Post on 08-May-2015
description
© 2014 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified, or distributed in whole or in part without the express consent of Amazon.com, Inc.
AWS OpsWorks & Chef
Jonathan Weiss @jweiss
January 14th, 2014
AWS OpsWorks
Integrated Application management on EC2 • EC2, ELB, VPC, EIP, EBS, … • Chef-Solo & Built-in layers • Monitoring with CloudWatch • Auto Scaling, Auto Healing • Fine-grained permissions • App deployment
AWS Application Management Services
Elastic Beanstalk OpsWorks CloudFormation EC2
Convenience Control
Higher-level Services Do it yourself
How does it work?
Agent on each EC2 instance
The Heart of the Service
6
Agent on each Amazon EC2 instance
Understands a set of commands that are triggered by AWS OpsWorks. The agent then runs a Chef solo run.
Life Cycle Events
7
setup configure deploy undeploy shutdown
A Stack
A Stack with Layers
A Stack with Layers and Instances
Enough talking
DEMO TIME
Chef in AWS OpsWorks vs. Chef Server
Main Differences
• Chef Setup • One run vs. discrete events • Push vs. pull • Discovery: search & AWS OpsWorks attribute tree • Data bags
Chef Setup
Chef Solo &
OpsWorks Backend
Chef Client &
Chef Server
Customization Options Built-in layers Override Chef attributes via custom JSON Override Chef attributes via custom cookbook Overwrite Chef template file Deploy hooks Provide custom recipe to extend built-in layer Provide custom recipe to create custom layer cont
rol
sim
ple
Life Cycle Events
• Give you fine-grained control • Faster to execute • Context
Push vs. Pull
• On-demand and automatic • Respond immediately to changes in the stack
Discovery: Chef Search
AWS OpsWorks does not offer attribute search Alternative:
node[:opsworks] with similar capabilities to partial_search
AWS OpsWorks Attribute Tree
Find all Rails application servers
rails_servers = node['opsworks']['layers']['rails-app']['instances']
rails_ips = rails_servers.map{|i| i['private_ip'] }
template "/etc/rails-server.conf" do
...
variables({
:ips => rails_server_ips
})
end
Encrypted Data Bags
• Upload encrypted JSON to S3 • Have instances access via IAM roles in a recipe
Custom JSON
Arbitrary JSON on stack that is available in Chef if node.foo.bar
... elsif node.foo.baz ... end
{ ‘foo‘: { ‘bar‘: true, ‘baz‘: false } }
Store Secrets on Amazon S3
Access from instance via instance profiles bucket = node['acme']['bucket'] key = node['acme']['key'] s3 = AWS::S3.new obj = s3.buckets[bucket].objects[key] obj.read
The Future
Better Chef Citizen Chef 11.8 local server mode: • Data bags • (local) Chef search
More information about AWS OpsWorks
• Try it out https://console.aws.amazon.com/opsworks/ • Follow us on twitter @AWSOpsWorks • Find us on YouTube • Blog http://blogs.aws.amazon.com/application-management • Docs http://aws.amazon.com/documentation/opsworks/ • User tests opsworks-user-tests@amazon.com • Work with us http://jobs.aws-berlin.com
Thank You
@jweiss