Upload
jonathan-weiss
View
2.083
Download
5
Embed Size (px)
DESCRIPTION
An introduction to AWS OpsWorks and how it uses Chef. Differences between OpsWorks and Chef server. Presented by Jonathan Weiss on January 14th 2014 at the Hamburg Chef User Group.
Citation preview
© 2014 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified, or distributed in whole or in part without the express consent of Amazon.com, Inc.
AWS OpsWorks & Chef
Jonathan Weiss @jweiss
January 14th, 2014
AWS OpsWorks
Integrated Application management on EC2 • EC2, ELB, VPC, EIP, EBS, … • Chef-Solo & Built-in layers • Monitoring with CloudWatch • Auto Scaling, Auto Healing • Fine-grained permissions • App deployment
AWS Application Management Services
Elastic Beanstalk OpsWorks CloudFormation EC2
Convenience Control
Higher-level Services Do it yourself
How does it work?
Agent on each EC2 instance
The Heart of the Service
6
Agent on each Amazon EC2 instance
Understands a set of commands that are triggered by AWS OpsWorks. The agent then runs a Chef solo run.
Life Cycle Events
7
setup configure deploy undeploy shutdown
A Stack
A Stack with Layers
A Stack with Layers and Instances
Enough talking
DEMO TIME
Chef in AWS OpsWorks vs. Chef Server
Main Differences
• Chef Setup • One run vs. discrete events • Push vs. pull • Discovery: search & AWS OpsWorks attribute tree • Data bags
Chef Setup
Chef Solo &
OpsWorks Backend
Chef Client &
Chef Server
Customization Options Built-in layers Override Chef attributes via custom JSON Override Chef attributes via custom cookbook Overwrite Chef template file Deploy hooks Provide custom recipe to extend built-in layer Provide custom recipe to create custom layer cont
rol
sim
ple
Life Cycle Events
• Give you fine-grained control • Faster to execute • Context
Push vs. Pull
• On-demand and automatic • Respond immediately to changes in the stack
Discovery: Chef Search
AWS OpsWorks does not offer attribute search Alternative:
node[:opsworks] with similar capabilities to partial_search
AWS OpsWorks Attribute Tree
Find all Rails application servers
rails_servers = node['opsworks']['layers']['rails-app']['instances']
rails_ips = rails_servers.map{|i| i['private_ip'] }
template "/etc/rails-server.conf" do
...
variables({
:ips => rails_server_ips
})
end
Encrypted Data Bags
• Upload encrypted JSON to S3 • Have instances access via IAM roles in a recipe
Custom JSON
Arbitrary JSON on stack that is available in Chef if node.foo.bar
... elsif node.foo.baz ... end
{ ‘foo‘: { ‘bar‘: true, ‘baz‘: false } }
Store Secrets on Amazon S3
Access from instance via instance profiles bucket = node['acme']['bucket'] key = node['acme']['key'] s3 = AWS::S3.new obj = s3.buckets[bucket].objects[key] obj.read
The Future
Better Chef Citizen Chef 11.8 local server mode: • Data bags • (local) Chef search
More information about AWS OpsWorks
• Try it out https://console.aws.amazon.com/opsworks/ • Follow us on twitter @AWSOpsWorks • Find us on YouTube • Blog http://blogs.aws.amazon.com/application-management • Docs http://aws.amazon.com/documentation/opsworks/ • User tests [email protected] • Work with us http://jobs.aws-berlin.com
Thank You
@jweiss