The OpenCrowbar community created a Chef-Provisioning driver that allows you to quickly build hardware clusters using Chef cookbooks.
When we started using Chef in 2011, there was a distinct gap around bootstrapping systems. The platform did a great job of automation and even connecting services together (via the Search anti-pattern, see below) but lacked a way to build the initial clusters automatically.
The current answer to this problem from Chef is refreshingly simply: a cookbook API extension called Chef Provisioning. This approach uses the regular Chef DSL in recipes to create request and bind a cluster into Chef. Basically, the code simply builds an array of nodes using an API that creates the nodes if they are missing from the array in the code. Specifically, when a node is missing from the array, Chef calls out to create the node in an external system.
For clouds, that means using the API to request a server and then inject credentials for Chef management. It’s trickier for physical gear because you cannot just make a server in the configuration you need it in. Physical systems must first be discovered and profiled to ready state: the system must know how many NICs and disk drives are available to correctly configure the hardware prior to laying down the Operating System.
Consequently, Chef Provisioning automation is more about reallocation of existing discovered physical assets to Chef. That’s exactly the approach the OpenCrowbar team took for our Chef Provisioning driver.
OpenCrowbar interacts with Chef Provisioning by pulling nodes from the System deployment into a Chef Provisioning deployment. That action then allows the API client to request specific configurations like Operating System or network that need to be setup for Chef to execute. Once these requests are made, Crowbar will simply run its normal annealing processes to ready state and then injects the Chef credentials. Chef waits until the work queue is empty and then takes over management of the asset. When Chef is finished, Crowbar can be instructed to reconfigure the node back to a base state.
Does that sound simple? It is simple because the Crowbar APIs match the Chef needs very cleanly.
It’s worth noting that this integration is a great test of the OpenCrowbar API design. Over the last two years, we’ve evolved the API to make it more final result focused. Late binding is a critical concept for the project and the APIs reflect that objective. For Chef Provisioning, we allow the integration to focus on simple requests like “give me a node then put this O/S on the node and go.” Crowbar has the logic needed to figure out how to accomplish those objectives without much additional instruction.
Bonus Side Note: Why Search can become an anti-pattern?
Search is an incredibly powerful feature in Chef that allows cross-role and cross-node integration; unfortunately, it’s also very difficult to maintain as complexity and contributor counts grow. The reason is that search creates “forward dependencies” in the scripts that require operators creating data to be aware of downstream, hidden consumers. High Availability (HA) is a clear example. If I add a new “cluster database” role to the system then it is very likely to return multiple results for database searches. That’s excellent until I learn that my scripts have coded search to assume that we only return one result for database lookups. It’s very hard to find these errors since the searches are decoupled and downstream of the database cookbook. Ultimately, the community had to advise against embedded search for shared cookbooks
Great writeup, Rob.
A small note: Chefs might bristle at calling it a DSL. Chef recipes are pure ruby.
A larger note, and beyond the scope of this post – but it’s worth mentioning: The eventual consistency model embodied in the Chef search feature does have its important place in service discovery and hands-off management. Great products like Consul and other distributed databases make it a much safer model.
Wrapping both models – eventual consistency and directed graph – into one comprehensible whole is just what Crowbar’s Annealer gives you… You might want to link your posts about that here.
Thanks for the nice write up!
> Chefs might bristle at calling it a DSL. Chef recipes are pure ruby.
Chef provides a DSL that written in Ruby. That DSL implements the Resource/Provider model as well as other features. Because we use Ruby, you can insert Ruby in a recipe at any time.
Chef-Provisioning extends the DSL to implement resources (and providers) to manage infrastructure components, such as instances, load balancers, and bare metal.
Rob was spot on in his description of Chef and is how we at Chef explain it to new Chef users.
LikeLiked by 1 person
Pingback: Manage Hardware like a BOSS – latest OpenCrowbar brings API to Physical Gear | Rob Hirschfeld