vBACD - Introduction to Opscode Chef - 2/29
Download as PPT, PDF4 likes1,480 views
The document discusses automating cloud deployments using Chef, emphasizing its ability to manage configurations and resources programmatically. It covers how Chef transforms infrastructure into code, allowing for efficient provisioning and management of cloud resources across various platforms. Additionally, it highlights the importance of Chef in reducing complexity and automating configurations in evolving infrastructures.
![Automating Cloud Deployments with Chef [email_address] www.opscode.com Twitter/IRC/GitHub: mattray](https://image.slidesharecdn.com/virtual-build-a-cloud-day-opscode-120223170407-phpapp01/85/vBACD-Introduction-to-Opscode-Chef-2-29-1-320.jpg)
![That looks like this extra_packages = case node['platform'] when "ubuntu","debian" %w{ ruby1.8 ruby1.8-dev rdoc1.8 ri1.8 libopenssl-ruby } end extra_packages.each do |pkg| package pkg do action :install end end](https://image.slidesharecdn.com/virtual-build-a-cloud-day-opscode-120223170407-phpapp01/85/vBACD-Introduction-to-Opscode-Chef-2-29-35-320.jpg)
![Or this search(:users, '*:*') do |u| user u['id'] do uid u['uid'] shell u['shell'] home "/home/#{u['id']}" end directory "#{home_dir}/.ssh" do owner u['id'] group u['gid'] mode "0700" end template "#{home_dir}/.ssh/authorized_keys" do source "authorized_keys.erb" owner u['id'] group u['id'] mode "0600" variables :ssh_keys => u['ssh_keys'] end end](https://image.slidesharecdn.com/virtual-build-a-cloud-day-opscode-120223170407-phpapp01/85/vBACD-Introduction-to-Opscode-Chef-2-29-36-320.jpg)
![Build it somewhere #EC2 knife ec2 server create -S mray -i ~/.ssh/mray.pem -x ubuntu -G default -I ami-a7a97dce -f m1.small -d omnibus -r 'role[base],role[tc],role[sample] ’ #Rackspace knife rackspace server create --image 110 --flavor 2 -i ~/.ssh/mray.pem -d omnibus -r 'role[base],role[tc],role[sample] ’ #CloudStack knife cs server create -S "small instance" -T "CentOS 5.5(64-bit) no GUI (KVM)" -i ~/.ssh/mray.pem -d omnibus -r 'role[base],role[tc],role[sample] ’ #Ubuntu Linux VM knife bootstrap test.lab -i ~/.ssh/mray.pem -x ubuntu --sudo -d omnibus -r 'role[base],role[tc],role[sample]'](https://image.slidesharecdn.com/virtual-build-a-cloud-day-opscode-120223170407-phpapp01/85/vBACD-Introduction-to-Opscode-Chef-2-29-40-320.jpg)
![Tomcat stack deployed ec2-107-21-179-169.compute-1.amazonaws.com [Thu, 23 Feb 2012 03:16:27 +0000] INFO: Chef Run complete in 125.548799554 seconds ec2-107-21-179-169.compute-1.amazonaws.com [Thu, 23 Feb 2012 03:16:27 +0000] INFO: Running report handlers ec2-107-21-179-169.compute-1.amazonaws.com [Thu, 23 Feb 2012 03:16:27 +0000] INFO: Report handlers complete Instance ID: i-ee18148b Flavor: m1.small Image: ami-0c6ebd65 Region: us-east-1 Availability Zone: us-east-1b Security Groups: default SSH Key: mray Root Device Type: instance-store Public DNS Name: ec2-107-21-179-169.compute-1.amazonaws.com Public IP Address: 107.21.179.169 Private DNS Name: ip-10-120-255-91.ec2.internal Private IP Address: 10.120.255.91 Environment: _default Run List: role[base], role[tc], role[sample]](https://image.slidesharecdn.com/virtual-build-a-cloud-day-opscode-120223170407-phpapp01/85/vBACD-Introduction-to-Opscode-Chef-2-29-41-320.jpg)
![Update the sample cookbook $ knife cookbook upload sample Uploading sample [0.0.2] upload complete](https://image.slidesharecdn.com/virtual-build-a-cloud-day-opscode-120223170407-phpapp01/85/vBACD-Introduction-to-Opscode-Chef-2-29-43-320.jpg)
![Update the nodes $ knife ssh "role:base" "sudo chef-client" -i ~/.ssh/mray.pem -x ubuntu -a cloud.public_ipv4 107.21.179.169 [Thu, 23 Feb 2012 03:30:22 +0000] INFO: *** Chef 0.10.8 *** 107.21.179.169 [Thu, 23 Feb 2012 03:30:30 +0000] INFO: Run List is [role[base], role[tc], role[sample]] 107.21.179.169 [Thu, 23 Feb 2012 03:30:30 +0000] INFO: Run List expands to [chef-client, ntp, sudo, users::sysadmins, java, tomcat, sample] 107.21.179.169 [Thu, 23 Feb 2012 03:30:30 +0000] INFO: Starting Chef Run for i-ee18148b 107.21.179.169 [Thu, 23 Feb 2012 03:30:30 +0000] INFO: Running start handlers 107.21.179.169 [Thu, 23 Feb 2012 03:30:30 +0000] INFO: Start handlers complete. 107.21.179.169 [Thu, 23 Feb 2012 03:30:36 +0000] INFO: Loading cookbooks [chef-client, java, jpackage, ntp, sample, sudo, tomcat, users] 107.21.179.169 [Thu, 23 Feb 2012 03:30:36 +0000] INFO: Storing updated cookbooks/sample/recipes/default.rb in the cache. <SNIP> 107.21.179.169 [Thu, 23 Feb 2012 03:30:37 +0000] INFO: template[/var/lib/tomcat6/webapps/sample/index.html] updated content 107.21.179.169 [Thu, 23 Feb 2012 03:30:37 +0000] INFO: template[/var/lib/tomcat6/webapps/sample/index.html] sending restart action to service[tomcat] (immediate) 107.21.179.169 [Thu, 23 Feb 2012 03:30:37 +0000] INFO: Processing service[tomcat] action restart (tomcat::default line 42) 107.21.179.169 [Thu, 23 Feb 2012 03:30:45 +0000] INFO: service[tomcat] restarted 107.21.179.169 [Thu, 23 Feb 2012 03:30:45 +0000] INFO: Chef Run complete in 15.170097638 seconds 107.21.179.169 [Thu, 23 Feb 2012 03:30:45 +0000] INFO: Running report handlers 107.21.179.169 [Thu, 23 Feb 2012 03:30:45 +0000] INFO: Report handlers complete](https://image.slidesharecdn.com/virtual-build-a-cloud-day-opscode-120223170407-phpapp01/85/vBACD-Introduction-to-Opscode-Chef-2-29-44-320.jpg)
![pool_members = search("node","role:webserver ”) template "/etc/haproxy/haproxy.cfg" do source "haproxy-app_lb.cfg.erb ” owner "root" group "root ” mode 0644 variables :pool_members => pool_members.uniq notifies :restart, "service[haproxy] ” end Pass results into Templates](https://image.slidesharecdn.com/virtual-build-a-cloud-day-opscode-120223170407-phpapp01/85/vBACD-Introduction-to-Opscode-Chef-2-29-47-320.jpg)
![# Set up application listeners here. listen application 0.0.0.0:80 balance roundrobin <% @pool_members.each do |memb| -%> server <%= memb[:hostname] %> <%= memb[:ipaddress] %>:> weight 1 maxconn 1 check <% end -%> <% if node["haproxy"]["enable_admin"] -%> listen admin 0.0.0.0:22002 mode http stats uri / <% end -%> Pass results into Templates](https://image.slidesharecdn.com/virtual-build-a-cloud-day-opscode-120223170407-phpapp01/85/vBACD-Introduction-to-Opscode-Chef-2-29-48-320.jpg)
![Thanks! [email_address] www.opscode.com Twitter/IRC/GitHub: mattray](https://image.slidesharecdn.com/virtual-build-a-cloud-day-opscode-120223170407-phpapp01/85/vBACD-Introduction-to-Opscode-Chef-2-29-58-320.jpg)
vBACD - Introduction to Opscode Chef - 2/29
- 1. Automating Cloud Deployments with Chef [email_address] www.opscode.com Twitter/IRC/GitHub: mattray
- 2. U has a cloud Now what? http://www.flickr.com/photos/ian_munroe/4758240536/ Congratulations!!!
- 3. But then what? http://www.flickr.com/photos/doctorow/2698336843
- 4. You need to configure them
- 6. APIs are awesome! You can provision compute resources in seconds You can provision storage resources in seconds That’ s cool. http://www.flickr.com/photos/jdhancock/3634246981/
- 7. Chef can help with that knife ec2 server create knife rackspace server create knife terremark server create knife voxel server create knife cloudstack server create knife kvm server create knife vsphere server create knife eucalyptus server create knife openstack server create http://www.flickr.com/photos/kyz/3122499444/
- 8. See Node Application Server
- 9. See Nodes Application Server Application Database
- 10. See Nodes Grow Application Server Application Databases
- 11. Application Servers Application Databases See Nodes Grow
- 12. Application Servers Application Databases Load Balancer See Nodes Grow
- 13. See Nodes Grow Application Servers Application Databases Load Balancers
- 14. See Nodes Grow Application Servers Application Database Cache Load Balancers Application Databases
- 15. Tied together with Config Application Servers Application Database Cache Load Balancers Application Databases
- 16. Infrastructure is a Snowflake Application Servers Application Database Cache Load Balancers Floating IP? Application Databases
- 17. Evolving Complexity Load Balancers Application Servers NoSQL Database Slaves Application Cache Database Cache Database
- 18. Complexity Grows Quickly DC1 DC3 DC2
- 19. http://www.flickr.com/photos/ 16339684 @N00/2681435235/ And it Continues to Evolve
- 20. Golden Images are not the answer Gold is heavy Hard to transport Hard to mold Easy to lose configuration detail http://www.flickr.com/photos/garysoup/2977173063/
- 21. Typical Boring Infrastructure Jboss App Memcache Postgres Slaves Postgres Master Nagios Graphite
- 22. Move SSH off port 22 Lets put it on 2022 New Compliance Mandate Jboss App Memcache Postgres Slaves Postgres Master Nagios Graphite
- 23. edit /etc/ssh/sshd_config 6 Golden Image Updates Jboss App Memcache Postgres Slaves Postgres Master Nagios Graphite 1 2 3 4 5 6
- 24. Delete, launch Repeat Typically manually 8 12 Instance Replacements Jboss App Memcache Postgres Slaves Postgres Master Nagios Graphite 1 2 3 4 5 6 7 9 10 11 12
- 25. Don't break anything! In a Maintenance Window 5 Jboss App Memcache Postgres Slaves Postgres Master Nagios Graphite 1 2 4 5 6 7 8 9 10 11 12 3
- 26. Invalid Configs Bob just got fired :( With Different IP Addresses? Jboss App Memcache Postgres Slaves Postgres Master Nagios Graphite
- 28. Configuration Management and Automated Systems Integration is the Answer http://www.flickr.com/photos/philliecasablanca/3354734116/
- 29. Chef Solves This Problem But you already guessed that, didn ’t you?
- 30. Collections of Resources Networking Files Directories Symlinks Mounts Routes Users Groups Tasks Packages Software Services Configurations Other Stuff http://www.flickr.com/photos/stevekeys/3123167585/
- 31. http://www.flickr.com/photos/glowjangles/4081048126/ Acting in Concert
- 32. http://www.flickr.com/photos/28309157@N08/3743455858/ To Provide a Service
- 33. Chef is Infrastructure as Code http://www.flickr.com/photos/louisb/4555295187/ Programmatically provision and configure Treat like any other code base Reconstruct business from code repository, data backup, and bare metal resources.
- 34. Declarative Interface to Resources Define policy Say what, not how Pull not Push http://www.flickr.com/photos/bixentro/2591838509/
- 35. That looks like this extra_packages = case node['platform'] when "ubuntu","debian" %w{ ruby1.8 ruby1.8-dev rdoc1.8 ri1.8 libopenssl-ruby } end extra_packages.each do |pkg| package pkg do action :install end end
- 36. Or this search(:users, '*:*') do |u| user u['id'] do uid u['uid'] shell u['shell'] home "/home/#{u['id']}" end directory "#{home_dir}/.ssh" do owner u['id'] group u['gid'] mode "0700" end template "#{home_dir}/.ssh/authorized_keys" do source "authorized_keys.erb" owner u['id'] group u['id'] mode "0600" variables :ssh_keys => u['ssh_keys'] end end
- 37. Recipes and Cookbooks Recipes are collections of Resources Cookbooks contain recipes, templates, files, custom resources, etc Code re-use and modularity Hundreds already on Community.opscode.com http://www.flickr.com/photos/shutterhacks/4474421855/
- 38. Chef-Client generates configurations directly on nodes from their run list Reduce management complexity through abstraction Store the configuration of your programs in version control http://www.flickr.com/photos/ssoosay/5126146763/ Nodes
- 39. Upload your infrastructure knife cookbook upload chef-client knife cookbook upload java knife cookbook upload jpackage knife cookbook upload ntp knife cookbook upload sudo knife cookbook upload tomcat knife cookbook upload users knife cookbook upload sample knife role from file base.rb knife role from file tc.rb knife role from file sample.rb knife data bag create users knife data bag from file users mray.json
- 40. Build it somewhere #EC2 knife ec2 server create -S mray -i ~/.ssh/mray.pem -x ubuntu -G default -I ami-a7a97dce -f m1.small -d omnibus -r 'role[base],role[tc],role[sample] ’ #Rackspace knife rackspace server create --image 110 --flavor 2 -i ~/.ssh/mray.pem -d omnibus -r 'role[base],role[tc],role[sample] ’ #CloudStack knife cs server create -S "small instance" -T "CentOS 5.5(64-bit) no GUI (KVM)" -i ~/.ssh/mray.pem -d omnibus -r 'role[base],role[tc],role[sample] ’ #Ubuntu Linux VM knife bootstrap test.lab -i ~/.ssh/mray.pem -x ubuntu --sudo -d omnibus -r 'role[base],role[tc],role[sample]'
- 41. Tomcat stack deployed ec2-107-21-179-169.compute-1.amazonaws.com [Thu, 23 Feb 2012 03:16:27 +0000] INFO: Chef Run complete in 125.548799554 seconds ec2-107-21-179-169.compute-1.amazonaws.com [Thu, 23 Feb 2012 03:16:27 +0000] INFO: Running report handlers ec2-107-21-179-169.compute-1.amazonaws.com [Thu, 23 Feb 2012 03:16:27 +0000] INFO: Report handlers complete Instance ID: i-ee18148b Flavor: m1.small Image: ami-0c6ebd65 Region: us-east-1 Availability Zone: us-east-1b Security Groups: default SSH Key: mray Root Device Type: instance-store Public DNS Name: ec2-107-21-179-169.compute-1.amazonaws.com Public IP Address: 107.21.179.169 Private DNS Name: ip-10-120-255-91.ec2.internal Private IP Address: 10.120.255.91 Environment: _default Run List: role[base], role[tc], role[sample]
- 43. Update the sample cookbook $ knife cookbook upload sample Uploading sample [0.0.2] upload complete
- 44. Update the nodes $ knife ssh "role:base" "sudo chef-client" -i ~/.ssh/mray.pem -x ubuntu -a cloud.public_ipv4 107.21.179.169 [Thu, 23 Feb 2012 03:30:22 +0000] INFO: *** Chef 0.10.8 *** 107.21.179.169 [Thu, 23 Feb 2012 03:30:30 +0000] INFO: Run List is [role[base], role[tc], role[sample]] 107.21.179.169 [Thu, 23 Feb 2012 03:30:30 +0000] INFO: Run List expands to [chef-client, ntp, sudo, users::sysadmins, java, tomcat, sample] 107.21.179.169 [Thu, 23 Feb 2012 03:30:30 +0000] INFO: Starting Chef Run for i-ee18148b 107.21.179.169 [Thu, 23 Feb 2012 03:30:30 +0000] INFO: Running start handlers 107.21.179.169 [Thu, 23 Feb 2012 03:30:30 +0000] INFO: Start handlers complete. 107.21.179.169 [Thu, 23 Feb 2012 03:30:36 +0000] INFO: Loading cookbooks [chef-client, java, jpackage, ntp, sample, sudo, tomcat, users] 107.21.179.169 [Thu, 23 Feb 2012 03:30:36 +0000] INFO: Storing updated cookbooks/sample/recipes/default.rb in the cache. <SNIP> 107.21.179.169 [Thu, 23 Feb 2012 03:30:37 +0000] INFO: template[/var/lib/tomcat6/webapps/sample/index.html] updated content 107.21.179.169 [Thu, 23 Feb 2012 03:30:37 +0000] INFO: template[/var/lib/tomcat6/webapps/sample/index.html] sending restart action to service[tomcat] (immediate) 107.21.179.169 [Thu, 23 Feb 2012 03:30:37 +0000] INFO: Processing service[tomcat] action restart (tomcat::default line 42) 107.21.179.169 [Thu, 23 Feb 2012 03:30:45 +0000] INFO: service[tomcat] restarted 107.21.179.169 [Thu, 23 Feb 2012 03:30:45 +0000] INFO: Chef Run complete in 15.170097638 seconds 107.21.179.169 [Thu, 23 Feb 2012 03:30:45 +0000] INFO: Running report handlers 107.21.179.169 [Thu, 23 Feb 2012 03:30:45 +0000] INFO: Report handlers complete
- 46. http://www.flickr.com/photos/kathycsus/2686772625 IP addresses Hostnames FQDNs Search for nodes with Roles Find configuration data Search
- 47. pool_members = search("node","role:webserver ”) template "/etc/haproxy/haproxy.cfg" do source "haproxy-app_lb.cfg.erb ” owner "root" group "root ” mode 0644 variables :pool_members => pool_members.uniq notifies :restart, "service[haproxy] ” end Pass results into Templates
- 48. # Set up application listeners here. listen application 0.0.0.0:80 balance roundrobin <% @pool_members.each do |memb| -%> server <%= memb[:hostname] %> <%= memb[:ipaddress] %>:> weight 1 maxconn 1 check <% end -%> <% if node["haproxy"]["enable_admin"] -%> listen admin 0.0.0.0:22002 mode http stats uri / <% end -%> Pass results into Templates
- 49. Jboss App Memcache Postgres Slaves Postgres Master So when this Nagios Graphite
- 50. Jboss App Memcache Postgres Slaves Postgres Master Nagios Graphite Becomes this
- 51. Jboss App Memcache Postgres Slaves Postgres Master Nagios Graphite Updates can be automatic
- 52. Nagios Graphite Count the resources Jboss App Memcache Postgres Slaves Load balancer config Nagios host ping Nagios host ssh Nagios host HTTP Nagios host app health Graphite CPU Graphite Memory Graphite Disk Graphite SNMP Memcache firewall Postgres firewall Postgres authZ config 12+ resource changes for 1 node addition
- 53. http://www.flickr.com/photos/evelynishere/2798236471/ CLONING CANNOT COPE WITH THIS Chef can.
- 54. Build anything Simple internal applications Complex external applications Workstations Hadoop clusters IaaS infrastructure PaaS infrastructure SaaS applications Storage systems You name it http://www.flickr.com/photos/hyku/245010680/
- 55. And manage it simply http://www.flickr.com/photos/helico/404640681/ Automatically reconfigure everything Linux, Windows, Unixes, BSDs Load balancers Metrics collection systems Monitoring systems Cloud migrations become trivial
- 56. The Chef Community Apache License, Version 2.0 550+ Individual contributors 100+ Corporate contributors Dell, Rackspace,VMware, RightScale, Heroku, and many more 400+ Community cookbooks http://community.opscode.com
- 57. Questions? http://www.flickr.com/photos/mrchippy/443960682/ Questions?
- 58. Thanks! [email_address] www.opscode.com Twitter/IRC/GitHub: mattray
Editor's Notes
- #3: Contratulations! You have yourself some clooooud. But now what?
- #4: But then what? 5 minutes later, you can have an entire rack of servers at your disposal. But until you do one important thing, all they ’re doing is sitting around eating electricity and costing you money.
- #6: Introducing Chef. Hopefully you ’ve already met! Today we're going to talk about what Chef is and what it's good for.
- #7: APIs are awesome. They ’re what make the Cloud the Cloud. You can provision resources by simply flinging the right combination of packets at the appropriate DNS address.
- #8: And Chef can help with that. Knife is our command line tool for talking to APIs And we have plugins for all sorts of cloud providers, both public and private. This lets you provision a server, install the chef agent on it and configure it as a database, webserver, tomcat stack or whatever from a single command.
- #9: Let's walk through the evolution of your infrastructure. Things are going well, you've just started a new project and your new application has come online.
- #10: As you get your feet under you and get a feel for what you're doing, you move your database to another machine to help handle the overloaded box.
- #11: Turns out, the database was the bottleneck, so you add another.
- #12: Demand continues to grow, so you add another application server.
- #13: You're going to need a load balancer for that of course, so everyone can use the same IP.
- #14: And things are really taking off now, 2 load balancers, 5 application servers and a pair of databases. We're growing fast!
- #15: Caching, time to add some
- #16: This Infrastructure has a Topology. All the nodes are talking to each other and need to know about their individual interests. Maybe you don ’t want to do it that way.
- #17: How should I know. It ’s your application. Your application is unique, and so is your infrastructure. They evolve organically.
- #18: And as they evolve, things continue to change as you switch out components and scale
- #19: And success breeds success, we're going nuts now.
- #20: And a basic fact about Infrastructure -- it EVOLVES.
- #21: Currently, the most widely used configuration management strategy is Cloning and Snapshotting. THIS DOES NOT WORK (and you know it.)
- #22: OK, it's a JBoss stack on PostgreSQL with Nagios monitoring.
- #23: Policy change time!!! SSH on port 22 is a security liability (OK, maybe not, but stick with the story)
- #24: First we'll update the sshd_config on 6 golden images
- #25: We'll have to replace the instances that are there
- #26: 12 new boxes, be careful not to break anything. We only have 30 minutes
- #27: IP addresses all changed, since we're in the cloud right? Oh wait, Bob screwed up.
- #28: Tracking all these changes by hand breaks down fast. Mistakes get made and things get overlooked.
- #29: Keep track of all the steps required to take bare metal systems to doing their job in the infrastructure. It is all about the policy. Taking all the systems that have been configured to do their job, and make them work together to actually run the infrastructure.
- #30: How do we do this? WRT Chef, we talk about Fully Automated Infrastructure. Chef provides a framework for fully automating infrastructure, and has some important design principles. Chef makes it easy to reason about your infrastructure at scale and the predictable ordering makes it easy to understand what ’s going on. The declarative Ruby configuration language is easy to read, easy to share and flexible enough to do powerful things. Chef gives you the tools you need to manage large scale infrastructure in a coherent, logical fashion that can be picked up by the next person doing your job.
- #31: In Chef a Node is an Abstraction of a server. With the chef server, node state data is persisted between runs. The edge node does all the heavy lifting. Resources are the things on Nodes that we manage. ... a collection of Resources that can span nodes and networks. Resources are simple things that you deal with every day as a systems administrator or developer. Resources include files, directories, mounts, routes, users, groups, packages installations, source code deployments, configuration files, and “stuff” in general.
- #32: All this is arranged in a very specific way, to it acts in concert to provide ...
- #33: a service. That ’s it. An Application Infrastructure provides a view of all it’s component nodes and their attributes, as well as information that needs to be shared among resources.
- #34: When dealing with Chef, need to literally “think outside the box”, by shifting your thinking about configuration away from a single system, to that of an Application Infrastructure. The concept of an Infrastructure is an abstract one with a specific technical meaning. When we talk about Infrastructure, we mean..
- #35: Chef gives you declarative interfaces into the Resources on those Nodes. Being declarative means that you say what you want to do, instead of how to do it. For example, you declare that package foobar-1.2.3 should be installed, or that the directory /var/log/foobar should exist. Chef pulls down policy from the chef-server, ensuring that a node down for maintenance will receive its policy update when it comes back online.
- #36: Because we use a 3GL for the recipe config files, we can use features of ruby like case statements and iterative loops. Sysadmins don ’t need to be afraid of Ruby, they’ve been dealing with sub-standard programming languages like configuration files for years. They ’re also not limited to what the language tells them they can do.
- #37: By using Ruby we can make calls to web services, in this case we're calling search against the Chef server for all the users stored there. We're going to iterate over them, create the users, their home directories and write out the authorized_keys file. As you need to do more complex and powerful things with your infrastructure, Chef's use of Ruby will allow you to harness whatever resources you need.
- #39: The nodes are going to execute their run lists to configure their Resources defined in your Cookbooks and Recipes. The chef-client maintains the state of your machines, and are also responsible for generating the configuration that is the topology of the infrastructure.
- #47: This is where the sauce is, and what enables systems integration. (back up to previous slide) When provisioning on Clouds, you typically don ’t get to do up front IP address planning So how do you point a web server to its database? You search for it.
- #57: Chef is hackable! Permissive Apache2 license, vibrant community of awesome folks. More than 360 individual contributors, over 70 corporate contributors. Community is very important to us. That's why we're here.