What is an Environment?
§ Environments
− Used to define the workflow our your
application
− Generally used to segment the
different life stages of your application
> Dev / Integration
> VDEV
> Staging
> Production
§ GID is configured this way
§ Corp is defined by Data Center, but
is the process of changing to use
best-practices
§ Environments also define policy
− Environments can also define or
override attributes
> Define different API locations for Dev /
Stage / Prod
> Dev sends alerts to team, Prod sends
alerts to L1
− Ideal place to pin to a specific version
of a cookbook
Chef Best Practice: Environment or Org?
§ We cannot share cookbooks between organizations
§ Organizations are like stand alone chef-servers
§ Best Practice: If you need to share cookbooks or roles, you likely want
an Environment rather than an organization.
§ Environments allow for isolating resources within a single organization
How Gap differs from this Best Practice
§ Currently at the Gap, organizations are defined by their old business
units:
− Gap (the old Corp)
− GID (the old GID)
− Stores
§ Environments are used differently between the organizations
− GID follows best practice and pins cookbook versions in the Environment
− Stores defines Environments for classes of stores and they also pin.
− Corp defines Environments as Data Centers.
> Corp cannot pin in its ENvironments.
> They depend on pinning to happen in a Role
> This is going to change...eventually.
Use knife to show available versions of
mysite
knife cookbook show mysite
mysite 0.2.0 0.1.0
Use knife to list current environments
knife environment list
_default
Create the Development Environment
(environments/dev.rb)
name 'dev'!
description 'For developers!'!
cookbook 'mysite', '= 0.2.0'
Cookbook Version Constraints
§ By default, use = (Equal to)
§ There are lots of other options, but in Environments equality '=' is the
recommended practice
§ Check out https://docs.chef.io/cookbook_versions.html for more
information about Version Constraints.
Upload our new dev environment
knife environment from file dev.rb
Updated Environment dev
Use knife show the dev environment
knife environment show dev
chef_type: environment
cookbook_versions: mysite: = 0.2.0
default_attributes:
description: For developers
json_class: Chef::Environment
name: dev
override_attributes:
Move your node to the dev environment
(nodes/node1.json)
{
"name": "node1",
"chef_environment": "dev",
"run_list": [
"role[base]",
"role[webserver]"
],
"normal": {
"tags": [
]
}
}
Use knife show the dev environment
knife node from file node1.json
Updated Node node1!
Run chef-client
sudo chef-client
[2015-08-17T02:24:22+00:00] INFO: Chef Run complete in
3.48210582 seconds!
!
Running handlers:!
[2015-08-17T02:24:22+00:00] INFO: Running report handlers!
Running handlers complete!
[2015-08-17T02:24:22+00:00] INFO: Report handlers complete!
Chef Client finished, 0/15 resources updated in 5.507357093
seconds!
Use knife to see what cookbooks node1
used in its last Chef Run
knife node show node1 -a cookbooks
node1:
cookbooks:
motd:
version: 0.1.0
mysite:
version: 0.2.0
pci:
version: 0.1.0
repos:
version: 0.1.0
Create the prod environment
(environments/prod.json)
{
"name": "prod",
"description": "For Prods!",
"cookbook_versions": {
"mysite": "= 0.1.0"
},
"json_class": "Chef::Environment",
"chef_type": "environment",
"override_attributes": {
"pci": {
"in_scope": true
}
}
}
Best Practice: Environments get override
attributes
§ Environments are the one place where we can consistently use
overrides
§ Remember, we are overriding an attribute like:
− different API locations for Dev / Stage / Prod
− different alerting requirements for monitoring
− etc..
§ If you always set default attributes in your cookbooks and role, then
the override in Environments will win.
Use knife show the dev environment
knife environment from file prod.json
Updated Environment prod
Check to see what's in our /etc/motd
cat /etc/motd
node1 is property of Gap, Inc.!
Run chef-client
[
sudo chef-client
[2015-08-17T02:43:09+00:00] INFO: Run List is [role[base], role[webserver]]!
[2015-08-17T02:43:09+00:00] INFO: Run List expands to [motd, repos, mysite]!
[2015-08-17T02:43:09+00:00] INFO: Starting Chef Run for node1!
[2015-08-17T02:43:09+00:00] INFO: Running start handlers!
[2015-08-17T02:43:09+00:00] INFO: Start handlers complete.!
[2015-08-17T02:43:09+00:00] INFO: HTTP Request Returned 404 Not Found:!
resolving cookbooks for run list: ["motd", "repos", "mysite"]!
[2015-08-17T02:43:09+00:00] INFO: Loading cookbooks [motd@0.1.0, pci@0.1.0, repos@0.1.0,
mysite@0.1.0]!
[2015-08-17T02:43:09+00:00] INFO: Removing cookbooks/mysite/attributes/default.rb from the
cache; its is no longer in the cookbook manifest.!
[2015-08-17T02:43:09+00:00] INFO: Removing cookbooks/mysite/templates/default/
index.html.erb from the cache; its is no longer in the cookbook manifest.!
[2015-08-17T02:43:09+00:00] INFO: Removing cookbooks/mysite/templates/default/custom.erb
from the cache; its is no longer in the cookbook manifest.!
Check to see what's in our /etc/motd
cat /etc/motd
node1 is property of Gap, Inc.!
This server is in-scope for PCI compliance.
Use knife to see what cookbooks node1
used in its last Chef Run
knife node show node1 -a cookbooks
node1:
cookbooks:
motd:
version: 0.1.0
mysite:
version: 0.1.0
pci:
version: 0.1.0
repos:
version: 0.1.0
Why is this still there?
Welcome to Gap inc!!
We love athleta
172.16.232.5:8000
Rollbacks and Desired State Best Practice
§ Chef is not magic – it manages state for declared resources
§ We just rolled back to an earlier version of the mysite cookbook
§ While the recipe converged properly, looking at the node will show
that Apache is still configured as it was after running version 0.2.0 of
the cookbook
§ A better way to ensure a smooth rollback:
− Write contra-resources to clean up
− Put those new resources in a new version of the cookbook
- Or possibly, nuke the node and build a new one!
Chef always wants to move forward...
No comments:
Post a Comment