omnibus_updater and AWS bootstrapping

Morgan_Blackthorne · June 11, 2014, 10:45pm

Anyone use this cookbook with dynamically bootstrapped AWS nodes? I
basically have a script that looks at information from ElasticBeanstalk to
determine which environment a node should be placed in that runs from
/etc/rc.local, and creates the client.rb config and executes chef-client -j
/etc/chef/bootstrap.json.

My concern with omnibus_updater is that if I bump the chef-client version,
nodes will start bootstrapping, hit omnibus_updater, and run into the chef
killer. This will mark the run as failed, even though it actually
succeeded, resulting in an empty runlist and other badness.

I know there is a kill_chef_on_upgrade setting, but the docs seem to
indicate that it is a Very Bad Idea to actually use this. Anyone know more
about it who can comment? Alternatively, should I eventually refactor my
bootstrap script to check the exit code of chef-client, and if it fails,
re-run it again? While that won’t help if the server is having issues (or
our VPC VPN), it would solve problems with the omnibus updating.

Thoughts? Looking to see if I can find a best practice for dealing with
this here, other than baking a new AMI any time I really need to update the
version… baking the AMI is easy (I’ve got it pretty well scripted at this
point), but then I’ve got to copy it across regions and update a dozen or
two EBs to use the new ones.

–
~~ StormeRider ~~

“Every world needs its heroes […] They inspire us to be better than we
are. And they protect from the darkness that’s just around the corner.”

(from Smallville Season 6x1: “Zod”)

On why I hate the phrase “that’s so lame”… http://bit.ly/Ps3uSS

Mike · June 12, 2014, 12:07am

Morgan,

We use the kill_chef_on_upgrade in our prod environment liberally, but with
longer-lived nodes than Elastic Beanstalk.

The idea there is that if you've started on Chef version X, and you
actually want Chef version Y, the updater has now installed the new
version, it should stop running now, because presumably there's a reason
you wanted the other version in the first place.

So the Chef run gets killed off, and a new instance of Chef using the new
version is started.

I'd ask what's preventing you from updating your AMI bootstrap provisioning
script from leveraging the desired version?

Since after all, adding a repo and defining a package name and version in
yaml is pretty straightforward on ElasticBeanstalk, is it not?

-M

On Wed, Jun 11, 2014 at 6:45 PM, Morgan Blackthorne stormerider@gmail.com
wrote:

Anyone use this cookbook with dynamically bootstrapped AWS nodes? I
basically have a script that looks at information from ElasticBeanstalk to
determine which environment a node should be placed in that runs from
/etc/rc.local, and creates the client.rb config and executes chef-client -j
/etc/chef/bootstrap.json.

My concern with omnibus_updater is that if I bump the chef-client version,
nodes will start bootstrapping, hit omnibus_updater, and run into the chef
killer. This will mark the run as failed, even though it actually
succeeded, resulting in an empty runlist and other badness.

I know there is a kill_chef_on_upgrade setting, but the docs seem to
indicate that it is a Very Bad Idea to actually use this. Anyone know more
about it who can comment? Alternatively, should I eventually refactor my
bootstrap script to check the exit code of chef-client, and if it fails,
re-run it again? While that won't help if the server is having issues (or
our VPC VPN), it would solve problems with the omnibus updating.

Thoughts? Looking to see if I can find a best practice for dealing with
this here, other than baking a new AMI any time I really need to update the
version... baking the AMI is easy (I've got it pretty well scripted at this
point), but then I've got to copy it across regions and update a dozen or
two EBs to use the new ones.

--
~~ StormeRider ~~

"Every world needs its heroes [...] They inspire us to be better than we
are. And they protect from the darkness that's just around the corner."

(from Smallville Season 6x1: "Zod")

On why I hate the phrase "that's so lame"... http://bit.ly/Ps3uSS

dcondomitti · June 12, 2014, 12:15am

If you kill the first chef run with omnibus_updater (or it fails for any other reason) the node's run list isn’t saved in chef server and subsequent runs won’t apply any recipes.

On Wednesday, June 11, 2014 at 5:07 PM, Mike wrote:

Morgan,

We use the kill_chef_on_upgrade in our prod environment liberally, but with longer-lived nodes than Elastic Beanstalk.

The idea there is that if you've started on Chef version X, and you actually want Chef version Y, the updater has now installed the new version, it should stop running now, because presumably there's a reason you wanted the other version in the first place.

So the Chef run gets killed off, and a new instance of Chef using the new version is started.

I'd ask what's preventing you from updating your AMI bootstrap provisioning script from leveraging the desired version?

Since after all, adding a repo and defining a package name and version in yaml is pretty straightforward on ElasticBeanstalk, is it not?

-M

On Wed, Jun 11, 2014 at 6:45 PM, Morgan Blackthorne <stormerider@gmail.com (mailto:stormerider@gmail.com)> wrote:

Anyone use this cookbook with dynamically bootstrapped AWS nodes? I basically have a script that looks at information from ElasticBeanstalk to determine which environment a node should be placed in that runs from /etc/rc.local, and creates the client.rb config and executes chef-client -j /etc/chef/bootstrap.json.

My concern with omnibus_updater is that if I bump the chef-client version, nodes will start bootstrapping, hit omnibus_updater, and run into the chef killer. This will mark the run as failed, even though it actually succeeded, resulting in an empty runlist and other badness.

I know there is a kill_chef_on_upgrade setting, but the docs seem to indicate that it is a Very Bad Idea to actually use this. Anyone know more about it who can comment? Alternatively, should I eventually refactor my bootstrap script to check the exit code of chef-client, and if it fails, re-run it again? While that won't help if the server is having issues (or our VPC VPN), it would solve problems with the omnibus updating.

Thoughts? Looking to see if I can find a best practice for dealing with this here, other than baking a new AMI any time I really need to update the version... baking the AMI is easy (I've got it pretty well scripted at this point), but then I've got to copy it across regions and update a dozen or two EBs to use the new ones.

--
~~ StormeRider ~~

"Every world needs its heroes [...] They inspire us to be better than we are. And they protect from the darkness that's just around the corner."

(from Smallville Season 6x1: "Zod")

On why I hate the phrase "that's so lame"... http://bit.ly/Ps3uSS

Topic		Replies	Views
How to update chef-client on nodes? Chef Infra (archive)	4	884	June 13, 2015
Re: Upgrade process Chef Infra (archive)	2	287	November 9, 2012
omnibus_updater cookbook removes chef-server download Chef Infra (archive)	1	294	August 15, 2014
Omnibus on Ubuntu 11.10 / 12.04 w/ knife bootstrap? Chef Infra (archive)	2	270	May 21, 2012
Upgrade process Chef Infra (archive)	3	299	November 9, 2012

omnibus_updater and AWS bootstrapping

Related topics