Post on 17-May-2015
description
transcript
Special of the Day Cookin’ up hybrid clouds with Chef and the Accenture Cloud Platform Tom Myers April 26, 2013 Accenture is using Private Chef as the management control point for our newly launched Accenture Cloud Platform.
Copyright © 2013 Accenture All rights reserved. 2
Accenture Cloud Platform Global footprint Multiple service providers Migrating from traditional tools to cloud native
Accenture Cloud Platform Ecosystem
Hybrid Environment • Accenture’s Common Hosting Platform • Broad Collection of IaaS Providers - Azure, AWS, OpSource, Terremark…
Geographical Requirements • Operating Environment across five continents • Soon to be six (how soon will we need Antarctica?) • Latency
Transition • From Traditional Tools • To Cloud-native tools
Balance • Platform Agility vs Customer Stability
Provisioning
Traditional Hardened
Environment
Public/Private IaaS Cloud
On-premise and co-lo “clouds”
Accenture Cloud Platform Ecosystem
Remote Chef Proxy • nginx extended to each provider • Near file storage • Answers several concerns…
Internet Access • Client requirements my forbid • VPN required
Reduced Cost • File transfer • Cache
Balance • Platform Agility vs Customer Stability
Environments
Production
Test
Public/Private IaaS Cloud
On-premise and co-lo “clouds”
Demo
• VMs – Private Chef A (PROD) – Private Chef B (TEST) – Node One (VM who has been recently provisioned)
• Data Bag Example Usage: • Add Local IP (role) • Query status data bag
• Environments – Transfer (role) from PROD to TEST – Rename (data bag) and Transfer (role) back to PROD
Role[bootstrap] Default include_recipe "bootstrap::_create_reports_item"
include_recipe "hosts"
include_recipe "chef-client::config"
include_recipe "chef-client::service"
if node.run_list.include?('role[migrate-chef-server]')
include_recipe "bootstrap::migrate_chef_server"
else
include_recipe "bootstrap::core"
end
include_recipe "clone::cleanup_stash"
asgard_report "bootstrap" do
request_type 'bootstrap'
remember true
action :ok
End
Role[bootstrap] Core case node['platform_family']
when "windows"
include_recipe "bootstrap::windows"
when "rhel"
include_recipe "bootstrap::redhat"
end
include_recipe "bootstrap::options"
include_recipe "manage-users"
include_recipe "manage-networks"
include_recipe "manage-storage"
include_recipe "commands"
Role[bootstrap] Options node['bootstrap']['options'].each do |option|
include_recipe "#{option}::install"
recipe_name = option_enabled?(option) ? 'enable' : 'disable'
include_recipe "#{option}::#{recipe_name}"
End
(Attributes)
default['bootstrap']['options'] = %w(patching zenoss-monitoring)
Data Bags
• Provide common interface for back-end systems – Back-end processing
• Write node-specific data • Assign role to run list (if needed) • Poll Reports data bag for results
– Node processing • Remove node-specific data • Write result to Reports data bag
• Knife plug-in to support operations tasks • Easy clean-up
Change Server Cookbook
Default require 'fileutils'
# Everything runs in compile time. Will preempt any other recipes.
# never run this recipe twice
node.run_list.delete("role[change-server]")
node.run_list << 'role[change-server-done]'
node.save
# timestamp for backup/restore
timestamp = Time.now.strftime("%Y%m%d.%H%M%S")
hosts_file_path = node[:hosts][:config]
node_name = Chef::Config[:node_name]
rename_lists = data_bag('rename_nodes')
rename_lists.each do |list_name|
rename_list = data_bag_item('rename_nodes', list_name).raw_data
node_name = rename[node_name] || node_name
end
Change Server Cookbook
# config parameters
conf_dir = node['chef_client']['conf_dir']
client_rb_path = File.join(conf_dir, 'client.rb')
validation_pem_path = File.join(conf_dir, 'validation.pem')
client_pem_path = File.join(conf_dir, 'client.pem')
attributes_json_path = File.join(conf_dir, 'change-server-attributes.json')
backup(hosts_file_path, timestamp, true)
backup(client_rb_path, timestamp)
backup(validation_pem_path, timestamp)
backup(client_pem_path, timestamp)
delete_hostsfile_entries(node)
create_child_chef_configuration(node, conf_dir, client_rb_path, validation_pem_path, client_pem_path, attributes_json_path)
run_child_chef(node, client_rb_path, attributes_json_path, node_name)
Change Server Cookbook
if File.exists?(client_pem_path)
log_success
node.name(node_name)
reload_chef_client_config(node)
# delete change-server-done from NEW server
node.run_list.delete('role[change-server-done]')
node.save
else
log_failure(client_rb_path, validation_pem_path, attributes_json_path)
restore(hosts_file_path, timestamp)
restore(client_rb_path, timestamp)
restore(validation_pem_path, timestamp)
restore(client_pem_path, timestamp)
# delete change-server-done from OLD server
node.run_list.delete('role[change-server-done]')
node.save
end
Other Interesting Ideas
Side by Side Chef (today) • Allow existing chef-using clients to continue use of open-source chef
without interruption until on-boarding process is available.
Shared Org Cookbooks (coming soon) • Allow organizations to share (read-only) cookbooks, enabling the
inherent separation between orgs while allowing for a shared baseline of cookbooks.
Handlers as Alerts (coming soon) • Use handlers to alert our back-end systems to provide and alternative
to polling mechanisms.
Web Service Knife Wrapper (coming soon) • Consume the ability for knife to bootstrap a newly provisioned server
without requiring any modification to the default provider image via a web service call from our back-end systems.
16 Copyright © 2013 Accenture All rights reserved.
Questions?