Uploading broken cookbooks that override your working ones is a major pain and can result in widespread outages throughout your infrastructure.If you have a cookbook version,you tested successfully with Test kitchen,it's a good idea to freeze this version so that no one can overwrite the same version with broken code.When used together with version constraints that are specified in your environement manifests,freezing cookbooks can keep your production servers safe from accidental changes.
Note : Berkshelf takes care of freezing cookbooks sutomatically.
Getting ready:
Make sure you have at least one cookbook (I will use the ntp cookbook) registered with your Chef server.
Lets see what happens if we freeze a cookbook.
1) Upload a cookbook and freeze it =:
local@workstation:~/chef-repo $ knife cookbook upload ntp --freeze
uploading ntp [3.2.0]
Uploaded 1 cookbook.
2)Trying to upload the same cookbook version again:
local@workstation:~/chef-repo $ knife cookbook upload ntp
Uploading ntp [3.2.0]
ERROR: Version 3.2.0 of cookbook ntp is frozen. Use --force to override
Warning: Not updating version constraints for ntp in the environment as the cookbook is frozen.
ERROR: Failed to upload 1 cookbook.
3) Change the cookbook version:
local@workstation:~/chef-repo $ subl cookbooks/ntp/metadata.rb
.......
version "3.2.1"
4) Upload the cookbook again:
local@workstation:~/chef-repo $ knife cookbook upload ntp
Uploading ntp [3.2.1]
Uploaded 1 cookbook
How it works?
By using the --freeze option when uploading a cookbook,you tell the Chef server that it should not accept any changes to the same version of the cookbook anymore.This is important if your using environment and want to make sure that your production environment cannot be broken by uploading a corrupted cookbook.
By changing the version number of your cookbook,you can upload the new version.Then you can make,for example,your staging environment use that new cookbook version.
There's more....
To support a more elaborate workflow,you can use the knife-spork knife plugin,which comes pre-installed with Chef DK.It helps multiple developers work on the same chef server and repository without treading on each other's toes.You can find more information about it at
https://docs.chef.io/plugin_knife_spork.html
Running the Chef client as a daemon:
While you can run the Chef client on your nodes manually whenever you change something in your Chef repository,it's sometime preferable to have the Chef client run automatically every so often.Letting the Chef client run automatically makes sure that no node misses out any updates.
Getting ready
You need to have a node registered with your Chef server.It needs to be able to run chef-cleint without any errors.
How to do it?
Lets see how to start the Chef client in daemon mode so that it runs automatically:
1) Start the Chef client in daemon mode,running every 30 minutes:
osr@server:~$ sudo chef-client -i 1800
2) Validate that the Chef client runs as a daemon:
osr@server:~$ psauxw | grep chef-client
How it works?
The -i parameter will start the Chef client as a daemon.The given number is the seconds between each Chef client run.In the previous example,we specified 1,800 seconds which results in the Chef client running every 30minutes.
You can use the same command in a service startup script.
Note:
You can use the chef-client cookbook to install the Chef client as a service.
See: https://supermarket.chef.io/cookbooks/chef-client for details
There's more....
Instead of running the Chef client as a daemon.you can use a Cronjob to run it every so often:
osr@server:~ $ subl /etc/cron.d/chef_client
PATH=/usr/local/bin:/usr/bin:/bin
# m h dommondow user command
*/15 * * * *root chef-client -l warn | grep -v 'retrying[1234]/5 in'
This cronjob will run the Chef client every 15mins and swallow the first four retrying warning messages.This is important to avoid Cron sending out e-mails if the connection to the Chef server is a little slow and the Chef client needs a few retries.
Note:
It is possible to initiate a Chef client run at any time by sending the SIGUSR1 signal to the Chef client daemon:
osr@server:~$ sudokillall -USR1 chef-client
No comments:
Post a Comment