Training Opscode Chef

32
Leonardo Martins [email protected]

Transcript of Training Opscode Chef

Page 1: Training Opscode  Chef

Leonardo [email protected]

Page 2: Training Opscode  Chef

Menu do dia Conhecendo o Chef. O que faz o Chef ? Conceitos da infra-estrutura. Conceitos do Chef. Mão na massa.

Leonardo Martins - [email protected]

Page 3: Training Opscode  Chef

Conhecendo o Chef Gerenciador de configuração. Infraestrutura como código. Manter o parque homogênio e atualizado.

Leonardo Martins - [email protected]

Page 4: Training Opscode  Chef

Conhecendo o Chef

Leonardo Martins - [email protected]

Page 5: Training Opscode  Chef

Conhecendo o Chef

CHEF - Server

Leonardo Martins - [email protected]

Page 6: Training Opscode  Chef

Quais são os pratos? Criar arquivos e diretórios. Manipula conteúdo de arquivos. Criar usuários e grupos. Muda a permissão de arquivos e diretórios. Instala e remove pacotes. Cron Mount Link simbólico

Leonardo Martins - [email protected]

Page 7: Training Opscode  Chef

Quais são os pratos? Criar arquivos e diretórios. Manipula conteúdo de arquivos.!!!!file '/tmp/bacon' do!content 'bacon is delicious!'!end!!directory '/opt/my/deep/directory' do!owner 'root'!group 'root'!mode '0644'!recursive true!end!

!!

Leonardo Martins - [email protected]

Page 8: Training Opscode  Chef

Quais são os pratos? Criar usuários e grupos. Muda a permissão de arquivos e diretórios.

user 'bacon'!group ‘bacon' !! template ‘/opt/blacklist/blacklist' do! source ‘my_blacklist.conf.erb'! owner 'root'! group 'root'! mode '0644'! end!!

Leonardo Martins - [email protected]

Page 9: Training Opscode  Chef

Quais são os pratos?

!!!!package ‘apache2'!package ‘nginx'!!cron 'weekly_restart' do!weekday '1'!minute '0'!hour '0'!command 'sudo reboot'!end!!execute 'write status' do!command 'echo "delicious" > /tmp/bacon'!end!

Instala e remove pacotes. Crontab Executa shell script

Leonardo Martins - [email protected]

Page 10: Training Opscode  Chef

Temperos mais forte! Roda comandos em ‘batch’ Faz pesquisa baseada em nome,role, OS.

Leonardo Martins - [email protected]

Page 11: Training Opscode  Chef

Conceitos da infra do Chef

Cookbook

Atributos Receitas Templates Bibliotecas Arquivos

CHEF - Server

Leonardo Martins - [email protected]

Page 12: Training Opscode  Chef

Mão na massa

Leonardo Martins - [email protected]

Page 13: Training Opscode  Chef

chef-apply receita.rb --log_level info!chef-client

Mão na massa

Amigos para sempre!!! BFF!!!https://docs.chef.io/chef/resources.html!https://www.youtube.com/user/Opscode

Leonardo Martins - [email protected]

Page 14: Training Opscode  Chef

file "/tmp/hello.txt" do!! content 'Welcome to Chef'!end!

file "/tmp/hello.txt" do!! content 'Welcome to Chef’!! mode "0644"!! owner "root"!! group "root"!! action :create /// action :delete!end

%w{/tmp/hello.txt /tmp/hello_world.txt /tmp/world_of_warcraft.txt}.each do |files|!! file “#{files}“ do!! ! content 'Welcome to Chef’!! ! mode “0644"!! ! owner “root”!! ! group “root”!! ! action :create!! end!end

Mão na massa

Leonardo Martins - [email protected]

Page 15: Training Opscode  Chef

directory “/tmp/foo" do! mode '0755'! action :create!end

Mão na massa

directory “/tmp/foo/bar/brazil" do! mode '0755'! action :create!end

Leonardo Martins - [email protected]

Page 16: Training Opscode  Chef

directory “/tmp/foo" do! mode '0755'! action :create!end

Mão na massa

directory “/tmp/foo/bar/brazil" do! mode '0755'! action :create!end

directory “/tmp/foo/bar/brazil" do! mode '0755'! action :create! recursive true!end

directory “/tmp/foo/bar/brazil" do! mode '0755'! action :create! owner "root"! group "root"! recursive true!end

Leonardo Martins - [email protected]

Page 17: Training Opscode  Chef

- Criar os diretórios /var/log/wm-security-{1,2,3}/logs-dump/ Permissões - 0644 !

- Criar um arquivo /var/log/wm-security-3/logs-dump/wm-test.txt !

Permissões - 0600 Escrever dentro do arquivo “TOP SECRET”

Mão na massa

Leonardo Martins - [email protected]

Page 18: Training Opscode  Chef

package "nginx"!package "vim"!package “telnet" !!package “nginx” do!! action :install!! not_if "rpm -q nginx“ !end!!package “squid” do!! action :install!! version “3.1.10-29.el6“!! not_if "rpm -q squid“ !end!!service "nginx" do!! action [ :enable, :start ]!end!

Mão na massa

Leonardo Martins - [email protected]

Page 19: Training Opscode  Chef

package "vim"!package “telnet" !!package “nginx” do!! action :install!! not_if "rpm -q nginx“ !end!!package “squid” do!! action :install!! version “3.1.10-29.el6“!! not_if "rpm -q squid“ !end!!service "nginx" do!! action [ :enable, :start ]!end!!file "/usr/share/nginx/html/index.html" do!! content ‘NGINX de SEC '!! mode "0644"!! owner "root"!! group "root"!! action :create !end!

Mão na massa

Leonardo Martins - [email protected]

Page 20: Training Opscode  Chef

Mão na massacron “Sar_monitor" do!! minute "*/5”!! hour "*”! command “sar -u 1 3 >>/tmp/sar_log“!end

Leonardo Martins - [email protected]

Page 21: Training Opscode  Chef

user "bacon" do! supports :manage_home => true! comment "Random User"! uid 1234! gid "users"! home "/home/bacon"! shell "/bin/bash"! password "$1$JJJJJJJJJJJJJs."!end!!!

$ echo "your_password"|openssl passwd -1 -stdin!!

Mão na massa

Leonardo Martins - [email protected]

Page 22: Training Opscode  Chef

user "bacon"!!!!group “bacon"!!

Mão na massa

Leonardo Martins - [email protected]

Page 23: Training Opscode  Chef

user "bacon" do! supports :manage_home => true! comment "Random User"! uid 1234! gid "users"! home "/home/bacon"! shell "/bin/bash"! password "$1$JJJJJJJJJJJJJs."!end!!!group "bacon" do! action :modify! members "zabbix"! append true!end!

Mão na massa

$ echo "your_password"|openssl passwd -1 -stdin!!

Leonardo Martins - [email protected]

Page 24: Training Opscode  Chef

- Instalar o httpd - Garantir que o httpd sempre esteja rodando - Trocar o conteúdo do /var/www/html/index.html

- Criar o usuário spiderman, colocar uma senha. - Criar o grupo marvel - Colocar spiderman no grupo marvel - Cron para monitorar o uso do disco (a cada 5 min.)

Mão na massa

Leonardo Martins - [email protected]

Page 25: Training Opscode  Chef

Café?!

Leonardo Martins - [email protected]

Page 26: Training Opscode  Chef

Cookbook

Atributos Receitas Templates Bibliotecas Arquivos

Mão na massa

Leonardo Martins - [email protected]

Page 27: Training Opscode  Chef

Mão na massaknife cookbook create wm-lml-chefclass!

Leonardo Martins - [email protected]

Page 28: Training Opscode  Chef

file "/tmp/hello.txt" do!! content 'Welcome to Chef’!! mode "0644"!! owner "root"!! group "root"!! action :create!end

Mão na massa

template "/tmp/hello.txt" do!! source ‘hello.txt.erb’!! mode "0644"!! owner "root"!! group "root"!end

Leonardo Martins - [email protected]

Page 29: Training Opscode  Chef

Mão na massatemplate "/tmp/hello.txt" do!! source ‘hello.txt.erb’!! mode "0644"!! owner "root"!! group "root"!! variable({! :msg => node[‘wm-lml-chefclass‘]['msg'],! })!end

>>hello.txt.erb!!Olá <%= @msg %>, tudo bem?!!<%= node["hostname"] %>!

>>/attributes/default.rb!!default [:wm_lml_chefclass][:msg]= "mundo"

Leonardo Martins - [email protected]

Page 30: Training Opscode  Chef

Mão na massa

template “/etc/nginx/conf.d/chef_vh.conf” do! variables({! :vhost_name => node[‘wm-lml-chefclass‘]['vhost'],! })! owner "root"! mode "0640"! source “chef_vh.conf.erb”! notifies :restart, 'service[nginx]', :delayed!end

server {! listen 80;! server_name <%= @vhost_name %>;!! location / {! root /usr/share/nginx/html;! index index.html index.htm;! }!!}

>>/attributes/default.rb!!default [:wm_lml_chefclass][:vhost]= "chef-class.qa.domain.intra"

Leonardo Martins - [email protected]

Page 31: Training Opscode  Chef

+10% https://learn.chef.io/ http://docs.chef.io/chef/resources.html http://docs.chef.io/

Leonardo Martins - [email protected]

Page 32: Training Opscode  Chef

Obrigado!!