 So good afternoon. All right. There's a little bit of energy here. This is the like the last session of the the conference There's really big names that I'm speaking up against and you guys are here. That's totally awesome So thank you for having me. Thank you for coming out to drip con How's the conference been for you guys? Yeah, good stuff awesome So Hello, my name is Nathan You might notice that my dad misspelled my name So here was the rule in my family mom picks them dad misspells them and he was consistently Misspelling all of our names. So I have a brother named Gordon who also ends with an EN as does my Nathan I have a sister Adrienne also ends with an EN and then a sister Meredith My dad tried really really hard to squeeze in another EN, but he just couldn't do it But he did misspell it. Actually, I don't know the proper way to spell Meredith I only know the way to spell Meredith the way my sister does, but I know it's wrong Anyhow enough of my family history and all about my siblings I am a technical community manager at ops code. Ops code is the company behind chef I'm also a co-host on the food fight show, which is a podcast It is in fact the podcast where dev ops chefs do battle So it's a totally fun podcast and I for one think that everyone in this room should subscribe to that podcast and in fact If you subscribe to that podcast, I'll give you a sticker at the end of this talk In fact, if you don't I'll still give you a sticker, but I'm also a meet-up organizer I organize a couple of meet-up groups in the DC area where I'm based. I'm not really based in DC I'm based in Annapolis, Maryland, which is nearby You can follow me on Twitter at Nathan Harvey And if you were fast enough before I click on to the next slide and went to that speaker deck You can actually get these slides right now. So I'm saving you a question at the end Where can I get these slides from you can get them from right there right now go all right So ops code who are we ops coding? Like I said is the company behind chef chef is an open source Configuration management framework ops code is the company behind it. We are not chef, but we are the main contributors We are the ones that support it Ops code pays people like me to go and talk about chef and how awesome it is So speaking about awesome. It is just what the heck is chef chef is an automation platform It's used by developers systems engineers sys admins to model your infrastructure So you're going to define the way that your infrastructure looks in code So let's just kind of step back for a minute and talk about your business Your business is all about applications and I bet I would wager a dollar that everyone in this room or at least 98% of the people in this room have an application that's based on Drupal. Am I right? Yeah, all right. So we've got these applications these applications make up your business They run on top of infrastructure. So what do we mean when we talk about infrastructure? Well with chef we really want you to think about your infrastructure in terms of a collection of resources So your infrastructure is the hardware or the virtual machines the servers that your Drupal application runs on Well, how does that Drupal application get there? What are the various components that need to be on that server in order for it to work? These are all of the resources that chef will help you model and manage So these resources act together in concert to provide a service and over time that service will evolve So your configuration is going to change over time So you start off very simply I've got this nice little Drupal application. Everything is sitting on one application server. My database is here My Drupal is here. All is right with the world. Everything is beautiful. Why do I need configuration management? It's just one little box. I can handle that no big deal, but Your business starts to scale you get a lot of good traffic. So you decide well, we need to improve performance Let's move the database off of the application server Let's split it off onto its own dedicated server so we can get better performance out of the database and Let's make sure that we are have redundancy within our data tier, right? And now our business is getting better and we're getting more and more servers and our application our Infrastructure is really just starting to grow and grow and grow And we have to tie all of these various infrastructure components together with Configuration so that the load balancer knows which application servers that should talk to the application Servers know which database caches and which database servers they should talk to. This is not a simple problem anymore This is now a real thing But of course your infrastructure is a snowflake. It doesn't look like this here. It looks like this actually that's a lie Everyone in the room is a snowflake and each one of your infrastructures is a beautiful and unique snowflake also I actually don't know what your infrastructure looks like frankly. I don't really care But chef will give you the the primitives the resources needed to model your infrastructure and manage it over time Of course your complexity is just going to continue to evolve because you've got this great application that you're building out You need something to help solve this and that's what we call configuration management So let's say you built all of this infrastructure out and now all of a sudden you have new requirements So this is a pain right? I just got a new developer that joined our team I want to get her up and productive right away. How do I do so? That might take a week in some shops I need to add new relic monitoring to my application so I can get much better insight into what's going on It doesn't need to be new relic, but I think new relic is pretty frickin awesome. So if you don't use them check them out Add a new module to the development site. I don't want to add this new module to the production site yet Just to the development site. Let's build it make sure it works the way we want and then we'll roll it out to production So how do we do all of this? This all leads to configuration desperation and chef solves that problem, but you probably guessed that already So chef is infrastructure as code. What does it mean when we say infrastructure is code? Basically what we mean with infrastructure as code is that we are going to write code that will model your Infrastructure and it will manage your infrastructure over time With infrastructure as code you essentially need three things to rebuild your entire business You need compute resources whether those are bare metal or virtual machines somewhere off in the cloud Whatever compute resources you need a backup of your data and you need your source code repository Because now that we're treating our infrastructure as code We are of course putting it into a source code repository just like you do with all of the application code that you write, right? Right it all goes into a source code repository very important so We do this in chef by writing programs these programs allow us to abstract the details of the infrastructure away and Really model what that infrastructure looks like programs also allow us to build up our infrastructure in modular pieces So within these programs we have a declarative interface to our resources So those resources again were things that we saw a couple of slides back things like users or packages or files Directories things like this within our programs. We're going to define our policy So what should this application server? What should this server have on it? What should the characteristics of this server be? We will specify what but not how and we'll look at that in just a second But as an example we may say that we want a package installed We won't tell or we won't say in our program exactly how to install that package should you use yum? Should you use apt? We'll just say that the package has to be installed that is our policy And then chef works in a pole not a push model So essentially what you have is on each one of your servers on each one of your nodes in your infrastructure There's a chef client running It will wake up on a periodic basis check in with the chef server and say hey What's my policy the chef server will send down that policy and the chef client will bring that node into line with the policy We'll see some examples of that here in a bit Okay, so here's what those programs might look like Of course, they don't have the nice pretty drop shadows when you write them in your text editor Well, I don't know maybe your editor does but So here's what they look like we've got first a resource that's a package a package resource Apache 2 So again, we're not saying how to install Apache 2. We're saying that this package must be on this system Next up we have a template So we've installed this package this package exists on the system now I'm going to write out a template file some Apache configuration and then finally I have a service resource and in this service resource I'm saying that I want this service to be enabled and started So let me just break down what this is doing The first thing that it does when it says when the chef client sees package Apache 2 It's going to inspect the system that it's running on and say does the Apache 2 package exist here Has it been installed? If it has it's just going to move on and go on to the template if it has not yet been installed It will install Apache 2 and then it will move on to the template The next thing that it sees here is the template resource and in our template resource We're saying I want to manage this file at see Apache 2 Apache 2.com And in it I want to specify some content and I'm going to use a template file to specify what that content is going to be We're not going to look at the template right now, but you can imagine that it's a template right has some variable Substitution in fact, we're going to send down a variable called allow override How many of you have said an HTTP? You know allow override within their Apache comfort before you just devout everybody right and so we're going to say just allow override We're going to set that to all we'll say that as a variable and that'll end up in the template And then I'll come back to that next line the notifies there So the template is now written out Of course before the template gets written the first thing that chef will do is verify that the file already exists on the system And if it does it's going to inspect the contents of that file and determine Does it need to make a change to that file or not if that file is already in line with policy chef will leave that file alone? And then the last thing that it comes to here is the service and we have a service named Apache 2 and It has two actions that we're sending to it. We want to enable it and start it So enable it says when the server reboots Apache should come up automatically and I want to start Apache So again chef is going to inspect the system and say hey Is Apache 2 already in check config or whatever system you're using to make sure that things come up when your system reboots if it is I take no action He's Apache running right now. If so I take no action. Otherwise I will start it for you And then if we go back to the template in the instance when the template contents Require a change on the file system. It will do that last line that last line there that notifies So the template if it changes will send a notification to the service called Apache 2 And it will say you need to reload And so what happens is if the contents of that file that configuration file change It will send it will tell Apache to reload its configuration. This is good that we have this Subscription model or this notification model the reason this is good is as I mentioned chef client will run on a periodic basis You don't want to reload Apache every time chef client runs only if that file changed and you actually need to So these resources we put them we write them into programs that we call recipes You know we had this name for a product called chef And so we really stick with this metaphor everything around chef is going to be like kitchen related So we take these resources we write programs we call those programs recipes We package those programs together with template files into cookbooks Template files and a bunch of other things So we really take this cooking metaphor and just kind of run with it Except when we don't because sometimes we don't and we call things Stuff like LWRP and everybody has an LWRP in their kitchen right now me either But yeah, so that's what recipes and cookbooks are The other cool thing about search about chef is that you can search So chef in addition to having this policy about what your infrastructure should look like also has a searchable Index of the current state of your infrastructure So we can do things like discover which nodes should fall behind our our load balancer We can look up IP addresses all kinds of stuff So here's another example of some recipe code and in this one in the first line here What we're doing is we're executing a search against our chef server. I'm saying hey chef server What are all of the nodes that have the role awesome site assigned? And if you're still paying attention, you'll notice that there's a problem on that first line But I assure you the code in the slide compiled just fine But I am missing a double quote there at the end anyhow, so we search for any Nodes any servers that have this role of awesome site We gather those all together and pass that list down to a template So you see that there in variables pool members is pool members dot unique. So it's maybe there are four Four web servers for Drupal application servers behind our load balancer chef server knows about these Returns those as results and then in our template as we can figure our load balancer We can point to each one of those four Web servers that are sitting behind the load balancer now if I were to come along and spin up another application server The next time chef client runs on the load balancer It will automatically discover it and start sending traffic to it by the same token if I were to take a web server And shut it down the load balancer would also recognize that and stop sending traffic to it This is so that when this you know your application Infrastructure becomes this we add one more tier or one more node to our application tier All of this can happen automatically we can stitch this guy into Our entire infrastructure and if you stop and count the resources You'll see that there are at least 11 resources that need to change through the addition of just one node So with one command we can spin up this node get it configured as an application server or as a Drupal server for us As part of our infrastructure and tie it into our entire infrastructure. It's as easy as that So let's talk a little bit more specifically about deploying Drupal with chef and the process that you might go through to do that And I just like to step back for a second and talk about some components that are involved with a chef managed Infrastructure you have essentially three big areas that you'll be concerned with on the bottom here in the middle This is your workstation. This is where you write the policy that your infrastructure should follow This is where you write your recipes and your cookbooks and so forth Of course, this is also where you have your repository your get repository or subversion or perforce Whatever source code control you use as long as you're using source code control, which we're all doing I think we've already established that So you put all of that on your workstation and then above and to the left over here We have the chef server. So that's where we're going to take the policy the cookbooks that we write We're actually going to publish them from our workstation up to the chef server So the chef server has a couple of roles one is that it will house all of our cookbooks all of our policies for us It also has that searchable index of information about our infrastructure And then off on the right we have the nodes So these are the individual machines within your infrastructure now these as I mentioned earlier I think could be bare metal machines. They could be VMs that are running locally They could be cloud instances off on EC2 or rack space or wherever wherever you can run a server. That's where it'll be So let's talk about our workflow for building out a Drupal site first. We're going to build Drupal locally We'll deploy a Drupal application to EC2 and then we're just going to iterate over that over time So let's start with local development. We start off first with a git repository Now I know I'm kind of beating this dead horse, right? Everything has to be in source code control just a quick question How many of you have ever gone to a command line and done something like CP food text space food text dot OLD yeah, yeah, yeah, that's not source code control, right? That doesn't count And if you get like super fancy about it and turn that into Food dot text dot date timestamp still not source code control No, you have to actually use a real source code control repository In fact, if you're not using a source code control repository You shouldn't even listen to anything else I say about chef You should go to like learn git comm and learn git and start using that right now All right, so we'll get our repository set up Then we need a virtual machine because like I said, we want to build this locally It doesn't make sense for me to build Drupal locally on an OS X platform when I'm going to deploy on Ubuntu Let me deploy and build locally on the same platform that I'm going to deploy to in production And then finally we need chef on my workstation So I need this super awesome tool called knife which comes with chef And I also need a chef server to be in the mix here All right, so we set up our git repository. Everyone's done something like this before right? So make a directory do a git in it Next up we're going to build a VM. How many have used vagrant before? All right, not enough of you. It's not as bad as not using version control But trust me you want to go check out vagrant go to vagrant up comm This is what you want to do to manage all of your VMs locally from this from this moment onward All right, so with vagrant you can deploy it local virtual machine It makes it super easy and in fact as the tagline says vagrant will change how you work All right, so vagrant essentially is a nice wrapper around Oracle's virtual box Now those of you that have been using vagrant for a long time and are like up to speed on where vagrant is going Are going to be like yo Nathan it does a lot of other than just virtual box, but that's cool We're just going to talk about virtual box today so with vagrant we can configure a vagrant file and this is Essentially all that we have to do to define a virtual machine So I'm going to in this virtual error in this vagrant file. I'm creating a new virtual machine It's going to run on my laptop. I'm going to give it a host name I'm going to give it a box a box is basically the baseline image that you're using for this machine And then you can also do fun things with networking so for example on that last or second to last line there You'll see that I'm forwarding a port so port 80 on the VM I can get to I can access for my local machine via port 8080 in other words If I go to local host colon 8080. I'm actually looking at the VM And we'll see that in a minute Okay, then we need to install chef right so we've got our repository. We've got a virtual machine running Let's get chef going if you go under the ops code website. You'll find the place where you can install chef We need to install the client. It's going to have drop-down boxes as shown here So you'll set up your operating system and things like this and it will give you something that will install chef Now you might want to know what is that something and the answer of course is it depends if you're on a windows box That's something. It's going to give you as an MSI if you're on Mac or an Ubuntu or Linux box It's going to give you something Curl a URL that you can curl and pipe into bash because that's how we all love to install software, right? So anyhow What that installs though is Everything that you need for chef So chef as you might know or maybe I've sussed out by now the chef client and the recipes that you write are all In ruby now you may or may not have ruby installed on your machine And if you're like, yeah, I'm on a Mac and it comes with ruby then you don't actually have a good ruby installed on your machine So that kind of sucks, but don't worry You don't have to worry about all the pain of installing ruby and like dealing with rbm or rvm Or which one of those version managers should I use or to ruby? What's going on ruby ruby is just Not false crazy, right? So with chef Through ops code on this installer will install a ruby for you It'll be off in its own place and chef will use that ruby so you get everything everything that you need here with this install Then you need a chef server. So you're just getting started with chef. I Imagine because probably some of you here actually never done anything with chef I will tell you the best way to get started with chef is to use hosted chef as your server The reason that I think that's best number one You don't really need to concern yourself with how to configure and set up another server although setting up and configuring a chef server is relatively painless, but The other part about using hosted chef is you can use it for free for up to five nodes And then you really don't need to worry about that server at all You just point to ours ops code runs it you don't pay us manage five nodes for free and learn chef when you're ready You can start paying us some money. It's totally cool. We'll totally take your money You can manage more nodes that way or we can install it locally or you can just switch out and go to the free open source version It's all good, but hosted chef is the way to start learning chef So now we need to register our virtual machine that virtual box that we created we need to register it with our chef server So I went and created a chef account and now I'm back in my vagrant file and within vagrant We have these things called provisioners. So vagrant knows how to provision the boxes that it's managing with things like chef Using the chef client or chef solo it knows how to provision things with puppet It knows how to provision things with bash scripts, but who would ever just provision with bash scripts because no But so what we do with chef client We have to tell the server that we're talking to and give it some authentication credentials So we set that up within our vagrant file and then I run this command vagrant Provision and what vagrant provision will do is go into the machine that virtual machine and run the chef client for us Which again is going to wake up say hey chef server. Here. I am. What does my policy look like chef server right now? We'll say dude. I don't know anything about you. You have an empty run list. You have no policy, but now you're registered with me So that's all good So with that we've basically set up all of the components that we need to get our baseline Drupal local development out. We've got a local virtual machine. That's running. We've got our git repository We've got our chef server set up. We've got chef installed on our workstation. Everybody's talking to one another now It's time to get into the real meat So now we need to write some cookbooks. How are we actually going to manage this infrastructure? What does our policy look like? Well, we have a couple of options we can go to the community site community dot ops go calm and download some cookbooks We're going to write one of our own cookbooks And then we're going to take all of these cookbooks that we've written or downloaded and upload them to the chef server So that's kind of our next three steps that we're going to do So on the community site at community dot ops go calm you can go there right now and find over 950 cookbooks these cookbooks cover all kinds of different things that you will want to configure in your infrastructure and Since there are 950 all kinds of things that you will never want anywhere near your infrastructure But you know, there's a nice overlap. We'll find the ones that you want So these are database cookbooks process management programming languages everything that you could possibly want The cool thing about these cookbooks in the community site is that it allows CIS admins and systems engineers and developers who have been working with these tools for years and years to sort of codify that tribal knowledge and put that into a cookbook that you can then share with other folks So I don't really know anything about installing post fix But I can go to the community site and grab a cookbook that will do that for me and will manage it for me I can learn a lot about the management of post fix by looking at that and gain Wisdom from others within this tribe They're also great for reference just for that same purpose You may decide that you don't actually want to use the cookbook off of the community site But it's a great guide to help you write your own cookbook also All right, so we are going to download a bunch of cookbooks off of the community site That's all happening in the background now. So Let's also write one of our own cookbooks We're gonna write a cookbook called awesome site because of course every site we build is awesome Which actually makes it a really bad name because every site we build is awesome. So which one is this? So anyhow, we're gonna do a knife cookbook create awesome site This is going to create a directory structure for me that has everything that belongs in a cookbook One of those things one of the files it will create is a recipe a Recipe file for us now our recipes are the programs that we write As I mentioned earlier, these are modular So the first thing that we're going to do is actually include another recipe in our recipe and the recipe that we're going to include Is called Drupal that is a cookbook that we're downloading off of the community site And then within our recipe, we're going to create a new web application We're going to name it Drupal. It's gonna have a template and we're going to specify the doc root the server name and some server aliases Now I've highlighted a couple of things here because they're kind of funky this doc root node Drupal dir, what is that and the server aliases node FQDN? What what is all of this stuff? Well, the cool thing about this is that it is data And with chef it allows you to separate your data from your policy So our policy states that our document our web server should have a document root But the actual location of that document root is data and it's separated out from the recipe Same thing with our Apache server alias It should be the fully qualified domain name of this server and maybe a couple of other things But either way it's separated out from the recipe the nice thing about this separation is that it allows us to change things in different Environments it allows us to model our infrastructure in a much more reusable way so we can reuse these recipes over and over again So where does that data come from there are a bunch of places that chef allows you to pull this data from You can pull this data from attributes from these things that we call data bags Which have a cousin called encrypted data bags, and then you can also pull them from search So let's just dig into each one of those we'll look at attributes data bags and then search So what are attributes attributes specify details about a node? They're defined in a number of different ways or a number of different places You can define them or they're defined as the state of the node You can define them in your cookbooks and then in other things that I haven't really mentioned yet called roles and environments so within Within chef we have this tool called oh hi Which admittedly is not following with our kitchen metaphor, but is a super cute name you have to admit that right? So oh hi has this super cute name, and it's super awesome If you have chef installed locally right now, and you run oh hi at a command line You will see that it spits back a JSON document full of all kinds of details about your system Details like what operating system are you running? How much RAM do you have available on the machine? So all of these facts that you can get about your machine This is super important because you can use this in your recipes to help drive your policy This is data that can drive policy and then we can also specify attributes in our cookbooks our roles in our Environments these all are different places of which we can set attribute data now There's these provide an extremely flexible mechanism for configuration It's flexible because you have the ability to override things at various levels throughout your infrastructure So for example in our cookbook, I might say that I want my default Drupal modules to be views and web form That's my default, but then I can have an environment Maybe it's my development environment where I want to test out a new module if I add or change the default attributes To Drupal modules views web form and token That new module will be installed in my development environment But won't be installed in my production environment yet not till I introduce it there But I don't need to change my recipe at all. I just rerun chef client and that module will be installed So this is a great illustration of how you can separate the data The data here are the list of modules that we want installed We have a function or a recipe code that will install any modules that we've specified Okay So that's how we get our attribute data. So we looked at ohai, which is our system data the state of the node We've got attribute data from cookbooks and so forth and then we have data bags Data bags are global bits of data stored as JSON that we can use anywhere in our infrastructure So it doesn't matter or say if this server is in production or staging or test or development I want to log into it because I'm Nathan and I'm like the admin dude And so I can put my user information into a data bag and then I can have a recipe That will go and search the users data bag find all of the users in my Organization and create users for them on the system The cool thing about data bags is that I can also encrypt those data bags So a data bag you might use to store say the admins username and password for your site or for your database Well, you are using source code repository, but you don't want to check in the password in the clear So you can actually encrypt your data bags and then check in the encrypted value of that password into your source code repository and then you You know have some better assurance that you know someone looking at your source code repository Can't actually figure out what that password is Assuming of course you can check in your key that decrypts it into your source code repository because that would be well All right, so we can get data from data bags We can also get data from search same thing that we saw earlier. This is in fact It's the same code just without all the highlighting so we can search our infrastructure and say hey What are the application servers that should be behind the load balancer or maybe you're one of the Application servers and you need to point to the database server, but I don't have to specify in advance What is the database server? I don't have to like give it a special name like this is dbo one dot broad dot food calm I don't care what it's named. I can just ask the chef server Who is the primary database server in this environment and I'll write that into my database connection string Okay, so we've written some cookbooks we've downloaded some from the community site We got a little introduction to attribute data and sort of how we can abstract that out from our policy So now we need to upload those cookbooks to our chef server So we're gonna use knife to do so knife is the command line tool that you will use to interact with chef and your Infrastructure from your workstation. So we do this knife cookbook upload dash a and you guys are such chef experts now I bet you can tell me what the dash a means Yes, all all right, see you guys are rocking it All right, so we've got our infrastructure ready to go all of our bits are right where they need to be We've written our policy our cookbooks on our workstation. We've published them up to our our server We've got a virtual machine ready to go. We're just missing one thing How do we tie the virtual machine to those cookbooks to that policy that we've written? The way that we do that is through what we call a run list A run list is the ordered list of roles or recipes that should be run on a node or applied to the node So the run list really represents the policy for your server So when the chef client executes the chef client runs on the nodes on the servers that you're managing It will wake up. It will ask the chef server. Hey, what does my policy look like give me my run list The chef server will send that run list down to the chef client and then the chef client will take whatever action is necessary To bring that node that server into compliance with that policy Now whatever action is necessary. Maybe Takes no action because it's already in line with policy or it maybe it hasn't done anything yet So it has to do a whole lot of stuff or maybe it's just a small change anywhere in between So here's what our run list might look like we might have a database server and we might have a web server And so when the chef client wakes up on each one of those it'll say hey What does my run list look like and for the web server? It's gonna say yeah, you need NTP open SSH You need Apache and you need Drupal go and make sure that you have all of these things and that they're configured properly And then on the database server you need NTP open SSH and you need my sequel or my SQL Chef doesn't really care how you pronounce it actually as long as you spell it properly. It's good So these policies will come down to the nodes the nodes will inspect themselves in relation to the policy and make sure that They are in line with that policy So we will specify that run list in our vagrant file By going into the vagrant file and in the provision block we can just do a chef dot ad recipe awesome site So we created our awesome site recipe. I specify that run list there on the vagrant file I run vagrant provision and now I can go to my local host on port 8080 and Drupal is there so I had nothing before I had just a blank VM I run vagrant provision and now I've got Drupal installed for me with all of the modules that I specified and so forth So now I have a local development environment that I can use I've got Drupal running on Ubuntu Which is what I'm going to deploy to eventually when I get to production. So this is great. What are my next steps? Well, I can share this vagrant file with other people on my team. So now We hired a new developer. I give her a vagrant file and access to the appropriate things She can go to her command line and run vagrant up and she's got the VM that's configured Exactly the same way that my VM was configured We no longer get into this place or this state where the sysadmin like logs in and makes a little tweak Makes a little fix solves a little problem on the server that no one remembers and it gets forgotten about because that's now all in our source code repository So we've got this vagrant file. We've got a local development environment. We work on this Drupal machine We're happy with it. We're ready to get it into production So now we're ready for our production deploy in my example I'm going to use Amazon's EC2 for initial deploy, but we could really deploy this anywhere you want So maybe you have your own data center or colo space at a data center or you like rack space over EC2 or line Out or whomever doesn't matter. We have the ability to deploy there The cool thing is that we will use the same cookbooks as we built in our development environment to deploy to EC2 So without changing any of our code, we just go drop down to the command line and run this command so knife is Has a plug-in for EC2 What this plug-in allows us to do is awesome things like launch instances off on EC2 So I run this command knife EC2 server create I'm going to pass it a run list So I want you to create a server. It should have the awesome site recipe applied to it I want it to be an M1 medium the AMI that I want you to use is this and I want the node name to be EC2 Drupal or whatever you like. I hit enter and here's what happens Knife will contact EC2 and say hey, I need a new instance of this AMI That instance will be launched knife will then SSH into that machine and install chef on that machine for you using the same installer that I just showed you earlier So it's going to install Ruby for you install chef. It will then run the chef client So it will check in with the chef server It'll say hey in this case because we're just launching that server. It's going to say hey chef server. I'm new It's great to meet you my policy my run list is awesome site I want you to know that I want you to give me whatever I need for that So the chef server will send out all of those cookbooks. They all come down to that node It executes through them and bam. We now have Drupal running and configured the exact same way as it was in development It's configured that exact same way in production So we are now at the state where we have a local virtual machine for development running Drupal and a production instance on EC2 and these two were configured Identically and now if I need to make a change I can make a change in one place I can promote that change push it up to my chef server and each one of these environments can change as appropriate So that's great We got like this initial Drupal install done, but really chef is more than about just provisioning It's really about allowing you to manage your code manage your infrastructure over time Right, so think back to the beginning where we had all those nodes popping up So what might we do next we might move the database off to another server add a load balance or add some monitoring Something like that tons of things that we can do and now we can start to iteratively improve and continuously improve Our infrastructure much the same way that you would in application So a little bit more about chef Chef is this super awesome framework But outside of that there is this huge ecosystem that's built up around chef and that ecosystem Involves this amazing community that is continually building awesome tools for chef and really Expanding the scope of chef and what the things that you can do with chef Recently some of the biggest things that have come out of the community have been pretty dramatic Advances in the way that you can test your infrastructure code How many of you have done TDD before a test-driven development or heard of it a couple of you You can do the same now with your infrastructure code in large part because of community contributions to the chef ecosystem we can actually write Follow a TDD process as we build our infrastructure code So the community is super awesome Chef of course is open source and I'd love to have you commit to chef right come help us make chef even better It's Apache to software license We have over 1400 individuals and over 200 companies right now that are contributors to chef These are where we have our development repositories on github at ops code and then ops code dash cookbooks The cool thing one of the cool things that we do the thing that I think is super awesome When we get a patch from a community member We host regular Google hangouts probably two or three a week where the ops code engineering team will get into a Google hangout We stream it to YouTube and invite anyone who wants into that hangout And we will do code review on each one of the tickets that are up for review each one of those submissions that have come in It's a great way to manage the open source contributions as a contributor You can be in that hangout and know exactly what the feedback is that our engineering team is giving on your pull requests And maybe during that hangout, there's a minor change you want to make get it done and it gets submitted fixed is Accepted it's super awesome If you're brand new to chef or are looking for a better way to manage your open source project I definitely recommend Google Hangouts All right, so getting started on your own. Where do you go a? Great place to start is learn chef calm This site is really geared towards Helping you get chef up and running on your local workstation with vagrant as quickly as possible You can basically spend a lunch break maybe a little bit longer Maybe a little bit less depending on how long your lunch break is and how hungry you were that day For knowledge of course You get chef up and running and then there's the doc site docs.opscode.com and then lists.opscode.com Of course, we're also on IRC all the time super helpful super friendly room. It's pound chef on free note All right We are doing pretty good on time So we will have time for questions, but I want to wrap up and give you a special offer unique for you so You really really need to seriously consider Actually, you probably just need to move to a place where you are managing your infrastructure as code the benefits You will realize or tremendous and include each one of the things here on the list One of the things on the list though I'm not going to read you the list, but I do want to highlight the last bullet on the list When you start managing your infrastructure as code, you will be happy This is admins and the people that today manage your infrastructure. They are not happy They might think they're happy But get them using chef and they will understand or get it doesn't even need to be chef Frankly, get them managing their infrastructure as code start managing your infrastructure as code You will be so happy gone are the days of Handcrafted servers We are not Etsy. We are running businesses. We are professionals That's not to say that the people that handcraft things and sell them on Etsy aren't professionals But it's not how we should be building our infrastructure. It's not how it should run We really need to look at automation You will wake up one day if you're not using chef yet or managing your infrastructure as code One day you will wake up and realize that the way that I make a change is by a get commit And that is super powerful You will never look back and you will well you will look back and you'll be like man It's like those days when I didn't use any version control and I was cp'ing food a food dot old Bad times, but this will really make you happy I'd also like to Send out a couple of thanks couple of shout outs here Promat source actually they gave a talk yesterday about chef and how they're using chef in their Organization, so if you don't know prom at you should check out their booth if the exhibit halls still open If not a couple of the guys are here and maybe even Michelle is still here But Promat is a Drupal shop and they use chef and it's awesome And in fact will who gave a talk who was one of the presenters yesterday wrote a Drupal cookbook and Since we all love to curl stuff to bash because that's how we roll if you go and curl this bit.ly URL And pipe it to bash because what harm could that do and then and then do a vagrant up trust me It's gonna be fine right and then do a vagrant up guess what you get a Drupal environment running in virtual box Managed by vagrant managed by chef boom one command line and you're done. It's awesome Yes, and then Marius also who wrote the Drupal cookbook that's currently on the community site And whose code I've used all of this code. It's good times And now for the special offer So if after I don't know how many days of Drupal con your head is not full of new knowledge And you're interested in joining me on a road trip down to OSU You can spend eight hours with me tomorrow talking about nothing but chef we'll do hands-on It's a free intro workshop It's free if you register by nine o'clock tonight and you register at this URL Half of what I just said is true the part about it being free is totally true. You also have to register by nine But it's not just for Drupal con attendees. It's free for anyone So you can tell your friends tell your sis admin that didn't get to come to the conference Who's sitting at home and is all bummed out like man? You got to go to Drupal con I just sit home and manage Nagyos alerts and say dude Let's solve that go get some chef training all all handle the pager for you today Thank you That's that's my presentation All right, so we've got about 14 minutes for questions and You guys know the drill Okay, so here we go I have two questions. The first is I have written Probably about one and a half lines of Ruby in my life awesome And I'm wondering how much Ruby I need to know to get started with chef Okay, so that's a great question. How much Ruby do you need to know get started with chef? The first question I have to you is I shared some code. Could you kind of follow along? I've looked into chef and that's why I started learning Ruby Probably written about one and a half lines of Ruby cool So on the docs page on docs.opsco.com. There's a link that's called just enough Ruby for chef Totally check that out and also at the bottom of that There are links to other places where you can go to learn a lot more Ruby than you need for chef The short answer is you don't really need to know Ruby to get started with chef But as you start to really dig into chef and really start to you know kind of stretch outside of the balance of say Community cookbook and you're going to need you're gonna want to learn some Ruby, right? Okay, and the second question is I went to a bop yesterday on vacant and virtualization If anybody was at the bop that's here. I might want to connect with you briefly but anyways one of the questions that sort of Came up quite a number of times especially with the people who haven't worked as much with it There's people who knew a bit more is like the provisioner that works inside of vagrant Yeah, should you use chef or should you use puppet? Yes? The general consensus seemed to be flip a coin Right, and I was wondering if you see maybe in the future maybe some convergence of those two projects because they seem to be geared at the same kind of solution Right, but they're like ones over here and ones over there, and they're totally different Yeah, and so they sort of have a history also I don't want to bore you with history lesson, but like puppet was first and then there was chef and before puppet there was CF engine and so actually a Very big CF engine user slash consultant was like I'm kind of tired of CF engine I'm gonna go start this other thing called puppet for his reasons and then there was a puppet guy who was doing the same thing And was like yeah, I'm done with puppet. I'm gonna go start chef, right? So they've all kind of Sort of standing on each other's shoulders if you will and they definitely have different approaches But at the end of the day they solve essentially the same problem. I think that you need to Really kind of sort out. Where do you want to go with managing infrastructure as code and then? Looking at your end goal Which of the tools is going to work best for you and your team to get you from where you are today? To there so the short answer is yeah, man full of a coin Do you think do you think puppet and chef like? Unify somehow in the future. Do you is that possible? I would I? Would like I Don't know what's bigger than surprised if that happened, right? So I would be beyond that Right. Yeah, that's not going to happen. Okay. Thank you. You bet. Thank you, right? That's not gonna happen, right? I Submissions to the community cookbooks Is there one true cookbook on the community and if you want something different build your own or are there more than one way to do it? Yes, so it's a great question So let me tell you about the community site It's super awesome because anyone can upload a cookbook and let me tell you about the community site It's really terrible because anyone can upload a cookbook, right? And so what this leads to is varying quality of the cookbooks that you find there Here's the thing right so You really I Mean this this is true for so many things cookbooks not the least of which You should never go to a website and download a package that is going to do something on your system and run it in your system Especially not your production system before you understand what that thing is actually going to do, right? And I think that potentially cookbooks like fall into the like super cautious area because now I'm managing my infrastructure And I certainly don't want to just run that in production willy-nilly. What's gonna happen, right? It's running as roots. Yeah, it'll be fine. I'm sure Yeah, so There is So your question though was duplicates Submissions is there a one true cookbook because this cookbook is at slash Drupal does that mean that is the blessed Drupal cookbook. It does not mean that at all. It means that that is the one that got the slash Drupal namespace first Sometimes that means yeah, the community totally agrees that that's the right one But sometimes it's like now there's actually this one over on github that you should use It's a challenge that we face as a community. It's kind of a I Don't know in some ways. It's a nice challenge to have right because there's so many great cookbooks And there there is it with every one of these things many many different ways to do that thing Right and some cookbooks are built for like super flexibility So like an ops code professional consultant can go in and say like yeah, man You can use this cookbook at this site this site this site and I just tweak some knobs and it works perfectly for you Maybe you don't need that flexibility in your infrastructure. You want something that's a little bit simpler Yeah Would not trust that rating system. Okay. In fact, it should absolutely go away So if you if you look anywhere near at the numbers right in addition to the five-star rating system I'll show you the number of downloads if you look at like the top downloaded cookbook Which is I think the my sequel cookbook or the Apache cookbook It's got like in the tens of thousands of downloads and like a hundred ratings. So yeah Don't do not trust those stars at all described Setting up a local virtual machine using the triple recipe and yes in there you You specify the modules that you want on your triple site Which makes sense for setting up a new site And then you kind of set it up in production what I'm wondering is typically in a production environment You're not going to be Initializing a new Drupal site you'll be putting like you want you to check out your code from your code repository to the So is that is that done? Is that done slightly differently than with a different kind of recipe or is that? What would you not use the Drupal recipe actually in your live environment because you don't really want to initialize a new Right so what the the Drupal recipe that I have will do is get Drupal installed for you unless it's already installed Now we have other resources in fact There's a resource called the deploy resource with the deploy resource That's likely what you would use with a Drupal application. You can essentially say This is where I want my application files to go and this is the repository that you should pull them from and then one of the Bits of data there that you can specify is the revision that you want So you could do something like in your environment file set a data attribute that says the revision is The production branch or this Shaw and then I can easily and continually You know just update that data and then every time the chef client runs it will just suck down the latest You know or whatever that revision is that I'm now pointing at it will pull that down for you So this this is admittedly like the simple will show you a couple of PowerPoint slides in an hour and It's magic and actually it's just PowerPoint slides. You have to trust me, right? But it is it's awesome. It's not magic. It is awesome not magic So when it comes to actually deploying your application, you're going to do a little bit more In your cookbooks and your recipes. Yeah, okay. Thank you sure. Can you specify in cookbooks? if you want something compiled a certain way and adding Modules or extensions the PHP for instance or something like that Absolutely, so basically anything that you would do at the command line you can absolutely do within chef and of course you Don't have to do it with the command line and you have this abstraction layer on top of that So one of the things that this recipe that I did It installed not only PHP on this machine for me But all the extensions that were required to get Drupal up and running and let's say had another module that had another Extension that was required. I could have in my recipe. Oh, yeah We need to include this other PHP module or this pair package or whatever. Yeah, great. Thank you. You bet Thanks I'm wondering if chef can sort of learn about the current development system You're on if you like it and it's going well and like sort of use it as a clone to push out new There was a command that showed like the resources of it and stuff is there one that will kind of say I want to get My current PHP config and my sequel everything I need for people Kind of reverse engineer what I have right time Yeah, so there there's nothing in chef that will like say go inspect the system and turn this Unmanaged system into a set of cookbooks that I can then go and manage a system with that. I think that's kind of what you're after Right. Yeah, that's exactly what you're after right. That's beautiful. There's there's a gem I think it's called blueprints that will that Claims to do that for you and it can it's it's like I don't care. I'll give you cookbooks or I'll give you puppet modules Either one you want But they'll both be pretty crappy in terms of like is this a good sane cookbook that you would actually want to deploy So I would I would say the short answer is Yeah So when you're updating configuration is there a way to for example In dribble they've got maintenance mode when you're you know upgrading your codes or something that sure to be able to set that Do the upgrade and then essentially on set that is there Absolutely, so when using the deploy resource it has It's either the deploy resource or the application PHP cookbook will have these hooks So you can do things like before the code update happens and then after the code update happens So you could say before code update happens Write out this template file and that's gonna be like your site disable thing your maintenance mode page And then do all your code updates and then after that's done turn it back on or remove that file or whatever Yep, great. Thanks. You bet. Thank you all for coming out I'll be around for a while and then I think we have like a half an hour before the like closing session I have stickers and business cards up here. Thanks again for coming out