Demystifying what actually happens when you run chef-client.
Phases of the chef-client run
chef-client is executed
Phases of the chef-client run
1. chef-client starts up
§ The chef-client command is invoked
§ Runs in an embedded ruby install
§ 12.4.1 is latest as of this writing
Client gathers information about the system
1. chef-client starts up
2. Build node object
§ Ohai is run on the node
− Sets node-Name
− Gathers info about cpu
− Filesystems
− Users, etc
Client authenticates to the server
1. chef-client starts up
2. Build node object
3. Authenticate
§ Client possibly registers for the first time
using the validation certificate
§ Or client uses private half of key pair
from /etc/chef/client.pem to
authenticate against server
§ Server holds public half
§ Server (usually gives client the run_list).
Client synchronizes cookbooks
1. chef-client starts up
2. Build node object
3. Authenticate
4. Cookbook sync
1)− Client generates expanded runlist
2)− Client synchronizes local copies of cookbooks
3)− Local stored in /var/chef/cache/cookbooks
4)− Cookbooks come from chef server
Cookbooks are loaded
1. chef-client starts up
2. Build node object
3. Authenticate
4. Cookbook sync
5. Client loads cookbooks
1)− Client reads and includes all cookbook/
libraries
2)− Resource collection is assembled
Node attempts to converge
1. chef-client starts up
2. Build node object
3. Authenticate
4. Cookbook sync
5. Client loads cookbooks
6. Converge
− All resources from collection are evaluated
in order
− Running log of convergence sent to /var/log/
chef/client.log
− Echoed to stdout if run in terminal
If convergence failed for any reason, stack
trace is included and various error handlers
could be called
Examining multiphase execution
1. The chef-client compiles the resource collection.
2. The chef-client executes the resources in order.
The compile phase
1. Client loads all cookbooks from the run list
− Libraries are evaluated at this point
2. Client reads each recipe to build the resource collection
− Ruby code outside of a resource is executed during this phase as well
The execute phase
§ During the execute phase, the client evaluates the resource collection
in order and for each resource:
1. Check to see if the resource is in the desired state
> Yes? Do nothing
> No? Bring the resource to the desired state
2. Move to the next resource
Compile phase – The resource collection
Recipe
package ‘httpd’ do!
action :install!
end!
!
cookbook_file ‘/var/www/html/index.html’ do!
source ‘index.html’!
mode ‘0644’!
end!
!
service ‘httpd’ do!
action [ :enable, :start ]!
end!
Resource Collection
resource_collection = [!
package[‘httpd’],!
cookbook_file[‘var/www/html/index.html’],!
service[‘httpd’]!
]!
Execute phase – The resource collection
Recipe
package "httpd" do!
action :install!
end!
!
cookbook_file "/var/www/html/index.html" do!
source "index.html"!
mode "0644"!
end!
!
service "httpd" do!
action [ :enable, :start ]!
end!
Resource Collection
resource_collection = [!
package["httpd"],!
cookbook_file["/var/www/html/index.html"],!
service ["httpd"]!
]!
Execution
Execute phase – The resource collection
Recipes are executed in the order they appear
in the run list
Run List: recipe[gapNtp::client], recipe[openssh::server], recipe[apache::server]
These recipes are invoked in the following
order
1. recipe[gapNtp::client]
2. recipe[openssh::server]
3. recipe[apache::server]
Resource Collection - Multiple Recipes
1. recipe[gapNtp::client]
package "ntp" do!
action :install!
end
template "/etc/ntp.conf" do!
source "ntp.conf.erb"!
owner "root"!
mode "0644"!
end!
service "ntp" do!
action :start!
end!
Resource Collection
resource_collection [
package[ntp],!
template[/etc/ntp.conf],!
service[ntp]!
2. recipe[openssh::client]
package "openssh" do!
action :install!
end
template "/etc/sshd/sshd_config" do!
source "sshd_config.erb"!
owner "root"!
mode "0644"!
end!
service "openssh" do!
action :start!
end!
Resource Collection
resource_collection [
package[ntp],!
template[/etc/ntp.conf],!
service[ntp],!
package[openssh],!
template[/etc/sshd/sshd_config],!
service[openssh]!
3. recipe[httpd::server]
package "httpd" do!
action :install!
end!
service "httpd" do!
action [ :enable, :start ]!
end!
cookbook_file "/var/www/html/index.html" do!
source "index.html"!
mode "0644"!
end
Resource Collection
resource_collection [
package[ntp],!
template[/etc/ntp.conf],!
service[ntp],!
package[openssh],!
template[/etc/sshd/sshd_config],!
service[openssh],!
package[httpd],!
service[httpd],!
cookbook_file[/var/www/html/
index.html]!
]!
The final resource collection
So the resources are invoked in the following order during the execute phase
package[ntp]!
template[/etc/ntp.conf]!
service[ntp]!
package[openssh]!
template[/etc/sshd/sshd_config]!
service[openssh]!
package[httpd]!
service[httpd]!
cookbook_file[/var/www/html/index.html]!
Multiphase Execution
Plain ruby is executed in the compile phase
Chef DSL is executed in the execute phase
Recipe
%w[sites-available sites-enabled modsavailable].
each do |dir|!
directory "/var/www/#{dir}" do!
action :create!
mode '0755'!
owner 'root'!
group node["apache"]["root_group"]!
end!
end!
Resource Collection
resource_collection [ !
directory["/var/www/sites-available"],!
directory["/var/www/sites-enabled"],!
directory["/var/www/mods-available"],!
]!
Remember - Resource order is
important!
Resources are invoked in the order they appear in the recipe
recipe-1
recipe-2
[------------ resource collection ----------]
No comments:
Post a Comment