Multi Node Cluster
In this session we going to simulate a realistic environment with multiple nodes being managed with Chef Server, similar to most of the real world implementations.
This would include 3 components,
- Chef Workstation (Could be your personal PC/Laptop)
- Chef Server (Hosted or On-Premises )
- Chef Clients ('n' number of machines; could be VM, AWS EC2, etc..)
Setting up Hosted Chef Server Environment
Chef server comes in two flavors * Open Source * Enterprise
Enterprise version of chef has two sub types * Hosted * On Premises
In terms of features, both on prem and hosted versions are the same. The only difference is whether you use the SaaS solution from Chef, or you want to host it in house.
For this workshop, we would be using Hosted Enterprise Chef for the following reasons,
- Ease of setup : hosted version is a breeze to setup and you have a working chef server setup within minutes
- Resource Optimization: On Premises version of chef server takes a lot of resources to setup and use e.g. 4GB of RAM with atleast dual core for getting a decent operational version. Thats too much in most learning lab environments. Hosted version takes zero resources to setup.
Lets learn how to setup our hosted chef account...
Creating an Account
- Now let us create a account in chef.io to manage our own hosted chef server.
- Once account is created, verify and login.
- Now create a organization of your own and then download chef-starter kit.
Setting Up Workstation
- Upload starter kit to the workspace. Its the chef-starter.zip file that you downloaded from chef server.
- Upload the file to workspace and extract it. You should see
chef-repodirectory created after being extracted. - Change into chef-repo directory created as the outcome of above command and validate workstation by running
knife client list
The above command will return the orgname-validator client. If it does,you have successufully validated all of following,
- Workstation software (knife) is installed
- You have required configurations, authentication keys/credentials to talk to Chef Server
- Chef Server is setup and ready
- Workstation is able to communicate with Chef Server. There are no network issues etc.
- Workstaiton is able to authenticate with Chef Server
- Workstation has made the API request and displays the results returned by Chef Server
Moving knife configs to workspace
- Copy
.chefdirectory from chef-repo to workspace.
mv /workspace/chef-repo/.chef /workspace
Alternately you could also create a symbolic link/symlink.
From here on all knife commands work from any subdirectory of /workspace.
Bootstrapping a Managed Node
- Now run
knife client listto get the list of client associated with the hosted chef-server. - In our case we don't have any client as of now, so lets start adding nodes by using
knife bootstrapcommand. - From Workstation we need to bootstrap client.
- In codespaces environment we have pre-built nodes associated with the following IP.
| Node | Name | IP | Port Mapping |
|---|---|---|---|
| node1 | app1 | 177.0.101.10 | 8081:8080 |
| node2 | app2 | 177.0.101.11 | 8082:8080 |
| node3 | app3 | 177.0.101.12 | 8083:8080 |
| node4 | lb | 177.0.101.13 | 8084:8080 |
-
All nodes are accessible using ssh without password.
-
Lets bootstrap node1 using the following command
knife bootstrap node1 --ssh-user devops --sudo -N app1
- Here
-Nis used to define the name of the node that we bootstrap. --ssh-useris used to provide the name of the user in that particular node.- Also using
--sudoto connect is to provide root previlages for running all the command. -
app1is bootstrapped successfully. -
Now check for the available nodes
knife node list
- Check for the existing status and specified runlist for node1(app1)
knife node show app1
Providing configurations to the Node
To provide configurations, you would need to upload the cookbooks to chef server and set the run list.
Before we do so, we also need to updated the path where knife would look in to find the cookbooks.
Edit /workspace/.chef/knife.rb
and update cookbook_path from
cookbook_path ["#{current_dir}/../cookbooks"]
to
cookbook_path ["cookbooks"]
Change into chapter6/sysfoo directory on workstation.
Upload the cookbooks that we created and tested locally earlier.
knife cookbook upload java tomcat
Defining Run List for the Node
knife node show app1
knife node run_list add app1 "recipe[tomcat]"
To apply, login to node1 and run chef-client
ssh devops@node1
sudo chef-client
Managing Chef Client as a Service
Lets now start managing chef-client and its configurations through chef cookbooks. We have a special purpose cookbook by name chef-client which allows us to do so. It will, * decide how to run chef-client, eg. cronjob, service etc. * does support various types of service managers e.g. runit, bluepill, supervisord etc. * manages configurations for chef client .eg. how frequently chef-client runs
Lets upload chef-client cookbook which is already present if you are using the code repository provides.
knife cookbook upload chef-client
Did chef-client cookbook get uploaded successfully? If not, observe the error and try to deduct the root cause.
Berkshelf
Berkshelf is a dependency manager for Chef cookbooks. With it, you can easily depend on community cookbooks and have them safely included in your workflow. You can also ensure that your CI systems reproducibly select the same cookbook versions, and can upload and bundle cookbook dependencies without needing a locally maintained copy. Berkshelf is included in the Chef Development Kit.
- Now look into the downloaded
chef-clientcookbook. - It has
berksfilewhere the dependent cookbook are mentioned. - To run
berkscommand we need to be in the directory where berksfile is located, that isworkspace/sysfoo/cookbooks/chef-client - Now run install and upload command.
cd cookbooks/chef-client
berks install; berks upload
cd ../..
Lets now add chef-client recipe to the runlist of node1.
knife node run_list add app1 "recipe[chef-client]"
To apply this recipe, login to node1 and run chef client as,
ssh devops@node1
sudo chef-client
Providing run list while bootstrapping
For node1, we did the following, * Bootstrapped the node * Defined run list * Logged in to the node and run chef-client
For initial node this was needed as you are learning to apply one concept at a time, and you did not have the cookbooks uploaded on the server. Now that its all ready, you could combine these operations into one by defining the run list, right at the bootstrap time.
Lets bootstrap node2 this time with tomcat and java configs
knife bootstrap node2 -x devops --sudo -N app2 -r "recipe[tomcat],recipe[chef-client]"
--run-listis used to specify run-list and by applying recipes to the node at the time of bootstrap.- Now verify by visiting host ip with port mapping of 8080 to 8081 for node1 http://ip:8081 and port mapping of 8080 to 8082 for node2 http://ip:8082, where the tomcat application is installed and service is up and running.