Lets recap what all we have done in the last blog :
- Setup workstation and chef-repo.
- Registered on chef to use hosted chef as the chef-server.
- Bootstrapped a node to be managed by the chef-server.
- Downloaded the “apache” cookbook in our chef-repo.
- Uploaded the “apache” cookbook to the chef-server.
- Added the recipe[apache] in the run-list of the node.
- Ran the chef-client on the client to apply the cookbook.
Now lets continue, and try to understand some more concepts around chef and see them in action.
The beauty of chef is that it gives an object oriented approach to the entire configuration management. The Node Object as the name suggests is an object of the class Node (http://rubydoc.info/gems/chef/Chef/Node). The node object consists of the run-list and node attributes, which is a JSON file that is stored on the Chef server. The chef-client gets a copy of the node object from the Chef server and maintains the state of a node.
An attribute is a specific detail about a node, such as an IP address, a host name, a list of loaded kernel modules, etc.
Data bags are JSON files used to store the data essential across all nodes and not relative to particular cookbooks. They can be accessed inside the cookbooks, attribute files using search. example: user profiles, groups, users, etc. Used by roles and environments, a persistence available across all the nodes.
Now, lets explore the node object and see the attributes and databags. We will also see how we can modify and set them.
First lets see what all nodes are registered with chef-server:
Anirudhs-MacBook-Pro:chef-repo anirudh$ knife node list aws-linux-node aws-node-ubuntu awsnode
Now lets see the details of the node awsnode.
Anirudhs-MacBook-Pro:chef-repo anirudh$ knife node show awsnode Node Name: awsnode Environment: _default FQDN: ip-172-31-36-73.us-west-2.compute.internal IP: 172.31.36.73 Run List: recipe[apache] Roles: Recipes: apache, apache::default Platform: redhat 7.0 Tags:
Finding specific attributes : You can find the fqdn of the aws node.
Anirudhs-MacBook-Pro:chef-repo anirudh$ knife node show awsnode -a fqdn awsnode: fqdn: ip-172-31-36-73.us-west-2.compute.internal
Search : Search is one of the best features of chef, ‘Search’. Chef Server uses Solr for searching the node objects. So we can provide Solr style queries to search the Json node object attributes and data-bags.
Lets see how we can search all the nodes and see their fqdn (fully qualiifed domain name):
Anirudhs-MacBook-Pro:chef-repo anirudh$ knife search node "*:*" -a fqdn 2 items found node1: fqdn: centos63.example.com awsnode: fqdn: ip-172-31-36-73.us-west-2.compute.internal
Changing the defaults using attributes
Lets try to change some defaults in our apache cookbook using the attributes.
In the /chef-repo/cookbooks/apache/attributes folder we can find the file default.rb (create if not). Add the following :
Now go to the folder cookbooks/apache/files/default and make a file index1.html
<html> <body> <h1> Dude!! This is index1.html, it has been changed by chef!</h1> </body> </html>
The last thing we need to do get this working is change the recipe and tell it to pick the default index file from the node attribute ‘indexfile’ which we have just set. So, open the file ‘cookbooks/apache/recipes/default.rb’ and append this:
cookbook_file "/var/www/index.html" do source node["apache"]["indexfile"] mode "0644" end
Now upload the cookbook to the chef server using the command :
Anirudhs-MacBook-Pro:chef-repo anirudh$ knife cookbook upload apache
And then go to the node, and run the chef-client:
[email protected]:~$ sudo chef-client
Now, hit the external IP of the node in the browser, and we can see the change. So, we just now used the attribute to change the default index page of the apache server.
An important thing to note here is the precedence of setting attributes. Defaults in recipe take a precedence over the attributes, and Role takes precedence over the recipes. The order of precedence is as follows:
Ohai > Role > Environment > Recipe > Attribute
A Role tell us what a particular node is acting as, the type of the node, is it a “web server”, a “database” etc. The use of this feature is that we can associate the run_list with it. So, instead of providing recipies as run_list to the node, We will associate the run_lists with a role and then apply this role to a node.
Creating a role:
knife create role webserver
Check if role is created:
Anirudhs-MacBook-Pro:chef-repo anirudh$ knife role show webserver chef_type: role default_attributes: apache: sites: admin: port: 8000 description: Web Server env_run_lists: json_class: Chef::Role name: webserver override_attributes: run_list: recipe[apache]
This role we just created has added apache recipe in the run_list.
Assign this role to the node “awsnode”
Anirudhs-MacBook-Pro:chef-repo anirudh$ knife node run_list add awsnode 'role[webserver]' awsnode: run_list: recipe[apache] role[webserver]
Upload this role to the chef-server:
Anirudhs-MacBook-Pro:chef-repo anirudh$ knife role from file webserver.rb
Now run chef-client on the node.
Environment means a QA, dev or a Production environment. We can assign a node any environment, and then apply some environment specific attributes. It is a mere tagging of nodes, environment attributes DOES NOT supersede role attributes.
In the coming blogs we will see how we can use define dev, QA, production environments, apply different roles to nodes, configure attributes and data-bags and make a complete eco-system.