Special of the Day Cookin’ up hybrid clouds with Chef and the Accenture Cloud Platform Tom Myers April 26, 2013 Accenture is using Private Chef as the management control point for our newly launched Accenture Cloud Platform.

Copyright © 2013 Accenture All rights reserved. 2

Accenture Cloud Platform Global footprint Multiple service providers Migrating from traditional tools to cloud native

Accenture Cloud Platform Ecosystem

Hybrid Environment •  Accenture’s Common Hosting Platform •  Broad Collection of IaaS Providers - Azure, AWS, OpSource, Terremark…

Geographical Requirements •  Operating Environment across five continents •  Soon to be six (how soon will we need Antarctica?) •  Latency

Transition •  From Traditional Tools •  To Cloud-native tools

Balance •  Platform Agility vs Customer Stability

Provisioning

Traditional Hardened

Environment

Public/Private IaaS Cloud

On-premise and co-lo “clouds”

Accenture Cloud Platform Ecosystem

Remote Chef Proxy •  nginx extended to each provider •  Near file storage •  Answers several concerns…

Internet Access •  Client requirements my forbid •  VPN required

Reduced Cost •  File transfer •  Cache

Balance •  Platform Agility vs Customer Stability

Environments

Production

Test

Public/Private IaaS Cloud

On-premise and co-lo “clouds”

Demo

• VMs –  Private Chef A (PROD) –  Private Chef B (TEST) –  Node One (VM who has been recently provisioned)

• Data Bag Example Usage: • Add Local IP (role) • Query status data bag

• Environments –  Transfer (role) from PROD to TEST –  Rename (data bag) and Transfer (role) back to PROD

Role[bootstrap] Default include_recipe "bootstrap::_create_reports_item"

include_recipe "hosts"

include_recipe "chef-client::config"

include_recipe "chef-client::service"

if node.run_list.include?('role[migrate-chef-server]')

include_recipe "bootstrap::migrate_chef_server"

else

include_recipe "bootstrap::core"

end

include_recipe "clone::cleanup_stash"

asgard_report "bootstrap" do

request_type 'bootstrap'

remember true

action :ok

End

Role[bootstrap] Core case node['platform_family']

when "windows"

include_recipe "bootstrap::windows"

when "rhel"

include_recipe "bootstrap::redhat"

end

include_recipe "bootstrap::options"

include_recipe "manage-users"

include_recipe "manage-networks"

include_recipe "manage-storage"

include_recipe "commands"

Role[bootstrap] Options node['bootstrap']['options'].each do |option|

include_recipe "#{option}::install"

recipe_name = option_enabled?(option) ? 'enable' : 'disable'

include_recipe "#{option}::#{recipe_name}"

End

(Attributes)

default['bootstrap']['options'] = %w(patching zenoss-monitoring)

Data Bags

• Provide common interface for back-end systems –  Back-end processing

•  Write node-specific data •  Assign role to run list (if needed) •  Poll Reports data bag for results

–  Node processing •  Remove node-specific data •  Write result to Reports data bag

• Knife plug-in to support operations tasks • Easy clean-up

Change Server Cookbook

Default require 'fileutils'

# Everything runs in compile time. Will preempt any other recipes.

# never run this recipe twice

node.run_list.delete("role[change-server]")

node.run_list << 'role[change-server-done]'

node.save

# timestamp for backup/restore

timestamp = Time.now.strftime("%Y%m%d.%H%M%S")

hosts_file_path = node[:hosts][:config]

node_name = Chef::Config[:node_name]

rename_lists = data_bag('rename_nodes')

rename_lists.each do |list_name|

rename_list = data_bag_item('rename_nodes', list_name).raw_data

node_name = rename[node_name] || node_name

end

Change Server Cookbook

# config parameters

conf_dir = node['chef_client']['conf_dir']

client_rb_path = File.join(conf_dir, 'client.rb')

validation_pem_path = File.join(conf_dir, 'validation.pem')

client_pem_path = File.join(conf_dir, 'client.pem')

attributes_json_path = File.join(conf_dir, 'change-server-attributes.json')

backup(hosts_file_path, timestamp, true)

backup(client_rb_path, timestamp)

backup(validation_pem_path, timestamp)

backup(client_pem_path, timestamp)

delete_hostsfile_entries(node)

create_child_chef_configuration(node, conf_dir, client_rb_path, validation_pem_path, client_pem_path, attributes_json_path)

run_child_chef(node, client_rb_path, attributes_json_path, node_name)

Change Server Cookbook

if File.exists?(client_pem_path)

log_success

node.name(node_name)

reload_chef_client_config(node)

# delete change-server-done from NEW server

node.run_list.delete('role[change-server-done]')

node.save

else

log_failure(client_rb_path, validation_pem_path, attributes_json_path)

restore(hosts_file_path, timestamp)

restore(client_rb_path, timestamp)

restore(validation_pem_path, timestamp)

restore(client_pem_path, timestamp)

# delete change-server-done from OLD server

node.run_list.delete('role[change-server-done]')

node.save

end

Other Interesting Ideas

Side by Side Chef (today) •  Allow existing chef-using clients to continue use of open-source chef

without interruption until on-boarding process is available.

Shared Org Cookbooks (coming soon) •  Allow organizations to share (read-only) cookbooks, enabling the

inherent separation between orgs while allowing for a shared baseline of cookbooks.

Handlers as Alerts (coming soon) •  Use handlers to alert our back-end systems to provide and alternative

to polling mechanisms.

Web Service Knife Wrapper (coming soon) •  Consume the ability for knife to bootstrap a newly provisioned server

without requiring any modification to the default provider image via a web service call from our back-end systems.

16 Copyright © 2013 Accenture All rights reserved.

Questions?