Chef simplicity with Vagrant driving Docker

In this post, I describe how to set up a Chef Server and talk about making infrastructure easy by building service applications into Docker containers, and how Vagrant can help.

At the time we decided to use Chef, we were investigating the effectiveness of containerised infrastructure using docker and thus, we were also looking into the less-well-solved issues like cluster management, logging and container standardisation.

The decision was to use Vagrant as a thin management tool to look after the start/stop/reload of the containers, and then use the “most official”, and most commonly used, Docker images available at the time.

In the case of Chef Server, this meant using 3ofcoins/chef-server:12.0.0, as can be seen in the vagrantfile below. Of course, the reasoning behind using Vagrant follows on from one of the platform team’s unwritten rules: Source control everything. With Vagrant we can codify the parameters passed into docker and all the related environment variables and set-up parameters.

# -*- mode: ruby -*-
# vi: set ft=ruby :
# socket is needed so we can dynamically get the hosts' hostname at container creation time

require 'socket'
Vagrant.require_version ">= 1.5"
# this vagrant file roughly corresponds to the following docker run command
# docker run 3ofcoins/chef-server:12.0.0 -p 80:80 -p 443:443 -e PUBLIC_URL=https://#{Socket.gethostname}.example.com/ -e OC_ID_ADMINISTRATORS=ross --privileged -v ["#{Dir.pwd}/var/opt/opscode:/var/opt/opscode","#{Dir.pwd}/etc/opscode:/etc/opscode"]

Vagrant.configure(2) do |config|
	config.vm.define "chef-server" do |c|
		c.vm.provider "docker" do |d|
			d.name = "chef-server"
			d.image = "3ofcoins/chef-server:12.0.0"
			d.ports = [
				"80:80",
				"443:443"
			]

			d.create_args = [
				"-e","PUBLIC_URL=https://#{Socket.gethostname}.example.com/",
				"-e","OC_ID_ADMINISTRATORS=ross",
				"--privileged"
			]

			# mount logs, config, etc into the current directory
			d.volumes = [
				"#{Dir.pwd}/var/opt/opscode:/var/opt/opscode",
				"#{Dir.pwd}/etc/opscode:/etc/opscode"
			]

		end
	end
end

A simple vagrant up, and about 10 minutes later we’ve got a chef server to work with. Logs and all relevant data are stored in the current working directory of the Vagrantfile. These are mounted into the Chef Server container using docker volumes.

Unfortunately, the story doesn’t end there.

A chef server needs an organisation, a user, and various authentication keys before you can consider it good-to-go! So let’s look at that part.

# make sure to mkdir keys in the directory this file lives in BEFORE creating the users and groups.
mkdir keys
# NOTE: password must be 6 characters or more

# we use 'docker exec chef-server' to call into the docker container running chef-server to set up these users, orgs, and auth

# docker exec chef-server chef-server-ctl user-create   <admin_email@adress.ie> <6+characterPassword> --filename /vagrant/keys/.pem
docker exec chef-server chef-server-ctl user-create wrossmckuser Ross McKinley ross.mckinley@example.com rossPassword --filename /vagrant/keys/ross.pem

# and now create an org for that user to manage
docker exec chef-server chef-server-ctl org-create wrossmck Ross McKinley Organisation --association_user wrossmckuser --filename /vagrant/keys/wrossmck-validator.pem

At this point, you’ve got chef running inside a container on your system; you’ve got a Chef organisation, a Chef user and the relevant auth keys; you’re ready to upload some cookbooks! You now need to set up a Chef Workstation. The easiest way to do this is to use my vagrant box, or install ChefDK directly. Remember, the Chef Workstation needs to use the authentication keys generated earlier, so you’ll need to copy them over from the chef server to the workstation.

Now just make a directory for your cookbooks, attributes, and chef-related goodness, as per the chef guide. A ‘knife ssl check’ will let you know that everything is authenticated and talking together. For further sanity, a ‘knife node list‘ will interrogate your chef server for some information about what minions it knows about.

All done!

mindblown

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s