Announcing AWS OpsWorks for Chef Automate - January 2017 AWS Online Tech Talks

31
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amir Golan Senior Product Manager Announcing AWS OpsWorks for Chef Automate Configuration Management on AWS

Transcript of Announcing AWS OpsWorks for Chef Automate - January 2017 AWS Online Tech Talks

Page 1: Announcing AWS OpsWorks for Chef Automate - January 2017 AWS Online Tech Talks

© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Amir Golan

Senior Product Manager

Announcing AWS OpsWorks for Chef Automate

Configuration Management on AWS

Page 2: Announcing AWS OpsWorks for Chef Automate - January 2017 AWS Online Tech Talks

What to expect from this session?

Understand how configuration management lets you refer to your infrastructure as code

Understand how AWS can help you use configuration management to save time

Discover the best practices of setting up your infrastructure, host configuration, and application

Page 3: Announcing AWS OpsWorks for Chef Automate - January 2017 AWS Online Tech Talks

Background

Moving to the cloud and AWS allows you to provision and manage infrastructure in new ways:

Scale can be achieved without complicated capacity planningInfrastructure can be provisioned in minutesYou are now a part of a fast moving environment that requires constant attention

Page 4: Announcing AWS OpsWorks for Chef Automate - January 2017 AWS Online Tech Talks

What is configuration management?

A practice in which code is used to define and maintain the state of both new and existing resources throughout their entire life cycle.

Page 5: Announcing AWS OpsWorks for Chef Automate - January 2017 AWS Online Tech Talks

Why do I need configuration management?

Store your configuration information in one place Spin up blank resources that work perfectly every time Make changes things in a single place and propagate them Create dev and test environments that mimic your production

Page 6: Announcing AWS OpsWorks for Chef Automate - January 2017 AWS Online Tech Talks

Compute Resources Operating System and Host Configuration Application Configuration

Amazon Elastic Compute Cloud (EC2)On-premises compute resources (Servers)…

FilesDirectories Networking SymlinksMountsRegistry KeyUsersGroupsPackages Filesystems…

Application dependenciesApplication configurationService registrationCredentials…

Page 7: Announcing AWS OpsWorks for Chef Automate - January 2017 AWS Online Tech Talks

Infrastructure needs ongoing management

Package updates? New software? New configurations? New app deployments? Environment specific changes? Run commands across all hosts? Be on top of all running resources?

Page 8: Announcing AWS OpsWorks for Chef Automate - January 2017 AWS Online Tech Talks

Ongoing management requires proper tooling

Some common challenges: Changing a vhost configuration on every web server across

multiple environments (dev, stage, prod) Installing a package on certain hosts to test out newer versions Changing LDAP config on every running Amazon EC2 Linux host

What tools can I use to tackle some of these challenges?

Page 9: Announcing AWS OpsWorks for Chef Automate - January 2017 AWS Online Tech Talks
Page 10: Announcing AWS OpsWorks for Chef Automate - January 2017 AWS Online Tech Talks

What is Chef Automate?

Refer to your infrastructure as code (cookbooks & recipes) Consistently install, configure, manage, deploy and scale

applications Align resources with specific policies Save time by automating manual tasks

Page 11: Announcing AWS OpsWorks for Chef Automate - January 2017 AWS Online Tech Talks

How does it work?

Simple client-server architecture

Connecting resources to a Chef server

Resources pull configuration updates from the Chef server Config A Config B

Page 12: Announcing AWS OpsWorks for Chef Automate - January 2017 AWS Online Tech Talks

How can you set this up?1. Setup the Chef server with cookbooks, recipes roles.

2. Install the Chef client on the instance (or server).

3. Register the instance with the Chef server as a Chef node.

4. Assign node with a role (e.g. web server, app server, db server).

5. The Chef client pulls the recipes from Chef server (based on role).

6. The Chef server determines the applicable recipes (by role).

7. The Chef client applies the recipes on the node by doing a “Chef run”.

8. The Chef client pulls the Chef server every 30 minutes.

Page 13: Announcing AWS OpsWorks for Chef Automate - January 2017 AWS Online Tech Talks

How does it look like?

The Chef client pulls configuration updates from the Chef server every 30 minutes.

The Chef client will only make configuration changes when the node is out of spec.

The Chef client can react to changes using by using Chef search.

Page 14: Announcing AWS OpsWorks for Chef Automate - January 2017 AWS Online Tech Talks

Support for community tools

ChefDK Knife Chef Client Community cookbooks and recipes TestKitchen

kitchen create

kitchen converge

kitchen login verify kitchen

destroy

Page 15: Announcing AWS OpsWorks for Chef Automate - January 2017 AWS Online Tech Talks

Chef recipe example – configure Apache

# Install Apache and start the service.httpd_service ‘default' do listen_ports ['81', '82'] threadlimit '4096' action [:create, :start]end

# Add the site configuration.httpd_config ‘default' do instance ‘default' source ‘mysite.conf.erb' notifies :restart, 'httpd_service[default]'end.....

Page 16: Announcing AWS OpsWorks for Chef Automate - January 2017 AWS Online Tech Talks

Chef recipe example – configure Apache

# Create the document root directory.directory '/var/www/default/public_html' do recursive trueend

# Write the home page.file '/var/www/default/public_html/index.html' do content '<html>This is a placeholder</html>' mode '0644' owner 'web_admin' group 'web_admin'end

.....

Page 17: Announcing AWS OpsWorks for Chef Automate - January 2017 AWS Online Tech Talks

Chef recipe example – configure PHP

# Install the mod_php5 Apache module.httpd_module 'php5' do instance ‘default'end

# Install php5-mysql.package 'php5-mysql' do action :install notifies :restart, 'httpd_service[default]'end

Page 18: Announcing AWS OpsWorks for Chef Automate - January 2017 AWS Online Tech Talks

Get visibility into the state of your nodes

Visibility – A view into convergence, compliance, cookbooks, recipes and more.

Page 19: Announcing AWS OpsWorks for Chef Automate - January 2017 AWS Online Tech Talks

Not only a Configuration Management tool

Workflow – A continuous delivery pipeline of infrastructure and applications.

Page 20: Announcing AWS OpsWorks for Chef Automate - January 2017 AWS Online Tech Talks

Not only a Configuration Management tool

Compliance - Discovery and analysis of compliance risks across environments

Page 21: Announcing AWS OpsWorks for Chef Automate - January 2017 AWS Online Tech Talks

AWS OpsWorks for Chef Automate

Page 22: Announcing AWS OpsWorks for Chef Automate - January 2017 AWS Online Tech Talks

What is AWS OpsWorks for Chef Automate?

The place you go to for configuration management on AWS

Offers a fully managed Chef Automate server

OpsWorks

Page 23: Announcing AWS OpsWorks for Chef Automate - January 2017 AWS Online Tech Talks

How can I create an AWS managed Chef server?

Easy to get started, get a Chef Automate server in 10 minutes.

Page 24: Announcing AWS OpsWorks for Chef Automate - January 2017 AWS Online Tech Talks

What else can I set up?

Setup a weekly maintenance window

Automatic security updatesAutomatic Chef version upgrades

Page 25: Announcing AWS OpsWorks for Chef Automate - January 2017 AWS Online Tech Talks

What else can I set up?

Setup a daily/weekly backup schedule

Page 26: Announcing AWS OpsWorks for Chef Automate - January 2017 AWS Online Tech Talks

What else is left for me to do?

Nothing, this is a fully managed configuration management service:Automatic backupsAutomatic security updatesAutomatic Chef software updates

You can focus on writing cookbooks and recipes that meet your needs.

Page 27: Announcing AWS OpsWorks for Chef Automate - January 2017 AWS Online Tech Talks

What other benefits do I get from the service?

Automatic instance to Chef server registration Secure and easy scaling using Auto Scaling Groups No separate license fees, only pay for what you use Supports both Amazon EC2 and on-prem resources Best practices, AWS support and guidance

Page 28: Announcing AWS OpsWorks for Chef Automate - January 2017 AWS Online Tech Talks

Where does it come in the tool chain?

Bootstrap instances with the right configuration Update the configuration of running instances Assure instances comply with a pre-defined policy A part of your Continues Integration and Continues

Delivery pipeline

Page 29: Announcing AWS OpsWorks for Chef Automate - January 2017 AWS Online Tech Talks

Live Demo

Page 30: Announcing AWS OpsWorks for Chef Automate - January 2017 AWS Online Tech Talks

How do I get started?

Grab some community cookbooks

https://supermarket.chef.io/

Learn more

https://www.chef.io/automate/

Get started

https://aws.amazon.com/opsworks/

Page 31: Announcing AWS OpsWorks for Chef Automate - January 2017 AWS Online Tech Talks

Thank you!