Docker Docker Docker Chef
Config Management CampGhent, BelgiumFebruary 2016
Sean [email protected]
@someara
whoami
Part 1
Remember the time
Remember that time we didn’t need configuration management because we had packaging?
Remember that time the cloud came out and we didn’t need sysadmins?
Remember that time when we didn’t need schemas because we had MongoDB?
Repeat after me
CONFIGURATION MANAGEMENT AND
IMMUTABLE INFRASTRUCTURE
ARE NOT MUTUALLY EXCLUSIVE
Say it again
CONFIGURATION MANAGEMENT AND
IMMUTABLE INFRASTRUCTURE
ARE NOT MUTUALLY EXCLUSIVE
We good?
The Docker cookbook
Configuration Management is not restricted to files, directories, packages and services
Configuration Management tests and repairs any programmable noun
Images are nouns
Containers are nouns
hello world
Install ChefDK
git clone https://github.com/someara/chef-docker-tutorial
kitchen test
git checkout v0.0.1git checkout v0.1.0git checkout v0.1.1git checkout v0.2.0git checkout v0.2.1git checkout v0.3.0git checkout v0.3.1
metadata.rb
.kitchen.yml
recipes/hello.rb
kitchen converge hellokitchen login hello
docker imagesdocker ps -adocker logs hello-world
git add . git commit -a -m “v0.1.0 - hello”git tag v0.1.0
Bug report: “hello is not idempotent”
kitchen converge hellokitchen converge hello
kitchen login hellodocker ps -a docker logs hello-world
hello-world exits after every run
This is expected!
http://gliderlabs.com/
recipes/hello.rb
rubocop \&& rspec \&& kitchen test hello
metadata.rb
git add . git commit -a -m “v0.1.1 - hello”git tag v0.1.1
Recipe work Kitchen work Behavior testing Unit Final Acceptance Commit
.kitchen.yml
recipes/echo.rb
Docker Containers have 40+ (and growing) runtime API options
kitchen converge echokitchen converge echokitchen login echo
docker imagesdocker ps -adocker logs an_echo_serverdocker inspect an_echo_serverecho "hi" | nc localhost 7
test/integration/echo/inspec/run_spec.rb
rubocop \&& rspec \&& kitchen test echo
metadata.rb
git add . git commit -a -m “v0.2.0 - echo”git tag v0.2.0
Security team recommends a change…
Service should listen on explicitly defined interfaces
kitchen converge echokitchen login echonetstat -anp
Listening on :::7 Let’s fix that.
recipes/echo.rb
test/integration/echo/inspec/run_spec.rb
rubocop \&& rspec \&& kitchen test echo
metadata.rb
git add . git commit -a -m “v0.2.1 - echo patch”git tag v0.2.1
recipes/web.rb
recipes/web.rb
kitchen converge webkitchen converge webkitchen login webdocker imagesdocker ps -acurl localhostdocker logs bob
test/integration/web/inspec/run_spec.rb
rubocop \&& rspec \&& kitchen test web
metadata.rb
git add . git commit -a -m “v0.3.0 - web”git tag v0.3.0
Marketing team recommends a change…
Bob wasn’t there.
kitchen converge webkitchen login webcurl localhost
Bob was here. Let’s fix that.
recipes/web.rb
test/integration/echo/inspec/run_spec.rb
rubocop \&& rspec \&& kitchen test web
metadata.rb
git add . git commit -a -m “v0.3.1 - echo patch”git tag v0.3.1
Part 2
Experimental status Soon to be renamed something less clever
Removes bootstrap overhead Uses Docker volumes Chef not baked into images Works on Travis
https://github.com/someara/kitchen-dokken/
Install ChefDK chef gem install kitchen-dokken
git clone https://github.com/someara/hello_dokken
kitchen list docker ps -a
kitchen create docker ps -a
Chef container Data container Runner container
docker run \ —volumes-from chef \ —volumes-from data \ imagename \ chef-client
docker diff suitename
https://travis-ci.org/someara/etcd-cookbook
fin