I recently did a meetup in NYC about OpenStack (blog post pending). I took me ALOT longer to put together that deck than I originally thought (see Documents page for the PDF). Next up in my “cloud tour” is Chef! BTW this doc is a living doc — the more I pickup on Chef the more I’ll add to this doc, hence “cheat sheet”.
One thing is now with my new SE role, I am not as hands-on as I used to be. However, I still need to keep up to date and still be CLI savy. One of the reasons I did start this blog page is to post up things I find in the field to serve as a “Dear Diary” for me, as well as help others out there. This post will be a cheat sheet for myself on what I have learned with Chef integration!
I’ve been saying this all of 2015 and Q4 of 2014, being a server engineer turned network engineer and now turned DevOps engineer, I’ve always tried to take a real look at my career, look at whats been happening in the IT world, and asses my skills. Are they current? What else can I do (theres ALWAYS something else) to make myself more competitive? One of those new skills to pick up is Linux. Diving more into the automation/DevOps world that skill has been warranted, almost everything is Linux based. Knowing basic commands will prove most useful.
Chef for example, is written in Ruby and Erlang. So my war cry of learning Python or some kind of language made sense :) Windows workloads ARE supported so even though the back-end is Linux based, you can still deploy Windows servers.
So what kind of materials are out there for learning Chef? Of course there are paid classes, where Chef Corp comes in and does a 2 or 3 day class for 800$ (not to bad considering a Cisco CCNA class is like 1k – 1500$!)
Another option is the whitepapers. Chef has their documentation over at https://docs.chef.io and its Getting Started intro is great for anyone new to Chef.
YouTube strikes again here, typing in “chef automation” yields over 21k videos. There are TON of free learning material out there. You only have to pay with your time :) BTW, now with YouTube’s new built in 1.5x, or 2x speed change player built-into YouTube, no more need to download the videos! PuppetCon is a yearly conference Puppet Corp puts together and videos can be found on their YouTube Channel here . Granted, many of the videos are geared towards developers to search for keywords like network.
Cisco has also put together some great videos on their Cisco DevNet channel. Videos are of course not limited to Chef but you can search for them. In particular, DEVNET1007 – Net Infrastructure as a Code with Chef and Cisco is a nice intro.
Puppet also has a channel dedicated to Puppet + Cisco integration on this channel.
OPEN VS PAID
Chef has two different flavors that it comes in, paid or free. Paid is called Chef Enterprise and comes with some extra features and support (ex: hooks into M$ Active Directory, managing your enterprise like tenants/projects like in OpenStack, . Chef Open Source is the free version that includes only up to 25 nodes of the Enterprise options. You also in turn could host Chef in the cloud (for a fee or up to 5 nodes for free) or install it inhouse. One nice thing for the Windows guys out there is you can run Chef with Windows, Macs and Linux machines.
Chef came out in Jan 2009, whereas Puppet is older started in 2005. Similar to Chef, Puppet is also written in Ruby. Ansible is the newer of the 3, having started in Feb 2012. Ansible uses Python to run its playbooks and uses YAML. Now do you need to know Ruby to use Chef? No, you don’t need to know Ruby. But if you want to be a full-blown Puppet Engineer, it would probably be a good idea to do so.
HOW DOES CHEF WORK?
Chef Server – the brains of your env. Cookbooks pulled by clients here. This machine HAS to be 64-bit, clients don’t need to be.
Chef Client – as the name implies, a device (router,switch, container, vm, etc) that pulls down a Cookbook to receive it’s automated instructions (usually via a cron job or some kind of scheduled repeated task) .
Chef Workstation – where you update Cookbooks and send them over to the Chef Server. You could manage the server via a GUI, or CLI (called Knife). Note you’ll also need to install the Client tools on this workstation as well. The Chef Repo lives here that will in turn get Cookbooks pulled to Clients.
Cookbook and Recipes – a Recipe — or a a single task(s) can make up a Cookbook which contain multiples Recipes.
Your Workstation will communicate with the Server securely via chef-client and chef-validator keys. These are the SSH keys that we have to generate in our routers and switches. You will want to go to each Client and install these keys so that the Server<->Client relationship won’t give you issues. More details on installing can be found here.
We will also want to install Knife on our workstation. For this, type in knife configure on the terminal. For details on this process go here.
FIRST TIME INSTALLATION OF CLIENT
The first time you add a node to Chef, you’ll need to install on the node the Chef client and then add this node to the Chef Server. This process is called “Bootstrapping”. On the workstation machine we can use knife bootstrap 192.168.1.50 -x wzambrano -P ilovedogs123 –sudo for example. Find more syntax examples here and here. Of course if you have DNS configured you can use the hostname instead of the IP in the knife syntax above.
To verify you the client has been added to the server, type in knife client list 192.168.1.50 to see its stats. You can also see ALL clients on the server by typing knife client list. You can also go to the Chef Server GUI and see it under Nodes.
On the client you can see Chef settings by typing sudo chef-client. By default the Cookbook list is empty.
Now that we’ve added in a few server nodes, lets see what we can do to make a Cookbook and recipes to it. There is a directory called cookbooks and this is where they will live. Once inside of it, type in knife cookbook create TEST_COOKBOOK for example. Chef Docs has a good guide on this found here. Once you do that, a bunch of new directories get created like attribute, resource,files, recipes, etc. View the Chef Docs page to see what each one does.
The real power of Chef is to apply Roles towards all of your networking/server devices. Doing it one by one is of course not exactly efficient, so Chef as a concept known as Roles where we have a set of cookbooks/recipes and apply them to new devices! Use the -r flag when using the knife bootstrap command to apply pre-existing Roles. View more on the knife bootstrap doc here.
ADDING NETWORKING NODES
OK adding servers are great, but we’re network guys. What about networking devices?
Cisco you can manage 3k and 9ks with only Chef, only ACI (Chef talks to ACI), or mix of Chef managing devices and ACI managing the network. Ruby module for UCS via ucslib-based solutions.
OpenStack integration via Knife-openstack and chef-provisioning-openstack modules.
RuboCop – a Ruby code analyzer
FoodCritic – testing Cookbooks for “best practices” and styling
TestKitchen – platform for integrating testing of Chef infrastructure