Chef Repository for managing training lab instances for students taking a Chef Fundamentals or Chef Workshop training course.
Read this README in its entirety before setting up your lab.
The purpose of having this set up with Chef is so we can use baseline AMIs and not manage golden images / AMIs.
At the end of the lab setup, you will have:
- 1 "target" instance for each student
- 1 "workstation" instance for each student(*)
- 1 "classroom" instance for the instructor
The "target" instance is the node that the students are going to manage with Chef in the hands on exercises.
The "workstation" instance is the system that students can use as their workstation, where the chef-repo will be, and where they will run all the knife commands. (*) Due to size of the desktop environment installation, we create a custom AMI for this that has the required packages installed already, else it would take 20 minutes per instance to set up.
The "classroom" instance is a web server that will perform a Chef search for all the targets and workstations, and display a web page with their IP addresses.
This repository is intended for use by Opscode Chef instructors. If you are using it, we assume you know what you're doing.
This repository assumes that you have a sane Ruby/RubyGems installation. We use rbenv or rvm and Ruby 1.9. You will need bundler installed. You also need to have an Opscode Hosted Chef account and organization created that will manage the instances for initial setup.
Instances can be launched in Amazon EC2 or Rackspace Cloud. An account should be set up ahead of time.
Your cloud account's default security group should have the following ports open:
- 22 (SSH)
- 80, 81, 82 (HTTP)
- 5901-6001 (VNC)
The target instances are Ubuntu 12.04 for both Amazon EC2 and Rackspace Cloud. Our training materials depend on assumptions from Ubuntu specifically.
In order to make this repository modular for different people as trainers, specific settings are abstracted in the knife.rb config file. The following environment variables must be exported in your shell with the proper values beforehand.
ORGNAME- the organization to use on Opscode Hosted ChefOPSCODE_USER- if your Opscode account username is different than your local user, set thisAWS_ACCESS_KEY_IDandAWS_SECRET_ACCESS_KEY- normal AWS credentialsAWS_SSH_KEY- the name of the SSH key pair to use, must already exist in your AWS account; add the private key to your SSH agentRACKSPACE_USERNAMEandRACKSPACE_API_KEY- normal Rackspace Cloud credentials
E.g.,
export ORGNAME="myorg"
export OPSCODE_USER="jtimberman"
export AWS_ACCESS_KEY_ID="your aws access key id"
export AWS_SECRET_ACCESS_KEY="your aws secret access key"
export AWS_SSH_KEY="jtimberman"
export RACKSPACE_USERNAME="jtimberman-rackspace"
export RACKSPACE_API_KEY="your rackspace API key"
Install the appropriate RubyGems required using bundler.
bundle install
Gems that install programs require bundle exec to run (notably:
spiceweasel, knife).
This repo has an lab.yml file for use with Spiceweasel
(http://bit.ly/spcwsl). Run spiceweasel to display the knife commands
required to deploy the infrastructure.
bundle exec spiceweasel lab.yml
There are three roles and two cookbooks.
classrom: the node that simply displays a list of all the IPs of the lab instances for workstations and targets.target: nodes that will be managed by students in the class.workstation: nodes that are provided for students to use as a development and knife workstation
classroom- Searches for all the workstation instances and target instances to make a list of IPs available on a web page that students can use. The node with this role is not used by the students, and is for the instructor.knife-workstation- Provides configuration for a "workstation" system that students can access via SSH or VNC (display 1). The recipe ensures that programmer style text editors are available, sets the ubuntu user password to "opscodechef", and enables VNC. Thesshrecipe in this cookbook is used by thetargetrole to ensure the ubuntu user password is set.
.chef/knife.rb is not hardcoded with any values, and uses shell
environment variables to set user-specifics. See Shell Environment
above for variables that must be exported to the shell prior.
.chef/bootstrap/student.erb is a custom bootstrap template that
will:
- Ensure that the GPG keys for the Ubuntu repository are added (may not exist on some AMIs in EC2). This is hardcoded to a specific key.
- Install the chef full stack client package.
- Connect the system via chef-client to the configured Opscode Hosted Chef organization and configure it based on its role.
- Clean up after itself, removing /etc/chef, /var/chef and uninstall the chef package.
To use Opscode Private Chef, change the chef_server_url.
The bootstrap and Chef is intended to run only once on target and
workstation nodes, because they only run Chef to make their initial
configuration, and have node objects available for the classroom
node. Chef is not cleaned up on the classroom node because if an
instance needs to be replaced, rerunning Chef will update the IP list.
The AMI used by the workstation role for EC2 in lab.yml is
currently private. It simply has the "workstation" packages
preinstalled to save time launching instances. See
workstation-ami.sh for the commands to create a new AMI.
Launch a workstation for each student registered for your class. Likewise, launch a target machine for each student. Once all these instances are complete, launch the classroom system. Set the number of instances to launch in lab.yml and Spiceweasel will print out all the commands you need.
knife ec2 server create -x ubuntu -I ami-f4fc5e9d -r 'role[workstation]'
knife ec2 server create -x ubuntu -I ami-a29943cb -r 'role[target]'
knife ec2 server create -x ubuntu -I ami-a29943cb -r 'role[classroom]'
Instead of launching the classroom system, you can also use the
included knife plugin, knife lab to output the instances for
students to use. For example:
% knife lab
https://opscode-chef-training.s3.amazonaws.com/ChefWorkshop-CheatSheet.pdf
# Workstations (SSH or VNC display :1)
184.72.153.99 opstrain1 # workstation
# Target nodes (SSH)
107.20.125.24 opstrain1 # target node
The CheatSheet PDF link is included for convenience.
ALPHA
There's a Vagrantfile in the repository to launch a simple 3 node infrastructure for testing purposes. Use the EC2 method for launching instances for now, this is here to reduce time required for testing.
You'll need to create a precise.box basebox, or download one. We don't have a box for general consumption (this is ALPHA!) yet.
% gem install vagrant
% vagrant box add workstation precise.box
% vagrant box add target precise.box
% vagrant box add classroom precise.box
The Vagrantfile is multi-vm.
My blog post
may be useful to understand how this stuff works. A simple vagrant up should bring all three instances up. When done, vagrant destroy
will destroy all three vagrant VMs and also remove them from the Chef Server.
ALPHA
- Use minitest-handler to perform integration testing of all the things!
- Clean up the older
chef-fundamentalscruft. - Release the "workstation" AMI; this requires ensuring it is cleaned up and fit for consumption by the masses.
- Build this repository/environment such that it can be deployed w/o internet access.
- Author:: Matt Ray (matt@opscode.com)
- Author:: Joshua Timberman (joshua@opscode.com)
Copyright (c) 2012, Opscode, Inc (legal@opscode.com)
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.