Calling for Advice

We have a situation where we have multiple datacenters with OSS Chef
Servers in each.
If anyone is in a similar situation, I am curious to know how would you get
information about nodes in opposite sites?

Say I have a cookbook that needs to reference servers in their
configurations that are in the opposite site? Besides the very obvious of
storing the info in some file local to the cookbook is there a more dynamic
way to do this?


Thanks,

Mark

Why not have one master chef server/cluster and break out each data enter
by environment?

On Thursday, May 16, 2013, Mark Pimentel wrote:

We have a situation where we have multiple datacenters with OSS Chef
Servers in each.
If anyone is in a similar situation, I am curious to know how would you
get information about nodes in opposite sites?

Say I have a cookbook that needs to reference servers in their
configurations that are in the opposite site? Besides the very obvious of
storing the info in some file local to the cookbook is there a more dynamic
way to do this?

--
Thanks,

Mark

--

~~ StormeRider ~~

"Every world needs its heroes [...] They inspire us to be better than we
are. And they protect from the darkness that's just around the corner."

(from Smallville Season 6x1: "Zod")

On why I hate the phrase "that's so lame"... http://bit.ly/Ps3uSS

you can create a common read only chefclient across all your chef servers
and use it as part of the chef run (wrapped in an lwrp or library) to
gather this information.

On Thu, May 16, 2013 at 4:12 PM, Mark Pimentel markpimentel22@gmail.comwrote:

We have a situation where we have multiple datacenters with OSS Chef
Servers in each.
If anyone is in a similar situation, I am curious to know how would you
get information about nodes in opposite sites?

Say I have a cookbook that needs to reference servers in their
configurations that are in the opposite site? Besides the very obvious of
storing the info in some file local to the cookbook is there a more dynamic
way to do this?

--
Thanks,

Mark

Mark,

Ranjib gave you an excellent response, IMO. I'd like to elaborate a bit to hopefully illustrate the concept a bit better.

You can create an encrypted data bag on each Chef server. Let's call this data bag "chef_site_credentials". In it you would have an entry for each remote Chef server. It would look like this:

{
"north_america": {
"client_name": "jamie",
"client_key": "SOME_PRIVATE_KEY",
"server_url": "https://na.riotgames.com/organizations/riot" <---- IMPORTANT: make sure this is SSL
},
"china": {
"client_name": "jamie",
"client_key": "SOME_PRIVATE_KEY",
"server_url": "https://na.riotgames.com/organizations/riot" <---- IMPORTANT: make sure this is SSL

}
}

You could then use an API client, like Ridley (GitHub - berkshelf/ridley: A reliable Chef API client with a clean syntax), to query the remote Chef server for the data that you want. You should hide all of this logic in an LWRP or a Library.

--
Jamie Winsor
@resetexistence

On Thursday, May 16, 2013 at 4:48 PM, Ranjib Dey wrote:

you can create a common read only chefclient across all your chef servers and use it as part of the chef run (wrapped in an lwrp or library) to gather this information.

On Thu, May 16, 2013 at 4:12 PM, Mark Pimentel <markpimentel22@gmail.com (mailto:markpimentel22@gmail.com)> wrote:

We have a situation where we have multiple datacenters with OSS Chef Servers in each.
If anyone is in a similar situation, I am curious to know how would you get information about nodes in opposite sites?

Say I have a cookbook that needs to reference servers in their configurations that are in the opposite site? Besides the very obvious of storing the info in some file local to the cookbook is there a more dynamic way to do this?

--
Thanks,

Mark

Now that I could work with. That sounds really good. Many thanks!

On Thu, May 16, 2013 at 8:37 PM, Jamie Winsor jamie@vialstudios.com wrote:

Mark,

Ranjib gave you an excellent response, IMO. I'd like to elaborate a bit to
hopefully illustrate the concept a bit better.

You can create an encrypted data bag on each Chef server. Let's call this
data bag "chef_site_credentials". In it you would have an entry for each
remote Chef server. It would look like this:

{
"north_america": {
"client_name": "jamie",
"client_key": "SOME_PRIVATE_KEY",
"server_url": "https://na.riotgames.com/organizations/riot" <----
IMPORTANT: make sure this is SSL
},
"china": {
"client_name": "jamie",
"client_key": "SOME_PRIVATE_KEY",
"server_url": "https://na.riotgames.com/organizations/riot" <----
IMPORTANT: make sure this is SSL
}
}

You could then use an API client, like Ridleyhttps://github.com/riotgames/ridley,
to query the remote Chef server for the data that you want. You should hide
all of this logic in an LWRP or a Library.

--
Jamie Winsor
@resetexistence
reset (Jamie Stormbreaker) · GitHub

On Thursday, May 16, 2013 at 4:48 PM, Ranjib Dey wrote:

you can create a common read only chefclient across all your chef servers
and use it as part of the chef run (wrapped in an lwrp or library) to
gather this information.

On Thu, May 16, 2013 at 4:12 PM, Mark Pimentel markpimentel22@gmail.comwrote:

We have a situation where we have multiple datacenters with OSS Chef
Servers in each.
If anyone is in a similar situation, I am curious to know how would you
get information about nodes in opposite sites?

Say I have a cookbook that needs to reference servers in their
configurations that are in the opposite site? Besides the very obvious of
storing the info in some file local to the cookbook is there a more dynamic
way to do this?

--
Thanks,

Mark

--
Thanks,

Mark

So while we are on this topic, and the community is moving towards "The
Berkshelf Way" which we are also adopting, what is the best practice for
identifying nodes? Would it be via empty roles? or tags? or querying for
specific attrs?

Great work by the way Jamie on berkshelf.

On Thu, May 16, 2013 at 8:37 PM, Jamie Winsor jamie@vialstudios.com wrote:

Mark,

Ranjib gave you an excellent response, IMO. I'd like to elaborate a bit to
hopefully illustrate the concept a bit better.

You can create an encrypted data bag on each Chef server. Let's call this
data bag "chef_site_credentials". In it you would have an entry for each
remote Chef server. It would look like this:

{
"north_america": {
"client_name": "jamie",
"client_key": "SOME_PRIVATE_KEY",
"server_url": "https://na.riotgames.com/organizations/riot" <----
IMPORTANT: make sure this is SSL
},
"china": {
"client_name": "jamie",
"client_key": "SOME_PRIVATE_KEY",
"server_url": "https://na.riotgames.com/organizations/riot" <----
IMPORTANT: make sure this is SSL
}
}

You could then use an API client, like Ridleyhttps://github.com/riotgames/ridley,
to query the remote Chef server for the data that you want. You should hide
all of this logic in an LWRP or a Library.

--
Jamie Winsor
@resetexistence
reset (Jamie Stormbreaker) · GitHub

On Thursday, May 16, 2013 at 4:48 PM, Ranjib Dey wrote:

you can create a common read only chefclient across all your chef servers
and use it as part of the chef run (wrapped in an lwrp or library) to
gather this information.

On Thu, May 16, 2013 at 4:12 PM, Mark Pimentel markpimentel22@gmail.comwrote:

We have a situation where we have multiple datacenters with OSS Chef
Servers in each.
If anyone is in a similar situation, I am curious to know how would you
get information about nodes in opposite sites?

Say I have a cookbook that needs to reference servers in their
configurations that are in the opposite site? Besides the very obvious of
storing the info in some file local to the cookbook is there a more dynamic
way to do this?

--
Thanks,

Mark

--
Thanks,

Mark

On 5/17/2013 7:42 AM, Mark Pimentel wrote:

So while we are on this topic, and the community is moving towards "The
Berkshelf Way"

Who says? 10 vocal people with serious previous Ruby development
experience who happen to use Chef?

We identify nodes by two things:
Recipes present in the run list
Values of attributes

I would say that the toolchain that my team and I have been working on, and the practices that we've documented, are something that a number of people are considering. The Berkshelf Way and Berkshelf is what works for us in our current positions at Riot Games and what would have worked for us during our previous Chef experience over the last four years. There are so many ways to do things, though, and I think anyone whose just taken the steps to adopt Chef to manage their infrastructure is already on the right path.

Of course, I would definitely suggest that you do things our way :slight_smile:

--
Jamie Winsor
@resetexistence

On Friday, May 17, 2013 at 7:30 AM, Jeff Blaine wrote:

On 5/17/2013 7:42 AM, Mark Pimentel wrote:

So while we are on this topic, and the community is moving towards "The
Berkshelf Way"

Who says? 10 vocal people with serious previous Ruby development
experience who happen to use Chef?