OpenStack Heat

A resource for executing chef cookbooks with chef-solo.

Registered by andrew plunk on 2013-11-05

Chef is a powerful configuration management tool, that has many "cookbooks" written for it, which we should be able to use within heat. A resource should be made which can download cookbooks, setup attributes/databags/roles, and execute the cookbooks against heat resources.

Technical Implementation possibilities:

1. Use berkshelf and/or librarian chef to download cookbooks. These tools are common within the chef community so template writers using this resource will understand the syntax.

2. Use knife solo to write encrypted data bags and allow for data bag search within the downloaded cookbooks.

3. Keep the chef configuration resource separate from the resources it acts on. This means that the chef_solo resource will not subclass any compute resource.

4. Store an ssh public/private keypair for updating chef resources in the future.

The template will basically have 4 parts:
1. (Berks|Chef)file:
-To specify which cookbooks to download

2.node_json:
-Specify the run_list (the recipies/roles to execute and in which order).
-Allows you to specify attributes to be used during the chef-run.

3. data_bags:
-Allow you to create databags that can be searched during a chef run.
-These can be encrypted.
-The outermost key will specify which databag to put the list of databag items in.

4. Roles:
-Allows you to specify roles that can be used in a chef run.

Here is an example template:

    mysql_server:
        type: "Rackspace::Cloud::Server"
        properties:
            flavor: {get_param: mysql_server_flavor}
            image: 23b564c9-c3e6-49f9-bc68-86c7a9ab5018
            name: { get_param: mysql_server_name }
            key_name: {get_param: key_name}

    mysql_config:
        type: "OS::Heat::ChefSolo"
        properties:
            public_key: {get_param: public_key}
            private_key: {get_param: private_key}
            hosts: [{get_attr: [mysql_server, PublicIp]}]
            Berksfile: |
                site :opscode
                cookbook 'build-essential'
                cookbook 'chef-client'
                cookbook 'apt'
                cookbook 'mysql'

            node_json:
                mysql:
                    server_root_password: {get_param: mysql_root_password}
                run_list: [
                    "recipe[build-essential]",
                    "recipe[apt]",
                    "recipe[mysql::server]",

            data_bags:
                mysql: [
                   {
                   id: {get_param: stack_id}
                    encrypted: true
                    data:
                        mysql:
                            host: {get_attr: [mysql_server, PrivateIp]}
                            database_name: {get_param: database_name}
                   }
                ]

Blueprint information

Status:: Complete

Approver:: None

Priority:: Undefined

Drafter:: None

Direction:: Needs approval

Assignee:: andrew plunk

Definition:: Obsolete

Series goal:: None

Implementation:: Slow progress

Milestone target:: None

Started by: andrew plunk on 2013-11-06

Completed by: Steve Baker on 2013-11-20

Related branches

Related bugs

Sprints

Whiteboard

Gerrit topic: https://review.openstack.org/#q,topic:bp/chef-solo-resource,n,z

Addressed by: https://review.openstack.org/55208
Chef solo resource

(stevebaker) Thanks for this, it will help when we implement the Chef SoftwareConfig resource as part of blueprint hot-software-config. I will obsolete this for now. There may be a new blueprint to implement the Chef SoftwareConfig resource in the future when we're ready for that.

(?)

Work Items

This blueprint contains Public information

Everyone can see this information.

Subscribers

No subscribers.