Monomaniacal littlechef: launching cloud servers, user cookbook, nagios cookbook, and DNS

I’m on a monomaniacal littlechef quest at home. See, I burned a weekend helping a friend set up her chef and vagrant infrastructure some months ago. And I wrote about it. And I figured that it would eventually get back to it and re-do all of my servers. Then I spent some time in sysadmin hell and ended up needing to re-construct my sites from the backups and realized that now was the time to fix this.

So I’ve been setting up a optimized version of the “hey, I’m a nerd and a bit OCD and don’t just want to use google for my email and for my blog” setup that’s actually a bit easier to work with. And I’m using littlechef and librarian to make it happen. This is great, because you’ve finally got industrial-strength hacker-grade tooling… but without the requirement of running giant pieces of infrastructure just to get things moving.

I’ll write about it a little more, but I’ve found a few interesting quirks that I’m just going to document some discoveries and issues and whatnot so that I don’t forget they are there.

Cloud server bringup

What I did this time around was using the knife-rackspace plugin and some custom pre-provisioning scripts that I had lying around from some previous hacking. Which then gives me a textual report that tells me the root password and IP address. Then I ran fix node:ip-address-here deploy_chef to do the real bootstrapping. And then I can run fix node:ip-address-here role:base and it will create for me a node in the nodes/ directory and start the process.

This also means that I’m deploying as root and so I just used the users cookbook to deploy a SSH key. I am not sure if this is a bright idea. I work with two smart and hardworking DevOps engineers who may or may tell me that I’m being silly for doing this.

What I really want is some sort of a knife command that creates the server, deploys chef, and then creates a node object in the kitchen.

There’s littlechef-rackspace for this, but it wrappers things too much.

Why the users cookbook fails

Now, part of what makes littlechef work 95% of the time perfectly is that it transparently inserts chef-solo-search. Except that the present version of the databag search (there’s a PR out there that integrates a newer version that hasn’t been merged to mainline) won’t be detected properly by the users cookbook and therefore puts out a message reminding you that you need to have chef-solo-search running.

So I just went in to providers/manage.rb and hacked the check so that it always succeeds.

Why the nagios cookbook fails

Now, part of what littlechef does is avoid forcing you to set up a chef server. This is good. Chef servers are a pain in the rear to maintain in many situations and really really hard to make really resiliant. But there’s still some code in various places that sits around and tries to call up the chef server.

What happens is that you start in on a rabbit hole wonderng why the Nagios cookbook is asking for a client.pem file. And you might, like me, actually create a valid client.pem file in the absense of a chef server only to discover that it’s trying to call up the chef server.

Well, I’d gotten part way through re-creating the nagios recipe, but as it turns out, there’s libraries/data_bag_helper.rb that calls Chef::DataBag.list which isn’t wrappered properly for chef-solo or littlechef. So I just removed that optimization and now it works. That should make the deploy slightly faster in the case where you’ve got a partial nagios config and haven’t set up the full suite of Nagios databags… but it’s just getting in your way with the chef-solo case.

DNS cookbooks

There’s not a really great way to do DNS.

I suspect there could be. Same way that most things work — do a node search for attributes which can be used to generate a DNS record for a domain. And you could create a dns cookbook that would handle bare DNS constraints and then be able to pick between cloud DNS and BIND.

I’m a nut, so I spent enough time actually trying to understand how DNS works quite a few years ago before the days of systems to make DNS easy and am quite comfortable configuring BIND.

I tried a few of the cookbooks in an attempt to automate things but just hacked up a quick cookbook that drops some files in there because I got bored.