Chef Infra Server Overview

[edit on GitHub]

The Chef Infra Server acts as a hub for configuration information. The Chef
Infra Server shops cookbooks, the insurance policies which can be utilized to nodes,
and metadata that describes every registered node that’s being managed
by Chef Infra Consumer. Nodes use Chef Infra Consumer to ask the Chef Infra
Server for configuration particulars, resembling recipes, templates, and file
distributions. Chef Infra Consumer then does as a lot of the configuration
work as potential on the nodes themselves (and never on the Chef Infra
Server). This scalable method distributes the configuration effort
all through the group.

The front-end for the Chef Infra Server is written utilizing
Erlang, which is a programming language that
first appeared in
1986,
was open sourced in 1998, and is superb with important enterprise
issues like concurrency, fault-tolerance, and distributed
environments. The Chef Infra Server can scale to the scale of any
enterprise and is typically known as Erchef.

Word

The Chef Infra Server could be configured by way of the
/and so forth/opscode/chef-server.rb file. Each time this file is modified, the
chef-server-ctl reconfigure command have to be run to use the modifications.
See the Chef Infra Server settings information for
extra info.

Server Parts

The next diagram exhibits the varied parts which can be a part of a
Chef Infra Server deployment and the way they relate to 1 one other.

Diagram of Chef Infra Server deployment

Shoppers The Chef Infra Server is accessed primarily by nodes which can be underneath administration by Chef, as Chef Infra Consumer runs happen. It’s also accessed by people who keep cookbooks and coverage that’s saved on the Chef Infra Server, sometimes from a workstation. And likewise by particular person customers with credentials to Chef Infra Server parts, such because the Chef administration console.
Load Balancer Nginx is an open-source HTTP and reverse proxy server that’s used as
the front-end load balancer for the Chef Infra Server. All requests to
the Chef Infra Server API are routed by Nginx.
Chef Handle Chef Handle is the online interface for the Chef Infra Server, which makes use of the Chef Infra Server API for all communication to the Chef Infra Server.
Chef Infra Server

Erchef is an entire rewrite of the core API for the Chef Infra Server,
which permits it to be quicker and extra scalable than earlier variations.
The API itself continues to be appropriate with the unique Ruby-based Chef
Infra Server, which signifies that cookbooks and recipes that have been authored
for the Ruby-based Chef Infra Server will proceed to work on the
Erlang-based Chef Infra Server. Chef Infra Consumer continues to be written in
Ruby.

Word

Regardless that the Chef Infra Server is authored in Erlang, writing code in
Erlang is NOT a requirement for utilizing Chef Infra.

Bookshelf

Bookshelf is used to retailer cookbook content material—information, templates, and so
on—which have been uploaded to the Chef Infra Server as a part of a
cookbook model. Cookbook content material is saved by content material checksum. If two
totally different cookbooks or totally different variations of the identical cookbook embrace
the identical file or template, Bookshelf will retailer that file solely as soon as. The
cookbook content material managed by Bookshelf is saved in flat information and is
separated from the Chef Infra Server and search index repositories.

All cookbooks are saved in a devoted repository.

Messages

chef-elasticsearch wraps Elastisearch and exposes its REST API for indexing and search.
All messages are added to a devoted search index repository.

PostgreSQL PostgreSQL is the info storage repository for the Chef Infra Server.

Exterior Cookbooks

The next diagram highlights the precise modifications that happen when
cookbooks are saved at an outside location, resembling Amazon Easy
Storage Service (S3).

image

The next desk describes the parts which can be totally different from the
default configuration of the Chef Infra Server when cookbooks are saved
at an outside location:

Shoppers The Chef Infra Server will present signed URLs for cookbook requests made by the varied shoppers (particular person customers, knife requests, and from the Chef Infra Consumer that’s put in on nodes underneath administration by Chef Infra).
Load Balancer The signed URLs for cookbooks are pointed right here, after which routed to cookbook storage, as required.
Chef Infra Server

Erchef is an entire rewrite of the core API for the Chef Infra Server,
which permits it to be quicker and extra scalable than earlier variations.
The API itself continues to be appropriate with the unique Ruby-based Chef
Infra Server, which signifies that cookbooks and recipes that have been authored
for the Ruby-based Chef Infra Server will proceed to work on the
Erlang-based Chef Infra Server. Chef Infra Consumer continues to be written in
Ruby.

Word

Regardless that the Chef Infra Server is authored in Erlang, writing code in
Erlang is NOT a requirement for utilizing Chef Infra.

Amazon Easy Storage Service (S3)

Bookshelf is used to retailer cookbook content material—information, templates, and so
on—which have been uploaded to the Chef Infra Server as a part of a
cookbook model. Cookbook content material is saved by content material checksum. If two
totally different cookbooks or totally different variations of the identical cookbook embrace
the identical file or template, Bookshelf will retailer that file solely as soon as. The
cookbook content material managed by Bookshelf is saved in flat information and is
separated from the Chef Infra Server and search index repositories.

This represents outside cookbooks storage at Amazon Easy Storage Service (S3).

AWS Settings

Required Settings

To configure outside cookbook storage utilizing Amazon Easy Storage
Service (S3) set the next configuration settings within the
chef-server.rb file and run chef-server-ctl reconfigure:

bookshelf['access_key_id'] The entry key identifier. Default worth: generated by default. Specifying this straight within the configuration file is discouraged. Please use chef-server-ctl set-secret bookshelf access_key_id from the Secrets and techniques Administration instructions.
bookshelf['external_url'] The total URL of the S3 bucket.
bookshelf['secret_access_key'] The key key. Default worth: generated by default. Specifying this straight within the configuration file is discouraged. Please use chef-server-ctl set-secret bookshelf secret_access_key from the Secrets and techniques Administration instructions.
opscode_erchef['s3_bucket'] The identify of the Amazon Easy Storage Service (S3) bucket. Default worth: bookshelf.
bookshelf['vip'] The digital IP tackle or host identify of the Amazon Easy Service (S3) API. Default worth: 127.0.0.1.

An instance chef-server.rb configuration:

bookshelf['vip'] = 's3-external-1.amazonaws.com'
bookshelf['external_url'] = 'https://s3-external-1.amazonaws.com'
bookshelf['access_key_id'] = ''
bookshelf['secret_access_key'] = ''
opscode_erchef['s3_bucket'] = ''

Elective Settings

The next elective settings are additionally accessible and will require
modification when utilizing an outside S3 supplier:

opscode_erchef['nginx_bookshelf_caching'] Whether or not Nginx is used to cache cookbooks. When :on, Nginx serves up the cached content material as an alternative of forwarding the request. Default worth: :off.
opscode_erchef['s3_parallel_ops_fanout'] Default worth: 20.
opscode_erchef['s3_parallel_ops_timeout'] Default worth: 5000.
opscode_erchef['s3_url_expiry_window_size'] The frequency at which distinctive URLs are generated. This worth could also be a particular period of time, i.e. 15m (fifteen minutes) or a share of the worth of s3_url_ttl, i.e. 10%. Default worth: :off.
opscode_erchef['s3_url_ttl'] The period of time (in seconds) earlier than connections to the server expire. If node bootstraps are timing out, enhance this setting. Default worth: 28800.

Exterior PostgreSQL

The next diagram highlights the precise modifications that happen when
PostgreSQL is configured and managed independently of the Chef Infra
Server configuration.

image

The next desk describes the parts in an outside PostgreSQL
configuration which can be totally different from the default configuration of the
Chef Infra Server:

Chef Infra Server The Chef Infra Server configuration file is up to date to level to an independently configured set of servers for PostgreSQL.

PostgreSQL

PostgreSQL is the info storage repository for the Chef Infra Server.

This represents the independently configured set of servers which can be working PostgreSQL and are configured to behave as the info retailer for the Chef Infra Server.

PostgreSQL Settings

Use the next configuration settings within the chef-server.rb file to
configure outside PostgreSQL to be used with the Chef Infra Server:

postgresql['db_superuser']

Required when postgresql['external'] is about to true. The
PostgreSQL consumer identify. This consumer have to be granted both the
CREATE ROLE and CREATE DATABASE permissions in PostgreSQL or be
granted SUPERUSER permission. This consumer should even have an entry in
the host-based authentication configuration file utilized by PostgreSQL
(historically named pg_hba.conf). Default worth:
'superuser_userid'.

postgresql['db_superuser_password']

The password for the consumer specified by postgresql['db_superuser'].
Required when postgresql['external'] is about to true.

The db_superuser_password will also be set utilizing
chef-server-ctl set-db-superuser-password from the Secrets and techniques
Administration
instructions.

postgresql['external']

Required. Set to true to run PostgreSQL outside to the Chef Infra
Server. Should be set as soon as solely on a brand new set up of the Chef
Infra Server earlier than the primary chef-server-ctl reconfigure command
is run. If that is set after a reconfigure or set to false, any
reconfigure of the Chef Infra Server will return an error. Default
worth: false.

postgresql['port']

Elective when postgresql['external'] is about to true. The port on
which the service is to hear. The port utilized by PostgreSQL if that
port is not 5432. Default worth: 5432.

postgresql['vip']

Required when postgresql['external'] is about to true. The digital
IP tackle. The host for this IP tackle have to be on-line and
reachable from the Chef Infra Server by way of the port specified by
postgresql['port']. Set this worth to the IP tackle or hostname
for the machine on which outside PostgreSQL is positioned when
postgresql['external'] is about to true.

Elective Settings

The next elective settings are required when configuring outside
PostgreSQL on Microsoft Azure:

bookshelf['sql_connection_user']

The PostgreSQL consumer identify in '[email protected]' format (e.g.
'[email protected]_postgresql.postgres.database.azure.com'), the place
username would usually equal the worth of bookshelf['sql_user']
(default: 'bookshelf'). This setting is required in an
outside Azure PostgreSQL database-as-a-service configuration. If
set to nil, Chef Infra Server assumes that the database just isn’t on
Azure and the PostgreSQL connection will probably be made utilizing the worth
laid out in bookshelf['sql_user'] Default worth: nil.

oc_bifrost['sql_connection_user']

The PostgreSQL consumer identify in '[email protected]' format (e.g.
'[email protected]_postgresql.postgres.database.azure.com'), the place
username would usually equal the worth of
oc_bifrost['sql_user'] (default: 'bifrost'). This setting is
required in an outside Azure PostgreSQL database-as-a-service
configuration. If set to nil, Chef Infra Server assumes that the
database just isn’t on Azure and the PostgreSQL connection will probably be made
utilizing the worth laid out in oc_bifrost['sql_user']. Default
worth: nil.

oc_id['sql_connection_user']

The PostgreSQL consumer identify in '[email protected]' format (e.g.
'[email protected]_postgresql.postgres.database.azure.com'), the place
username would usually equal the worth of oc_id['sql_user']
(default: 'od_id'). This setting is required in an outside
Azure PostgreSQL database-as-a-service configuration. If set to
nil, Chef Infra Server assumes that the database just isn’t on Azure
and the PostgreSQL connection will probably be made utilizing the worth specified
in oc_id['sql_user']. Default worth: nil.

opscode_erchef['sql_connection_user']

The PostgreSQL consumer identify in '[email protected]' format (e.g.
'[email protected]_postgresql.postgres.database.azure.com'), the place
username would usually equal the worth of
opscode-erchef['sql_user'] (default: 'opscode_chef'). This
setting is required in an outside Azure PostgreSQL
database-as-a-service configuration. If set to nil, Chef Infra
Server assumes that the database just isn’t on Azure and the PostgreSQL
connection will probably be made utilizing the worth laid out in
opscode_erchef['sql_user']. Default worth: nil.

postgresql['db_connection_superuser']

The PostgreSQL superuser identify in '[email protected]' format (e.g.
'[email protected]_postgresql.postgres.database.azure.com'), the place
username would usually equal the worth of
postgresql['db_superuser'] with any dashes changed by
underscores. This setting is required in an outside Azure
PostgreSQL database-as-a-service configuration. If set to nil,
Chef Infra Server assumes that the database just isn’t on Azure and the
PostgreSQL connection will probably be made utilizing the worth laid out in
postgresql['db_superuser']. Default worth: nil.

An instance chef-server.rb configuration for Exterior PostgreSQL on
Microsoft Azure:

topology 'standalone'
postgresql['external'] = true
postgresql['vip'] = 'my_postgresql.postgres.database.azure.com'
postgresql['db_superuser'] = 'opscode_pgsql'
postgresql['db_superuser_password'] = 'My_postgres_password1!'
postgresql['db_connection_superuser'] = '[email protected]_postgresql.postgres.database.azure.com'
# postgresql['sslmode']='require' # required if 'Implement SSL connection' is enabled on Azure PostgreSQL
bookshelf['sql_connection_user'] = '[email protected]_postgresql.postgres.database.azure.com'
oc_bifrost['sql_connection_user'] = '[email protected]_postgresql.postgres.database.azure.com'
oc_id['sql_connection_user'] = '[email protected]_postgresql.postgres.database.azure.com'
opscode_erchef['sql_connection_user'] = '[email protected]_postgresql.postgres.database.azure.com'

Bookshelf Settings

In cases that require cookbooks to be saved inside a SQL backend,
resembling in a excessive availability setup, you could set the storage_type to
:sql:

bookshelf['storage_type'] = :sql
READ  Verify Web site Internet hosting Supplier - Who's Internet hosting a Web site

Leave a Reply

Your email address will not be published. Required fields are marked *