
require 'ohai'
                                                        unless File.exists?("/etc/chef/client.pem")
require 'json'
                                                         File.open("/etc/chef/validation.pem", "w") do |f|
                                                           f.print(chef_config["validation_key"])
o = Ohai::System.new
                                                         end
o.all_plugins
                                                        end
chef_config = JSON.parse(o[:ec2][:userdata])
if chef_config.kind_of?(Array)
                                                        if chef_config.has_key?("attributes")
  chef_config = chef_config[o[:ec2][:ami_launch_index]]
                                                          File.open("/etc/chef/client-config.json", "w") do |f|
end
                                                            f.print(JSON.pretty_generate(chef_config["attributes"]))
                                                          end
log_level       :info
                                                          json_attribs "/etc/chef/client-config.json"
log_location     "/var/log/chef/client.rb"
                                                        end
chef_server_url chef_config["chef_server"]
registration_url chef_config["chef_server"]
                                                        validation_key "/etc/chef/validation.pem"
openid_url        chef_config["chef_server"]
                                                        validation_client_name
template_url      chef_config["chef_server"]
                                                        chef_config["validation_client_name"]
remotefile_url chef_config["chef_server"]
search_url        chef_config["chef_server"]
                                                        Mixlib::Log::Formatter.show_time = true
role_url        chef_config["chef_server"]
client_url      chef_config["chef_server"]

node_name        o[:ec2][:instance_id]
Instantiate a
         Chef Server
Instantiate the new chef-client AMI

Install Chef Server Gems (chef-server, chef-server-
api, chef-server-webui, chef-solar)

Use Chef Solo and danielsdeleo (Dan
DeLeo)’s bootstrap cookbook to setup Server

  Configures various /etc/chef files & certs

  Sets up runit to run the various servers

  Install couchdb
Startup the WebUI
Useful mainly for reality checking

Currently does not automatically set up the
WebUI

Have to manually start it on a port

Does not yet have an Apache/Passenger
frontend
sudo sh -c '/usr/bin/chef-server-webui -p 4002 > /
var/log/chef-server-webui.log' &
The Dev Process
Create/edit roles / cookbooks on dev machine

Use knife to upload to chef-server

Use knife to create user-data to pass to EC2
instantiate process to create customized
clients from your base chef client ami

Launch Instance

Debug
Hierarchy of Roles
We use a runa_base as a top level global
default configs

Then an environment role (staging, production,
etc) that “set”s the environment based overrides

Then a Function Role, like “dashboard” or
“runtime_db”

Still tend to need a recipe equivalent to allow
for aggregate attributes
Base Role
name "runa_base"                             Uses Json style
description "top level attributes"

recipes "users::env", "users::homes", "sudo", "emacs",
"git", "runa_base"

recipe
default_attributes(
  "runa" => {
    "home_base_dir"    => "/home",
    "mnt_point" => "/mnt",
    "bin_dir" => "/usr/local/bin",
    "upstart_event_dir" => "/etc/init",
    "summarizer" => {"namespaces" => ['lotus','tesla']},
    "target_user" => 'root',
    "target_group"=> 'root',
    "aws_access_key" => "secret",
    "aws_secret_access_key" => "secret",
    "availability_zone" => "us-west-1a"
  }
)
Staging Role
Find that I end up
using the recipe
attributes instead of
                         name "staging"
these since you can’t    description "staging environment"
refer to attributes in
                         recipes "staging"
other roles here
                         default_attributes({})

                         override_attributes ({})
Staging Recipes
     Here we can access
     the runa hash from
     the runa_base role


set[:runa_dashboard][:environment]     = "staging"
set[:runa_dashboard][:aws_access_key] = runa[:aws_access_key]
set[:runa_dashboard][:aws_secret_access_key] =
runa[:aws_secret_access_key]

set[:runa_dashboard][:availability_zone] = "us-west-1a"
Specific Function Role
     Mainly the recipes
     needed


name "runa_dashboard"
description "Use this role to make the node a runa_dashboard node"

recipes "runa_dashboard", "xfs", "aws", "mysql",
"runa_dashboard::ebs",
"mysql::server","runa_dashboard::configure_mysql",
"passenger_apache2", "runa_dashboard::setup",
"runa_dashboard::deploy"
Setting up Knife
Configure ~/.chef for personal config

~/.chef/knife.rb can be set up with editor or
a knife command

  log, connection info, path to cookbooks,

  Validation info for clients started by you

  Your credentials (Can use the chef-webui
  to start)
Knife Config File

log_level        :info
log_location     STDOUT
node_name        'rberger'
client_key       '/Users/rberger/.chef/rberger.pem'
chef_server_url 'http://chef-server-staging.runa.com:4000/'
cache_type       'BasicFile'
cache_options( :path => '/Users/rberger/.chef/checksums' )
cookbook_path [ '/Users/rberger/work/runa/runa_repo/
cookbooks', '/Users/rberger/work/runa/runa_repo/site-
cookbooks' ]
validation_client_name "validator"
Upload Roles and
Cookbooks with Knife
Upload Roles
  knife role from file ~/my_repo/roles/runa_base.rb


Upload Cookbooks all
  knife cookbook upload -a


Upload Individual Cookbook
  knife cookbook upload runa_dashboard
Validation Creds
Uploaded as part of user-data of starting ec2
instance

Used to authenticate the original connection between
a new chef client & chef-server

   After initial validation specific client creds are
   downloaded from chef-server

Having problems with this right now

Theoretically copy chef-server:/etc/chef/
validation.pem to your dev /etc/chef

Set the validator client name in ~/.chef/knife.rb
Starting a Specific
              Client on EC2
     Use Knife to generate user-data
        knife ec2 instance data “role[runa_base” 
        “role[staging]” “ role[runa_dashboard]”
{
  "attributes": {
     "run_list": [
       "role[runa_base]",
       "role[staging]",
       "role[runa_dashboard]"
     ]
  },
  "validation_key": "-----BEGIN RSA PRIVATE KEY-----
nMIIEowIBAAKCAQEAu9fKFLJz+JPSw5kWiRA6ywV1/omB73Juw9UyS/...
-----END CERTIFICATE-----n",
  "validation_client_name": "validator",
  "chef_server": "http://chef-server-staging.runa.com:4000/"
}
Start the EC2 instance
    with user-data
Can use command line ec2 tools or elastic
fox to start an instance of your chef client
AMI

Pass in the user data

Between Ohai and user-data is enough to
bootstrap the connection to chef-server

Gets Roles & Cookbooks and converges
Debugging
ssh to client

ps and syslog to see if basic chef-client start

Chef-client log for chef debug (like Ruby)

Run chef-client in standalone in debug mode

Can also see whats up on the chef-server in /etc/sv/
chef-server/log/main/current

Ask questions on #chef-hacking

Fix bugs back in dev, knife upload, run chef-client, rince,
repeat

More Related Content

PDF
Burn down the silos! Helping dev and ops gel on high availability websites
PPTX
Deep Dive into AWS CLI - the command line interface
KEY
More to RoC weibo
KEY
CodeIgniter 3.0
PDF
Laravel 로 배우는 서버사이드 #5
PDF
What happens in laravel 4 bootstraping
KEY
Rails web api 开发
PDF
Masterclass Advanced Usage of the AWS CLI
Burn down the silos! Helping dev and ops gel on high availability websites
Deep Dive into AWS CLI - the command line interface
More to RoC weibo
CodeIgniter 3.0
Laravel 로 배우는 서버사이드 #5
What happens in laravel 4 bootstraping
Rails web api 开发
Masterclass Advanced Usage of the AWS CLI

What's hot (16)

PPT
Play!ng with scala
PDF
Rails 3 overview
PDF
A re introduction to webpack - reactfoo - mumbai
PPTX
Things Your Mother Didnt Tell You About Bundle Configurations - Symfony Live…
 
PPTX
Things Your Mother Didn't Tell You About Bundle Configurations - Symfony Live...
 
TXT
fabfile.py
PDF
Head First Zend Framework - Part 1 Project & Application
PPTX
Using WordPress as your application stack
PDF
Phinx talk
KEY
Phpne august-2012-symfony-components-friends
PPTX
Building Web Apps with Express
PPTX
Chef on MongoDB and Pyramid
PDF
symfony on action - WebTech 207
PPTX
Getting up & running with zend framework
PPTX
Getting up and running with Zend Framework
PDF
Assetic (Symfony Live Paris)
Play!ng with scala
Rails 3 overview
A re introduction to webpack - reactfoo - mumbai
Things Your Mother Didnt Tell You About Bundle Configurations - Symfony Live…
 
Things Your Mother Didn't Tell You About Bundle Configurations - Symfony Live...
 
fabfile.py
Head First Zend Framework - Part 1 Project & Application
Using WordPress as your application stack
Phinx talk
Phpne august-2012-symfony-components-friends
Building Web Apps with Express
Chef on MongoDB and Pyramid
symfony on action - WebTech 207
Getting up & running with zend framework
Getting up and running with Zend Framework
Assetic (Symfony Live Paris)
Ad

Similar to Chef 0.8, Knife and Amazon EC2 (20)

PDF
Chef or how to make computers do the work for us
PDF
Cloud Automation with Opscode Chef
PDF
Practical Chef and Capistrano for Your Rails App
KEY
Cooking with Chef
ODP
Chef training - Day2
PDF
Using Test Kitchen for testing Chef cookbooks
PDF
Chef 0.10 Overview
PDF
Chef solo the beginning
PDF
Cookbook refactoring & abstracting logic to Ruby(gems)
PPTX
Chef introduction
ODP
Configuration management with Chef
PDF
Cloud Automation with Opscode Chef
PPTX
Cook Infrastructure with chef -- Justeat.IN
PPTX
Kickstarter - Chef Opswork
PDF
Chef Provisioning a Chef Server Cluster - ChefConf 2015
PDF
EC2 AMI Factory with Chef, Berkshelf, and Packer
PDF
関西PHP勉強会 php5.4つまみぐい
PDF
NGINX Can Do That? Test Drive Your Config File!
PDF
Future of Web Apps: Google Gears
PDF
Philly security shell meetup
Chef or how to make computers do the work for us
Cloud Automation with Opscode Chef
Practical Chef and Capistrano for Your Rails App
Cooking with Chef
Chef training - Day2
Using Test Kitchen for testing Chef cookbooks
Chef 0.10 Overview
Chef solo the beginning
Cookbook refactoring & abstracting logic to Ruby(gems)
Chef introduction
Configuration management with Chef
Cloud Automation with Opscode Chef
Cook Infrastructure with chef -- Justeat.IN
Kickstarter - Chef Opswork
Chef Provisioning a Chef Server Cluster - ChefConf 2015
EC2 AMI Factory with Chef, Berkshelf, and Packer
関西PHP勉強会 php5.4つまみぐい
NGINX Can Do That? Test Drive Your Config File!
Future of Web Apps: Google Gears
Philly security shell meetup
Ad

More from Robert Berger (9)

PDF
Scaling Runa Inc Big Data e-commerce service with AWS
PDF
Personal Object Technology
PDF
Facilitating Distributed Last Mile Broadband Access Providers
PDF
The Linux Probability Wave
PPT
802.11: Ethernet Marches On
PPT
Open spectrum
PDF
Wireless commonsense fontsfixed
KEY
Orchestrating HBase Cluster Deployment with Ironfan and Chef
PDF
Deploying infrastructure with Opscode Chef
Scaling Runa Inc Big Data e-commerce service with AWS
Personal Object Technology
Facilitating Distributed Last Mile Broadband Access Providers
The Linux Probability Wave
802.11: Ethernet Marches On
Open spectrum
Wireless commonsense fontsfixed
Orchestrating HBase Cluster Deployment with Ironfan and Chef
Deploying infrastructure with Opscode Chef

Recently uploaded (20)

PDF
AI.gov: A Trojan Horse in the Age of Artificial Intelligence
PPT
Galois Field Theory of Risk: A Perspective, Protocol, and Mathematical Backgr...
PPTX
AI-driven Assurance Across Your End-to-end Network With ThousandEyes
PPTX
Custom Battery Pack Design Considerations for Performance and Safety
PPTX
Build Your First AI Agent with UiPath.pptx
PDF
Transform-Your-Supply-Chain-with-AI-Driven-Quality-Engineering.pdf
PPTX
Configure Apache Mutual Authentication
PDF
Taming the Chaos: How to Turn Unstructured Data into Decisions
PDF
Auditboard EB SOX Playbook 2023 edition.
PDF
Transform-Your-Streaming-Platform-with-AI-Driven-Quality-Engineering.pdf
PDF
5-Ways-AI-is-Revolutionizing-Telecom-Quality-Engineering.pdf
PDF
Accessing-Finance-in-Jordan-MENA 2024 2025.pdf
PDF
Statistics on Ai - sourced from AIPRM.pdf
PDF
Transform-Quality-Engineering-with-AI-A-60-Day-Blueprint-for-Digital-Success.pdf
PDF
NewMind AI Weekly Chronicles – August ’25 Week IV
PDF
Transform-Your-Factory-with-AI-Driven-Quality-Engineering.pdf
PPTX
Training Program for knowledge in solar cell and solar industry
PPTX
future_of_ai_comprehensive_20250822032121.pptx
PDF
The-2025-Engineering-Revolution-AI-Quality-and-DevOps-Convergence.pdf
PDF
Advancing precision in air quality forecasting through machine learning integ...
AI.gov: A Trojan Horse in the Age of Artificial Intelligence
Galois Field Theory of Risk: A Perspective, Protocol, and Mathematical Backgr...
AI-driven Assurance Across Your End-to-end Network With ThousandEyes
Custom Battery Pack Design Considerations for Performance and Safety
Build Your First AI Agent with UiPath.pptx
Transform-Your-Supply-Chain-with-AI-Driven-Quality-Engineering.pdf
Configure Apache Mutual Authentication
Taming the Chaos: How to Turn Unstructured Data into Decisions
Auditboard EB SOX Playbook 2023 edition.
Transform-Your-Streaming-Platform-with-AI-Driven-Quality-Engineering.pdf
5-Ways-AI-is-Revolutionizing-Telecom-Quality-Engineering.pdf
Accessing-Finance-in-Jordan-MENA 2024 2025.pdf
Statistics on Ai - sourced from AIPRM.pdf
Transform-Quality-Engineering-with-AI-A-60-Day-Blueprint-for-Digital-Success.pdf
NewMind AI Weekly Chronicles – August ’25 Week IV
Transform-Your-Factory-with-AI-Driven-Quality-Engineering.pdf
Training Program for knowledge in solar cell and solar industry
future_of_ai_comprehensive_20250822032121.pptx
The-2025-Engineering-Revolution-AI-Quality-and-DevOps-Convergence.pdf
Advancing precision in air quality forecasting through machine learning integ...

Chef 0.8, Knife and Amazon EC2

  • 1. Chef 0.8, Knife & EC2 The Bleeding Edge
  • 2. Building Chef from Git BTM’s GIST: chef 0.8 alpha installation Git Clone & Build Gems ohai, mixlib-log, mixlib-authentication, chef, chef-server, chef-server-api, chef-server-webui, chef- solar
  • 3. Make a Baseline EC2 AMI with Chef Client Set up Apt for multiverse, update, upgrade Install fundamental packages and gems emacs, ruby, rubygems, ec2_tools, merb... Install Chef Client related gems you built Set up /etc/chef/client.rb Clean up and run Eric Hammond’s ec2 build AMI ends up in S3 and registered as an AMI
  • 4. Generic client.rb require 'ohai' unless File.exists?("/etc/chef/client.pem") require 'json' File.open("/etc/chef/validation.pem", "w") do |f| f.print(chef_config["validation_key"]) o = Ohai::System.new end o.all_plugins end chef_config = JSON.parse(o[:ec2][:userdata]) if chef_config.kind_of?(Array) if chef_config.has_key?("attributes") chef_config = chef_config[o[:ec2][:ami_launch_index]] File.open("/etc/chef/client-config.json", "w") do |f| end f.print(JSON.pretty_generate(chef_config["attributes"])) end log_level :info json_attribs "/etc/chef/client-config.json" log_location "/var/log/chef/client.rb" end chef_server_url chef_config["chef_server"] registration_url chef_config["chef_server"] validation_key "/etc/chef/validation.pem" openid_url chef_config["chef_server"] validation_client_name template_url chef_config["chef_server"] chef_config["validation_client_name"] remotefile_url chef_config["chef_server"] search_url chef_config["chef_server"] Mixlib::Log::Formatter.show_time = true role_url chef_config["chef_server"] client_url chef_config["chef_server"] node_name o[:ec2][:instance_id]
  • 5. Instantiate a Chef Server Instantiate the new chef-client AMI Install Chef Server Gems (chef-server, chef-server- api, chef-server-webui, chef-solar) Use Chef Solo and danielsdeleo (Dan DeLeo)’s bootstrap cookbook to setup Server Configures various /etc/chef files & certs Sets up runit to run the various servers Install couchdb
  • 6. Startup the WebUI Useful mainly for reality checking Currently does not automatically set up the WebUI Have to manually start it on a port Does not yet have an Apache/Passenger frontend sudo sh -c '/usr/bin/chef-server-webui -p 4002 > / var/log/chef-server-webui.log' &
  • 7. The Dev Process Create/edit roles / cookbooks on dev machine Use knife to upload to chef-server Use knife to create user-data to pass to EC2 instantiate process to create customized clients from your base chef client ami Launch Instance Debug
  • 8. Hierarchy of Roles We use a runa_base as a top level global default configs Then an environment role (staging, production, etc) that “set”s the environment based overrides Then a Function Role, like “dashboard” or “runtime_db” Still tend to need a recipe equivalent to allow for aggregate attributes
  • 9. Base Role name "runa_base" Uses Json style description "top level attributes" recipes "users::env", "users::homes", "sudo", "emacs", "git", "runa_base" recipe default_attributes( "runa" => { "home_base_dir" => "/home", "mnt_point" => "/mnt", "bin_dir" => "/usr/local/bin", "upstart_event_dir" => "/etc/init", "summarizer" => {"namespaces" => ['lotus','tesla']}, "target_user" => 'root', "target_group"=> 'root', "aws_access_key" => "secret", "aws_secret_access_key" => "secret", "availability_zone" => "us-west-1a" } )
  • 10. Staging Role Find that I end up using the recipe attributes instead of name "staging" these since you can’t description "staging environment" refer to attributes in recipes "staging" other roles here default_attributes({}) override_attributes ({})
  • 11. Staging Recipes Here we can access the runa hash from the runa_base role set[:runa_dashboard][:environment] = "staging" set[:runa_dashboard][:aws_access_key] = runa[:aws_access_key] set[:runa_dashboard][:aws_secret_access_key] = runa[:aws_secret_access_key] set[:runa_dashboard][:availability_zone] = "us-west-1a"
  • 12. Specific Function Role Mainly the recipes needed name "runa_dashboard" description "Use this role to make the node a runa_dashboard node" recipes "runa_dashboard", "xfs", "aws", "mysql", "runa_dashboard::ebs", "mysql::server","runa_dashboard::configure_mysql", "passenger_apache2", "runa_dashboard::setup", "runa_dashboard::deploy"
  • 13. Setting up Knife Configure ~/.chef for personal config ~/.chef/knife.rb can be set up with editor or a knife command log, connection info, path to cookbooks, Validation info for clients started by you Your credentials (Can use the chef-webui to start)
  • 14. Knife Config File log_level :info log_location STDOUT node_name 'rberger' client_key '/Users/rberger/.chef/rberger.pem' chef_server_url 'http://chef-server-staging.runa.com:4000/' cache_type 'BasicFile' cache_options( :path => '/Users/rberger/.chef/checksums' ) cookbook_path [ '/Users/rberger/work/runa/runa_repo/ cookbooks', '/Users/rberger/work/runa/runa_repo/site- cookbooks' ] validation_client_name "validator"
  • 15. Upload Roles and Cookbooks with Knife Upload Roles knife role from file ~/my_repo/roles/runa_base.rb Upload Cookbooks all knife cookbook upload -a Upload Individual Cookbook knife cookbook upload runa_dashboard
  • 16. Validation Creds Uploaded as part of user-data of starting ec2 instance Used to authenticate the original connection between a new chef client & chef-server After initial validation specific client creds are downloaded from chef-server Having problems with this right now Theoretically copy chef-server:/etc/chef/ validation.pem to your dev /etc/chef Set the validator client name in ~/.chef/knife.rb
  • 17. Starting a Specific Client on EC2 Use Knife to generate user-data knife ec2 instance data “role[runa_base” “role[staging]” “ role[runa_dashboard]” { "attributes": { "run_list": [ "role[runa_base]", "role[staging]", "role[runa_dashboard]" ] }, "validation_key": "-----BEGIN RSA PRIVATE KEY----- nMIIEowIBAAKCAQEAu9fKFLJz+JPSw5kWiRA6ywV1/omB73Juw9UyS/... -----END CERTIFICATE-----n", "validation_client_name": "validator", "chef_server": "http://chef-server-staging.runa.com:4000/" }
  • 18. Start the EC2 instance with user-data Can use command line ec2 tools or elastic fox to start an instance of your chef client AMI Pass in the user data Between Ohai and user-data is enough to bootstrap the connection to chef-server Gets Roles & Cookbooks and converges
  • 19. Debugging ssh to client ps and syslog to see if basic chef-client start Chef-client log for chef debug (like Ruby) Run chef-client in standalone in debug mode Can also see whats up on the chef-server in /etc/sv/ chef-server/log/main/current Ask questions on #chef-hacking Fix bugs back in dev, knife upload, run chef-client, rince, repeat