© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amir Golan
Senior Product Manager
Announcing AWS OpsWorks for Chef Automate
Configuration Management on AWS
What to expect from this session?
Understand how configuration management lets you refer to your infrastructure as code
Understand how AWS can help you use configuration management to save time
Discover the best practices of setting up your infrastructure, host configuration, and application
Background
Moving to the cloud and AWS allows you to provision and manage infrastructure in new ways:
Scale can be achieved without complicated capacity planningInfrastructure can be provisioned in minutesYou are now a part of a fast moving environment that requires constant attention
What is configuration management?
A practice in which code is used to define and maintain the state of both new and existing resources throughout their entire life cycle.
Why do I need configuration management?
Store your configuration information in one place Spin up blank resources that work perfectly every time Make changes things in a single place and propagate them Create dev and test environments that mimic your production
Compute Resources Operating System and Host Configuration Application Configuration
Amazon Elastic Compute Cloud (EC2)On-premises compute resources (Servers)…
FilesDirectories Networking SymlinksMountsRegistry KeyUsersGroupsPackages Filesystems…
Application dependenciesApplication configurationService registrationCredentials…
Infrastructure needs ongoing management
Package updates? New software? New configurations? New app deployments? Environment specific changes? Run commands across all hosts? Be on top of all running resources?
Ongoing management requires proper tooling
Some common challenges: Changing a vhost configuration on every web server across
multiple environments (dev, stage, prod) Installing a package on certain hosts to test out newer versions Changing LDAP config on every running Amazon EC2 Linux host
What tools can I use to tackle some of these challenges?
What is Chef Automate?
Refer to your infrastructure as code (cookbooks & recipes) Consistently install, configure, manage, deploy and scale
applications Align resources with specific policies Save time by automating manual tasks
How does it work?
Simple client-server architecture
Connecting resources to a Chef server
Resources pull configuration updates from the Chef server Config A Config B
How can you set this up?1. Setup the Chef server with cookbooks, recipes roles.
2. Install the Chef client on the instance (or server).
3. Register the instance with the Chef server as a Chef node.
4. Assign node with a role (e.g. web server, app server, db server).
5. The Chef client pulls the recipes from Chef server (based on role).
6. The Chef server determines the applicable recipes (by role).
7. The Chef client applies the recipes on the node by doing a “Chef run”.
8. The Chef client pulls the Chef server every 30 minutes.
How does it look like?
The Chef client pulls configuration updates from the Chef server every 30 minutes.
The Chef client will only make configuration changes when the node is out of spec.
The Chef client can react to changes using by using Chef search.
Support for community tools
ChefDK Knife Chef Client Community cookbooks and recipes TestKitchen
kitchen create
kitchen converge
kitchen login verify kitchen
destroy
Chef recipe example – configure Apache
# Install Apache and start the service.httpd_service ‘default' do listen_ports ['81', '82'] threadlimit '4096' action [:create, :start]end
# Add the site configuration.httpd_config ‘default' do instance ‘default' source ‘mysite.conf.erb' notifies :restart, 'httpd_service[default]'end.....
Chef recipe example – configure Apache
# Create the document root directory.directory '/var/www/default/public_html' do recursive trueend
# Write the home page.file '/var/www/default/public_html/index.html' do content '<html>This is a placeholder</html>' mode '0644' owner 'web_admin' group 'web_admin'end
.....
Chef recipe example – configure PHP
# Install the mod_php5 Apache module.httpd_module 'php5' do instance ‘default'end
# Install php5-mysql.package 'php5-mysql' do action :install notifies :restart, 'httpd_service[default]'end
Get visibility into the state of your nodes
Visibility – A view into convergence, compliance, cookbooks, recipes and more.
Not only a Configuration Management tool
Workflow – A continuous delivery pipeline of infrastructure and applications.
Not only a Configuration Management tool
Compliance - Discovery and analysis of compliance risks across environments
AWS OpsWorks for Chef Automate
What is AWS OpsWorks for Chef Automate?
The place you go to for configuration management on AWS
Offers a fully managed Chef Automate server
OpsWorks
How can I create an AWS managed Chef server?
Easy to get started, get a Chef Automate server in 10 minutes.
What else can I set up?
Setup a weekly maintenance window
Automatic security updatesAutomatic Chef version upgrades
What else can I set up?
Setup a daily/weekly backup schedule
What else is left for me to do?
Nothing, this is a fully managed configuration management service:Automatic backupsAutomatic security updatesAutomatic Chef software updates
You can focus on writing cookbooks and recipes that meet your needs.
What other benefits do I get from the service?
Automatic instance to Chef server registration Secure and easy scaling using Auto Scaling Groups No separate license fees, only pay for what you use Supports both Amazon EC2 and on-prem resources Best practices, AWS support and guidance
Where does it come in the tool chain?
Bootstrap instances with the right configuration Update the configuration of running instances Assure instances comply with a pre-defined policy A part of your Continues Integration and Continues
Delivery pipeline
Live Demo
How do I get started?
Grab some community cookbooks
https://supermarket.chef.io/
Learn more
https://www.chef.io/automate/
Get started
https://aws.amazon.com/opsworks/
Thank you!
Top Related