Organizing cookbooks in a logical way


#1

Hello Gurus,

I have an issue which seems to be a blocker for me in my progress with Chef
to effectively move to production. The issue is that I started Ansible
before Chef therefore my only reference tends to be based on Ansible.

It looks more natural to me writing a playbook with different host names
while having those host names in some inventory file. So looks easy to
provision lots of nodes to me. That concept of role in chef is not so clear
to me .

For example I can write some roles in Ansible with options which are
boolean variable to switch between using apache as simple html hosting, for
php virtual host , for reverse proxy using http or ajp etc.So everything is
pretty much is maintained at the playbook level which gets checked in VCS.
I am not too sure how to achieve that in chef. I am not trying to say one
is better than the either, I am just saying I would like to know how to
organize my own cookbooks .

As devops almost every week, depending on requirement, I use either nginx
or apache to deploy:

wordpress site
joomla site
java reverse proxy using (ajp for apache or http for nginx)

These are all on ubuntu linux which needs some hardening for production (By
the way I need a book to achieve this, any link would be greatly
appreaciated :wink: ). So for web project A I will need building block like

  • recipe[linux_security]
  • recipe[nginx | apache2]
  • recipe[wordpress | joomla]

So the real question is if this is a project A, so I should create a
cookbook A which will use the the listed cookbooks above. Now project B is
for client B and will need the same stack should this differentiation be at
attributes level or cookbook level?

What is the recommended way to use attributes with chef-server? especially
while bootstraping.

How to use the role in practice? For example where to map that nodes
a.servers.com b.servers.com, c.servers.com are all linux, web server/nginx ?

Thanks for reading this.

Best Regards,


Joseph Kodjo-Kuma Djomeda
check out my pains at : www.mycodingpains.com
We become what we think about ourselves…


#2

So the real question is if this is a project A, so I should create a
cookbook A which will use the the listed cookbooks above. Now project B is
for client B and will need the same stack should this differentiation be at
attributes level or cookbook level?

In general, cookbooks should be re-usable and as generic as possible. In
your case, you can create a linuxsecurity cookbook (don’t use underscores
in cookbook names – it’ll work at first but can cause you grief later when
you start creating resources, which is a more advanced topic), an nginx or
apache2 cookbook, and a Wordpress or Joomla cookbook. Or instead of
creating them, use a community cookbook, if available. You can use
Berkshelf to make it easier to manage your dependencies.

Now this is where you have some options. If you foresee that a typical
client deployment will be similar from one client to another, you could put
together a simple, generic cookbook that includes the three cookbooks
created earlier, and you can customize it for each client using
environments.
Or, you can create specific cookbooks for each client, that will be mostly
similar to the other option I just explained, but less reliant on
environments, since you can store client-specific attributes in the
attributes/ directory.

How to use the role in practice? For example where to map that nodes
a.servers.com b.servers.com, c.servers.com are all linux, web
server/nginx ?

In my opinion, don’t use roles at all. But to answer your question, you
don’t need to do that mapping at all, you just bootstrap each node using
Knife and assign a run list to each of them.

You might want to read this about how to avoid using Chef roles:
http://realityforge.org/code/2012/11/19/role-cookbooks-and-wrapper-cookbooks.html
Note that in the examples, they use node.override[‘foo’][‘bar’] but you
shouldn’t need to do that, just set attributes as you normally would, by
adding attribute files to the attributes/ directory.


#3

Hello Fabien,

Thanks for the answers provided. I am getting the sense of what you are
saying. I am planing to have a webserver cookbook which will have nginx and
apache cookbooks with specific recipes for each server (apache | nginx) and
templates for all scenario, nginx proxy, nginx normal virtual host, apache
normal hosting, mod_proxy http| ajp etc.
So I will maintain the attributes A.json and B.json for client A and B in
some version control.

Now for a cluster of tomcat like say 10 nodes, I find it a bit difficult
bootstraping them one of the other. Is there any bulk bootstraping (:smiley: I am
being lazy here) for :
a) nodes with same recipes
b) nodes with mixed recipes

Best Regards,

On Mon, Aug 3, 2015 at 11:36 PM Fabien Delpierre fabien.delpierre@gmail.com
wrote:

So the real question is if this is a project A, so I should create a

cookbook A which will use the the listed cookbooks above. Now project B is
for client B and will need the same stack should this differentiation be at
attributes level or cookbook level?

In general, cookbooks should be re-usable and as generic as possible. In
your case, you can create a linuxsecurity cookbook (don’t use underscores
in cookbook names – it’ll work at first but can cause you grief later when
you start creating resources, which is a more advanced topic), an nginx or
apache2 cookbook, and a Wordpress or Joomla cookbook. Or instead of
creating them, use a community cookbook, if available. You can use
Berkshelf to make it easier to manage your dependencies.

Now this is where you have some options. If you foresee that a typical
client deployment will be similar from one client to another, you could put
together a simple, generic cookbook that includes the three cookbooks
created earlier, and you can customize it for each client using
environments.
Or, you can create specific cookbooks for each client, that will be mostly
similar to the other option I just explained, but less reliant on
environments, since you can store client-specific attributes in the
attributes/ directory.

How to use the role in practice? For example where to map that nodes
a.servers.com b.servers.com, c.servers.com are all linux, web
server/nginx ?

In my opinion, don’t use roles at all. But to answer your question, you
don’t need to do that mapping at all, you just bootstrap each node using
Knife and assign a run list to each of them.

You might want to read this about how to avoid using Chef roles:

http://realityforge.org/code/2012/11/19/role-cookbooks-and-wrapper-cookbooks.html
Note that in the examples, they use node.override[‘foo’][‘bar’] but you
shouldn’t need to do that, just set attributes as you normally would, by
adding attribute files to the attributes/ directory.


Joseph Kodjo-Kuma Djomeda
check out my pains at : www.mycodingpains.com
We become what we think about ourselves…


#4

Write roles, I think.

Nico Kadel-Garcia
Email: nkadel@gmail.commailto:kadel@gmail.com
Sent from iPhone

On Aug 3, 2015, at 18:58, “Joseph Djomeda” <joseph@djomeda.commailto:joseph@djomeda.com> wrote:

Hello Gurus,

I have an issue which seems to be a blocker for me in my progress with Chef to effectively move to production. The issue is that I started Ansible before Chef therefore my only reference tends to be based on Ansible.

It looks more natural to me writing a playbook with different host names while having those host names in some inventory file. So looks easy to provision lots of nodes to me. That concept of role in chef is not so clear to me .

For example I can write some roles in Ansible with options which are boolean variable to switch between using apache as simple html hosting, for php virtual host , for reverse proxy using http or ajp etc.So everything is pretty much is maintained at the playbook level which gets checked in VCS. I am not too sure how to achieve that in chef. I am not trying to say one is better than the either, I am just saying I would like to know how to organize my own cookbooks .

As devops almost every week, depending on requirement, I use either nginx or apache to deploy:

wordpress site
joomla site
java reverse proxy using (ajp for apache or http for nginx)

These are all on ubuntu linux which needs some hardening for production (By the way I need a book to achieve this, any link would be greatly appreaciated :wink: ). So for web project A I will need building block like

  • recipe[linux_security]
  • recipe[nginx | apache2]
  • recipe[wordpress | joomla]

So the real question is if this is a project A, so I should create a cookbook A which will use the the listed cookbooks above. Now project B is for client B and will need the same stack should this differentiation be at attributes level or cookbook level?

What is the recommended way to use attributes with chef-server? especially while bootstraping.

How to use the role in practice? For example where to map that nodes a.servers.comhttp://a.servers.com b.servers.comhttp://b.servers.com, c.servers.comhttp://c.servers.com are all linux, web server/nginx ?

Thanks for reading this.

Best Regards,


Joseph Kodjo-Kuma Djomeda
check out my pains at : www.mycodingpains.comhttp://www.mycodingpains.com
We become what we think about ourselves…


#5

Hello All,

Thanks for providing responses. To be honest the role bit highlighted by
Fabien gets me really nervous because I am very very new to this.

I would like to have some insight in use case expressed below

Now for a cluster of tomcat like say 10 nodes, I find it a bit difficult
bootstraping them one of the other. Is there any bulk bootstraping (:smiley: I am
being lazy here) for :a) nodes with same recipesb) nodes with mixed recipes

I would also want to ask whether chef can handle incremental deployment of
say java web app running in 10 nodes by taking them down 2 after the other
just like how “serials” works in ansible.

Best Regards,

On Wed, Aug 5, 2015 at 2:17 PM Nico Kadel-Garcia nkadel@skyhookwireless.com
wrote:

Write roles, I think.

Nico Kadel-Garcia
Email: nkadel@gmail.com
Sent from iPhone

On Aug 3, 2015, at 18:58, “Joseph Djomeda” joseph@djomeda.com wrote:

Hello Gurus,

I have an issue which seems to be a blocker for me in my progress with
Chef to effectively move to production. The issue is that I started Ansible
before Chef therefore my only reference tends to be based on Ansible.

It looks more natural to me writing a playbook with different host names
while having those host names in some inventory file. So looks easy to
provision lots of nodes to me. That concept of role in chef is not so clear
to me .

For example I can write some roles in Ansible with options which are
boolean variable to switch between using apache as simple html hosting, for
php virtual host , for reverse proxy using http or ajp etc.So everything is
pretty much is maintained at the playbook level which gets checked in VCS.
I am not too sure how to achieve that in chef. I am not trying to say one
is better than the either, I am just saying I would like to know how to
organize my own cookbooks .

As devops almost every week, depending on requirement, I use either nginx
or apache to deploy:

wordpress site
joomla site
java reverse proxy using (ajp for apache or http for nginx)

These are all on ubuntu linux which needs some hardening for production
(By the way I need a book to achieve this, any link would be greatly
appreaciated :wink: ). So for web project A I will need building block like

  • recipe[linux_security]
  • recipe[nginx | apache2]
  • recipe[wordpress | joomla]

So the real question is if this is a project A, so I should create a
cookbook A which will use the the listed cookbooks above. Now project B is
for client B and will need the same stack should this differentiation be at
attributes level or cookbook level?

What is the recommended way to use attributes with chef-server? especially
while bootstraping.

How to use the role in practice? For example where to map that nodes
a.servers.com b.servers.com, c.servers.com are all linux, web
server/nginx ?

Thanks for reading this.

Best Regards,


Joseph Kodjo-Kuma Djomeda
check out my pains at : www.mycodingpains.com
We become what we think about ourselves…


Joseph Kodjo-Kuma Djomeda
check out my pains at : www.mycodingpains.com
We become what we think about ourselves…


#6

On Wed, Aug 5, 2015 at 11:38 AM, Joseph Djomeda joseph@djomeda.com wrote:

I would like to have some insight in use case expressed below

Now for a cluster of tomcat like say 10 nodes, I find it a bit difficult
bootstraping them one of the other. Is there any bulk bootstraping (:smiley: I am
being lazy here) for :a) nodes with same recipesb) nodes with mixed recipes

I have not used it, so you might want to do at least a little bit of
research, however I think Chef Provisioning will be helpful:
https://docs.chef.io/provisioning.html
There’s also Chef Metal, but I believe Chef Provisioning is Chef Inc.'s
"answer" to Chef Metal.

I would also want to ask whether chef can handle incremental deployment of
say java web app running in 10 nodes by taking them down 2 after the other
just like how “serials” works in ansible.

The scheduling (i.e. doing your release NOT on all nodes at the same time)
is not really Chef’s job, rather you should handle that via your CI/CD
system, whatever it is (e.g. Jenkins). It could be as easy as putting your
Java app’s .jar or .war file in a place where all the Chef nodes can get
it, having a bit of code in your recipe that will download that artifact
and do whatever needs to be done with it on the node, then have Jenkins
execute chef-client on each node, one by one, or two by two, so that not
all nodes will run the recipe at the same time.

On Wed, Aug 5, 2015 at 2:17 PM Nico Kadel-Garcia <
nkadel@skyhookwireless.com> wrote:

Write roles, I think.

Nico Kadel-Garcia
Email: nkadel@gmail.com
Sent from iPhone

On Aug 3, 2015, at 18:58, “Joseph Djomeda” joseph@djomeda.com wrote:

Hello Gurus,

I have an issue which seems to be a blocker for me in my progress with
Chef to effectively move to production. The issue is that I started Ansible
before Chef therefore my only reference tends to be based on Ansible.

It looks more natural to me writing a playbook with different host names
while having those host names in some inventory file. So looks easy to
provision lots of nodes to me. That concept of role in chef is not so clear
to me .

For example I can write some roles in Ansible with options which are
boolean variable to switch between using apache as simple html hosting, for
php virtual host , for reverse proxy using http or ajp etc.So everything is
pretty much is maintained at the playbook level which gets checked in VCS.
I am not too sure how to achieve that in chef. I am not trying to say one
is better than the either, I am just saying I would like to know how to
organize my own cookbooks .

As devops almost every week, depending on requirement, I use either nginx
or apache to deploy:

wordpress site
joomla site
java reverse proxy using (ajp for apache or http for nginx)

These are all on ubuntu linux which needs some hardening for production
(By the way I need a book to achieve this, any link would be greatly
appreaciated :wink: ). So for web project A I will need building block like

  • recipe[linux_security]
  • recipe[nginx | apache2]
  • recipe[wordpress | joomla]

So the real question is if this is a project A, so I should create a
cookbook A which will use the the listed cookbooks above. Now project B is
for client B and will need the same stack should this differentiation be at
attributes level or cookbook level?

What is the recommended way to use attributes with chef-server?
especially while bootstraping.

How to use the role in practice? For example where to map that nodes
a.servers.com b.servers.com, c.servers.com are all linux, web
server/nginx ?

Thanks for reading this.

Best Regards,


Joseph Kodjo-Kuma Djomeda
check out my pains at : www.mycodingpains.com
We become what we think about ourselves…


Joseph Kodjo-Kuma Djomeda
check out my pains at : www.mycodingpains.com
We become what we think about ourselves…


#7

Hello Joseph,

there’s nothing built-in in Chef. FWIW, we use Rundeck http://rundeck.org/index.html to do this kind of orchestration.

Best regards,
Dennis Benzinger | hybris

[http://static.hybris.com/images/hybris_logo_signatur_2015.gif]

Dennis Benzinger
IT Architecture Senior Specialist
hybris Cloud Services
dennis.benzinger@sap.com

hybris GmbH
Nymphenburger Straße 86
80636 München, Germany
Fax +49 89 890 65 555
www.hybris.com

hybris GmbH, Nymphenburger Str. 86, 80636 München, Deutschland.
Geschäftsführer: Ariel F. Lüdi, Carsten Thoma, Michael Zips.
Amtsgericht München, HRB 124384.

From: Joseph Djomeda [mailto:joseph@djomeda.com]
Sent: Mittwoch, 5. August 2015 17:38
To: chef@lists.opscode.com
Subject: [chef] Re: Re: Organizing cookbooks in a logical way

Hello All,
Thanks for providing responses. To be honest the role bit highlighted by Fabien gets me really nervous because I am very very new to this.

I would like to have some insight in use case expressed below

Now for a cluster of tomcat like say 10 nodes, I find it a bit difficult bootstraping them one of the other. Is there any bulk bootstraping (:smiley: I am being lazy here) for :
a) nodes with same recipes
b) nodes with mixed recipes

I would also want to ask whether chef can handle incremental deployment of say java web app running in 10 nodes by taking them down 2 after the other just like how “serials” works in ansible.
Best Regards,

On Wed, Aug 5, 2015 at 2:17 PM Nico Kadel-Garcia <nkadel@skyhookwireless.commailto:nkadel@skyhookwireless.com> wrote:
Write roles, I think.

Nico Kadel-Garcia
Email: nkadel@gmail.commailto:kadel@gmail.com
Sent from iPhone

On Aug 3, 2015, at 18:58, “Joseph Djomeda” <joseph@djomeda.commailto:joseph@djomeda.com> wrote:
Hello Gurus,
I have an issue which seems to be a blocker for me in my progress with Chef to effectively move to production. The issue is that I started Ansible before Chef therefore my only reference tends to be based on Ansible.
It looks more natural to me writing a playbook with different host names while having those host names in some inventory file. So looks easy to provision lots of nodes to me. That concept of role in chef is not so clear to me .
For example I can write some roles in Ansible with options which are boolean variable to switch between using apache as simple html hosting, for php virtual host , for reverse proxy using http or ajp etc.So everything is pretty much is maintained at the playbook level which gets checked in VCS. I am not too sure how to achieve that in chef. I am not trying to say one is better than the either, I am just saying I would like to know how to organize my own cookbooks .

As devops almost every week, depending on requirement, I use either nginx or apache to deploy:
wordpress site
joomla site
java reverse proxy using (ajp for apache or http for nginx)
These are all on ubuntu linux which needs some hardening for production (By the way I need a book to achieve this, any link would be greatly appreaciated :wink: ). So for web project A I will need building block like

  • recipe[linux_security]
  • recipe[nginx | apache2]
  • recipe[wordpress | joomla]
    So the real question is if this is a project A, so I should create a cookbook A which will use the the listed cookbooks above. Now project B is for client B and will need the same stack should this differentiation be at attributes level or cookbook level?
    What is the recommended way to use attributes with chef-server? especially while bootstraping.
    How to use the role in practice? For example where to map that nodes a.servers.comhttp://a.servers.com b.servers.comhttp://b.servers.com, c.servers.comhttp://c.servers.com are all linux, web server/nginx ?

Thanks for reading this.

Best Regards,


Joseph Kodjo-Kuma Djomeda
check out my pains at : www.mycodingpains.comhttp://www.mycodingpains.com
We become what we think about ourselves…

Joseph Kodjo-Kuma Djomeda
check out my pains at : www.mycodingpains.comhttp://www.mycodingpains.com
We become what we think about ourselves…