Managing server configuration is concerned with converting your infrastructure into code that defines processes needed to deploy a server using versioned and reusable scripts. To be successful in configuration management, you need to use a configuration management tool. Reasons for using a configuration tool are discussed below:
• Configuration tools bring consistency. When your infrastructure is set up manually, there is no way of knowing it has been set up consistently. Furthermore, there is no way of knowing the changes made meet set compliance and security standards.
• Configuration tools efficiently manage change. Building infrastructure manually leads to anxiety of change because infrastructure environments are fragmented, difficult to understand and introduce modifications. This increases the time required to deploy changes, thus delaying client access to modifications. When there is an automated process to manage servers, change batches can happen daily or multiple times in a day.
• Configuration tools bring in simplicity when you need to rebuild your servers. When disaster strikes, rebuilding your severs from scratch becomes very difficult. With configuration tools, restoring your environment after a disaster is quick.
• Configuration tools bring transparency. Auditing and reporting are features available within configuration tools. Changes are automatically loggedd by tracking tools which simplifies monitoring team activities.
Chef is a configuration management tool that you can use to mange your on-premise or cloud infrastructure. When you use infrastructure as a code, you have benefits associated with your application code such as versioning, testing and repeatability. Some of the features that make Chef an excellent choice for configuration management are listed below. If you want to learn how to use Chef in detail, you can find that here.
• It is very scalable so you can rely on it to configure thousands of servers.
• When you need to customize Chef, you have the full power of Ruby programming language.
• Chef gives you the freedom to use it in distributed or central mode.
• Chef is open source and it has a strong community of contributors.
When writing provisioning scripts you need to understand recipes and cookbooks. A recipe is the code you develop to implement installations and configurations on your servers. A cookbook is made up of several similar recipes.
To write a Chef recipe, you need to use Ruby language. A recipe consists of resource definitions that will issue instructions to be executed on servers. For more flexibility you can include resource definitions together with Ruby code.
Before we can start writing recipes, let us discuss the building blocks of a recipe. Within a recipe we can define local variables the same way local Ruby variables are defined. An example of defining a local variable and including it in a resource definition is shown below.
package = "vim" apt_package package do action :install end
Local variables have a scope limitation so they can only be used within the file they are defined. To create a variable that is globally accessible by any of your cookbook or recipe, you need to use a custom attribute. Attributes hold node details. Automatic attributes collected by Ohai tool hold system information like the hostname and platform among others but it has the flexibility of defining custom attributes. You can assign different precedence determined by attribute type to your attributes where you will mostly use default but you can override it when needed. An example of defining an attribute is shown below:
node.default['main']['package'] = "vim" apt_package node['main']['package'] do action :install end
In the example above, we used node.default to mark the attribute type as default, but we could also mark it as normal or override which has higher precedence. It is recommended that you organize your node variables as hashes using current cookbook as a key.
To clarify how precedence is implemented, consider the example below.
node.normal['main']['package'] = "vim" node.override['main']['package'] = "git" node.default['main']['package'] = "curl" apt_package node['main']['package'] do action :install end
In the example above, override has the highest precedence so the git package will be installed despite normal precedence being defined first.
When you need to repeat a task with a different input each time you use a loop. To demonstrate how loops are useful consider the example below.
['vim', 'git', 'curl'].each do |package| apt_package package do action :install end end
Instead of using three tasks to install three packages, we just used a loop.
When you need to dynamically decide the code block to be executed depending on a variable or the results of another command you use conditionals. All Ruby conditionals can be used when writing recipes. Consider the conditional example shown below:
apt_package "php-pear" do action :install only_if "which php" end
The objective of the above conditional is to ensure PHP exists on target system before php-pear package can be installed.
To make configuration files more reusable by including variables and other features, we use templates. The Embedded Ruby (ERB) template used by Chef and Puppet supports loops and conditionals among other Ruby features. After writing a template you need to write a template resource that will apply your template.
To develop and test your infrastructure, you need Chef development kit installed. To install it on ubuntu 16.04 use the commands below.
wget https://packages.chef.io/files/stable/chefdk/1.4.3/ubuntu/16.04/chefdk_1.4.3-1_amd64.deb sudo dpkg -i chefdk_1.4.3-1_amd64.deb
Create a chef-repo using the command shown below:
sudo dpkg -i chefdk_1.4.3-1_amd64.deb
Navigate to your chef-repo, create a cookbook and enter the directory of your cookbook
cd chef-repo chef generate cookbook demo-file cd cookbooks/demo-file
Navigate to the recipes directory and open default.rb in a text editor
cd recipes gedit default.rb
Add the recipe shown below that will perform a system update.
execute "update-upgrade" do command "apt-get update && apt-get upgrade -y" action :run end
Testing your recipe involves uploading it to the Chef server, adding your run list and running chef-client on your node after which a success message will be returned. If there is no success, a message stating that your code has errors and needs to be reviewed will pop up.
In this article, we discussed the reasons why using a configuration management tool is necessary. We discussed features that make Chef an excellent configuration tool. We discussed the building blocks of a Chef recipe and gave examples. Finally, we demonstrated how to create a recipe.