29 Dec 2011 CentOS 6.1, local VMs and Opscode Chef
Automating Internal Infrastructure Orchestration with Chef
BioTeam maintains it’s internal company IT infrastructure across a distributed mix of servers hosted both “in the cloud” as well as within our own offices and colocation cages. We’ve long been using Opscode Chef to “orchestrate” our cloud systems and recently have found it invaluable for automatic configuration management of our own local servers and VMs.
This blog post is just a quick one-off article to highlight how well Chef plays with non-cloud systems including local virtual machines that BioTeam is running via Citrix XenServer. It was so easy to spin up a new VM (“staff.bioteam.net”) and then use a single Chef one-liner command to bootstrap the server to configure user accounts, install new software (denyhosts) and adjust the configuration of the /etc/sudoers file that I wanted to screencast and share the process.
First things first …
Thanks to Steve Danna for publishing a CentOS-6 bootstrapping template script. In the screencast below where you see me typing the “knife bootstrap …” command I’m directly invoking the bootstrapping script for CentOS 6 systems that Steve put on github.
In the video recorded below we start with a CentOS 6.1 Linux system. The VM was created from a pre-existing barebones XenServer template and really just contains a minimal operating system and network stack with almost no installed software.
Normally in “Xen” land, I’d fire up the new VM from a template and then do manual sysadmin “stuff” to the server to make it do what it needed to do.
For this particular server (“staff.bioteam.net”) we really just needed a few things to start with:
- Create BioTeam staff user accounts
- Upload and install individual BioTeam staff SSH keys so they can login securely
- Add the appropriate BioTeam user accounts to the /etc/sudoers file so they can elevate access when needed
- Install, configure and start the ‘denyhosts’ service to block SSH password guessing attacks
And wouldn’t you know … BioTeam ALREADY has Chef recipes to do all those things because we need them on just about every cloud server we create.
The screencast below simply shows how I can do all the tasks listed above via my personal Mac OS X laptop with a single call to the Opscode Chef CLI tool named ‘knife’. The exact command used was:
$ knife bootstrap -d centos6-gems --ssh-user root --run-list "recipe[users::sysadmins], recipe[sudo], recipe[denyhosts]" staff.bioteam.net
It’s literally that easy.
The video below is not edited for time in any way. It really does take less than 4 minutes to take a ‘barebones’ CentOS system, install all the software dependencies, build and configure chef, download the cookbooks and runlist and then “process them”. The end result is 100% automated provisioning of a new server while I check Facebook in another browser window.
And for people new to Opscode Chef this is a great example of how powerful and flexible these “infrastructure orchestration” systems have become. The Chef client running on the new server is doing far more than just simple installs of software from remote repositories. Of course it’s doing that but it’s also installing personal individual SSH keys, editing the contents of the /etc/sudoers file and installing, configuring and starting a new network security service (denyhosts). Try doing that amount of “custom” server config work using a “golden image” or Kickstart type method!
Note: The text-heavy screencast may best be viewed directly on youtube.com, particularly in the “big” 720p HD version …