ironfan 3.1.7 → 3.2.2
Sign up to get free protection for your applications and to get access to all the features.
- data/CHANGELOG.md +11 -0
- data/Gemfile +15 -12
- data/Rakefile +1 -1
- data/VERSION +1 -1
- data/config/ubuntu10.04-ironfan.erb +10 -0
- data/config/ubuntu11.10-ironfan.erb +10 -0
- data/ironfan.gemspec +29 -54
- data/lib/chef/knife/bootstrap/centos6.2-ironfan.erb +10 -0
- data/lib/chef/knife/bootstrap/ubuntu10.04-ironfan.erb +10 -0
- data/lib/chef/knife/bootstrap/ubuntu11.10-ironfan.erb +10 -0
- data/lib/chef/knife/cluster_kick.rb +7 -2
- data/lib/chef/knife/cluster_launch.rb +3 -0
- data/lib/chef/knife/cluster_ssh.rb +3 -3
- data/lib/chef/knife/ironfan_knife_common.rb +21 -0
- data/lib/chef/knife/ironfan_script.rb +2 -0
- data/lib/ironfan/chef_layer.rb +9 -9
- data/lib/ironfan/cloud.rb +232 -360
- data/lib/ironfan/cluster.rb +3 -3
- data/lib/ironfan/compute.rb +26 -40
- data/lib/ironfan/deprecated.rb +45 -10
- data/lib/ironfan/discovery.rb +1 -1
- data/lib/ironfan/dsl_builder.rb +99 -0
- data/lib/ironfan/facet.rb +2 -3
- data/lib/ironfan/fog_layer.rb +14 -10
- data/lib/ironfan/private_key.rb +1 -1
- data/lib/ironfan/security_group.rb +46 -44
- data/lib/ironfan/server.rb +26 -52
- data/lib/ironfan/server_slice.rb +13 -19
- data/lib/ironfan/volume.rb +47 -59
- data/lib/ironfan.rb +5 -4
- metadata +116 -122
- data/lib/ironfan/dsl_object.rb +0 -124
- data/notes/Backup of ec2-pricing_and_capacity.numbers +0 -0
- data/notes/Home.md +0 -45
- data/notes/INSTALL-cloud_setup.md +0 -103
- data/notes/INSTALL.md +0 -134
- data/notes/Ironfan-Roadmap.md +0 -70
- data/notes/advanced-superpowers.md +0 -16
- data/notes/aws_servers.jpg +0 -0
- data/notes/aws_user_key.png +0 -0
- data/notes/cookbook-versioning.md +0 -11
- data/notes/core_concepts.md +0 -200
- data/notes/declaring_volumes.md +0 -3
- data/notes/design_notes-aspect_oriented_devops.md +0 -36
- data/notes/design_notes-ci_testing.md +0 -169
- data/notes/design_notes-cookbook_event_ordering.md +0 -249
- data/notes/design_notes-meta_discovery.md +0 -59
- data/notes/ec2-pricing_and_capacity.md +0 -69
- data/notes/ec2-pricing_and_capacity.numbers +0 -0
- data/notes/homebase-layout.txt +0 -102
- data/notes/knife-cluster-commands.md +0 -18
- data/notes/named-cloud-objects.md +0 -11
- data/notes/opscode_org_key.png +0 -0
- data/notes/opscode_user_key.png +0 -0
- data/notes/philosophy.md +0 -13
- data/notes/rake_tasks.md +0 -24
- data/notes/renamed-recipes.txt +0 -142
- data/notes/silverware.md +0 -85
- data/notes/style_guide.md +0 -300
- data/notes/tips_and_troubleshooting.md +0 -92
- data/notes/version-3_2.md +0 -273
- data/notes/walkthrough-hadoop.md +0 -168
- data/notes/walkthrough-web.md +0 -166
data/notes/Home.md
DELETED
@@ -1,45 +0,0 @@
|
|
1
|
-
## Overview
|
2
|
-
|
3
|
-
Ironfan, the foundation of The Infochimps Platform, is an expressive toolset for constructing scalable, resilient architectures. It works in the cloud, in the data center, and on your laptop, and it makes your system diagram visible and inevitable. Inevitable systems coordinate automatically to interconnect, removing the hassle of manual configuration of connection points (and the associated danger of human error). For more information about Ironfan and the Infochimps Platform, visit [infochimps.com](https://www.infochimps.com).
|
4
|
-
|
5
|
-
<a name="getting-started"></a>
|
6
|
-
## Getting Started
|
7
|
-
|
8
|
-
* [Installation Instructions](https://github.com/infochimps-labs/ironfan/wiki/INSTALL)
|
9
|
-
* [Web Walkthrough](https://github.com/infochimps-labs/ironfan/wiki/walkthrough-web)
|
10
|
-
* [Ironfan Screencast](http://bit.ly/ironfan-hadoop-in-20-minutes) -- build a Hadoop cluster from scratch in 20 minutes.
|
11
|
-
|
12
|
-
<a name="toolset"></a>
|
13
|
-
### Tools
|
14
|
-
|
15
|
-
Ironfan consists of the following toolset:
|
16
|
-
|
17
|
-
* [ironfan-homebase](https://github.com/infochimps-labs/ironfan-homebase): centralizes the cookbooks, roles and clusters. A solid foundation for any chef user.
|
18
|
-
* [ironfan gem](https://github.com/infochimps-labs/ironfan):
|
19
|
-
- core models to describe your system diagram with a clean, expressive domain-specific language
|
20
|
-
- knife plugins to orchestrate clusters of machines using simple commands like `knife cluster launch`
|
21
|
-
- logic to coordinate truth among chef server and cloud providers.
|
22
|
-
* [ironfan-pantry](https://github.com/infochimps-labs/ironfan-pantry): Our collection of industrial-strength, cloud-ready recipes for Hadoop, HBase, Cassandra, Elasticsearch, Zabbix and more.
|
23
|
-
* [silverware cookbook](https://github.com/infochimps-labs/ironfan-homebase/tree/master/cookbooks/silverware): coordinate discovery of services ("list all the machines for `awesome_webapp`, that I might load balance them") and aspects ("list all components that write logs, that I might logrotate them, or that I might monitor the free space on their volumes".
|
24
|
-
* [Infochimps Platform](http://www.infochimps.com) -- our scalable enterprise big data platform. Ironfan Enterprise adds dynamic orchestration and zero-configuration logging and monitoring.
|
25
|
-
|
26
|
-
<a name="ironfan-way"></a>
|
27
|
-
### Ironfan Concepts
|
28
|
-
|
29
|
-
* [Core Concepts](https://github.com/infochimps-labs/ironfan/wiki/core_concepts) -- Components, Announcements, Amenities and more.
|
30
|
-
* [Philosophy](https://github.com/infochimps-labs/ironfan/wiki/philosophy) -- best practices and lessons learned behind the Ironfan Way
|
31
|
-
* [Style Guide](https://github.com/infochimps-labs/ironfan/wiki/style_guide) -- common attribute names, how and when to include other cookbooks, and more
|
32
|
-
* [Homebase Layout](https://github.com/infochimps-labs/ironfan/wiki/homebase-layout) -- how this homebase is organized, and why
|
33
|
-
|
34
|
-
<a name="documentation"></a>
|
35
|
-
### Documentation
|
36
|
-
|
37
|
-
* [Index of wiki pages](https://github.com/infochimps-labs/ironfan/wiki/_pages)
|
38
|
-
* [ironfan wiki](https://github.com/infochimps-labs/ironfan/wiki): high-level documentation and install instructions
|
39
|
-
* [ironfan issues](https://github.com/infochimps-labs/ironfan/issues): bugs, questions and feature requests for *any* part of the Ironfan toolset.
|
40
|
-
* [ironfan gem docs](http://rdoc.info/gems/ironfan): rdoc docs for Ironfan
|
41
|
-
|
42
|
-
__________________________________________________________________________
|
43
|
-
__________________________________________________________________________
|
44
|
-
__________________________________________________________________________
|
45
|
-
<br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/>
|
@@ -1,103 +0,0 @@
|
|
1
|
-
## Credentials
|
2
|
-
|
3
|
-
* make a credentials repo
|
4
|
-
- copy the knife/example-credentials directory
|
5
|
-
- best to not live on github: use a private server and run
|
6
|
-
|
7
|
-
```
|
8
|
-
repo=ORGANIZATION-credentials ; repodir=/gitrepos/$repo.git ; mkdir -p $repodir ; ( GIT_DIR=$repodir git init --shared=group --bare && cd $repodir && git --bare update-server-info && chmod a+x hooks/post-update )
|
9
|
-
```
|
10
|
-
|
11
|
-
- git submodule it into knife as `knife/yourorg-credentials`
|
12
|
-
- or, if somebody has added it,
|
13
|
-
|
14
|
-
```
|
15
|
-
git pull
|
16
|
-
git submodule update --init
|
17
|
-
find . -iname '*.pem' -exec chmod og-rw {} \;
|
18
|
-
cp knife/${OLD_CHEF_ORGANIZATION}-credentials/knife-user-${CHEF_USER}.rb knife/${CHEF_ORGANIZATION}-credentials
|
19
|
-
cp knife/${OLD_CHEF_ORGANIZATION}-credentials/${CHEF_USER}.pem knife/${CHEF_ORGANIZATION}-credentials/
|
20
|
-
```
|
21
|
-
|
22
|
-
* create AWS account
|
23
|
-
- [sign up for AWS + credit card + password]
|
24
|
-
- make IAM users for admins
|
25
|
-
- add your IAM keys into your `{credentials}/knife-user`
|
26
|
-
|
27
|
-
* create opscode account
|
28
|
-
- download org keys, put in the credentials repo
|
29
|
-
|
30
|
-
## Populate Chef Server
|
31
|
-
|
32
|
-
* create `prod` and `dev` environments by using
|
33
|
-
|
34
|
-
```
|
35
|
-
knife environment create dev
|
36
|
-
knife environment create prod
|
37
|
-
knife environment create stag
|
38
|
-
knife environment from file environments/stag.json
|
39
|
-
knife environment from file environments/dev.json
|
40
|
-
knife environment from file environments/prod.json
|
41
|
-
```
|
42
|
-
|
43
|
-
```
|
44
|
-
knife cookbook upload --all
|
45
|
-
rake roles
|
46
|
-
# if you have data bags, do that too
|
47
|
-
```
|
48
|
-
|
49
|
-
## Create Your Initial Machine Boot-Image (AMI)
|
50
|
-
|
51
|
-
* Start by launching the burninator cluster: `knife cluster launch --bootstrap --yes burninator-trogdor-0`
|
52
|
-
- You may have to specify the template by adding this an anargument: `--template-file ${CHEF_HOMEBASE}/vendor/ironfan/lib/chef/knife/bootstrap/ubuntu10.04-ironfan.erb`
|
53
|
-
- This template makes the machine auto-connect to the server upon launch and teleports the client-key into the machine.
|
54
|
-
- If this fails, bootstrap separately: `knife cluster bootstrap --yes burninator-trogdor-0`
|
55
|
-
|
56
|
-
* Log into the burninator-trogdor and run the script /tmp/burn_ami_prep.sh: `sudo bash /tmp/burn_ami_prep.sh`
|
57
|
-
- You will have to ssh as the ubuntu user and pass in the burninator.pem identity file.
|
58
|
-
- Review the output of this script and ensure the world we have created is sane.
|
59
|
-
|
60
|
-
* Once the script has been run:
|
61
|
-
- Exit the machine.
|
62
|
-
- Go to AWS console.
|
63
|
-
- DO NOT stop the machine.
|
64
|
-
- Do "Create Image (EBS AMI)" from the burninator-trogdor instance (may take a while).
|
65
|
-
|
66
|
-
* Add the AMI id to your `{credentials}/knife-org.rb` in the `ec2_image_info.merge!` section and create a reference name for the image (e.g ironfan-natty).
|
67
|
-
- Add that reference name to the burninator-village facet in the burninator.rb cluster definition: `cloud.image_name 'ironfan_natty'`
|
68
|
-
|
69
|
-
* Launch the burninator-village in order to test your newly created AMI.
|
70
|
-
- The village should launch with no problems, have the correct permissions and be able to complete a chef run: `sudo chef-client`.
|
71
|
-
|
72
|
-
* If all has gone well so far, you may now stop the original burninator: `knife cluster kill burninator-trogdor`
|
73
|
-
- Leave the burninator-village up and stay ssh'ed to assist with the next step.
|
74
|
-
|
75
|
-
## Create an NFS
|
76
|
-
|
77
|
-
* Make a command/control cluster definition file with an nfs facet (see clusters/demo_cnc.rb).
|
78
|
-
- Make sure specify the `image_name` to be the AMI you've created.
|
79
|
-
|
80
|
-
* In the AWS console make yourself a 20GB drive.
|
81
|
-
- Make sure the availability zone matches the one specified in your cnc_cluster definition file.
|
82
|
-
- Don't choose a snapshot.
|
83
|
-
- Set the device name to `/dev/sdh`.
|
84
|
-
- Attach to the burninator-village instance.
|
85
|
-
|
86
|
-
* ssh in to burninator-village to format the nfs drive:
|
87
|
-
```
|
88
|
-
dev=/dev/xvdh ; name='home_drive' ; sudo umount $dev ; ls -l $dev ; sudo mkfs.xfs $dev ; sudo mkdir /mnt/$name ; sudo mount -t xfs $dev /mnt/$name ; sudo bash -c "echo 'snapshot for $name burned on `date`' > /mnt/$name/vol_info.txt "
|
89
|
-
sudo cp -rp /home/ubuntu /mnt/$name/ubuntu
|
90
|
-
sudo umount /dev/xvdh
|
91
|
-
exit
|
92
|
-
```
|
93
|
-
* Back in the AWS console, snapshot the volume and name it `{org}-home_drive`. Delete the original volume as it is not needed anymore.
|
94
|
-
- While you're in there, make `{org}-resizable_1gb` a 'Minimum-sized snapshot, resizable -- use `xfs_growfs` to resize after launch' snapshot.
|
95
|
-
|
96
|
-
* Paste the snapshot id into your cnc_cluster definition file.
|
97
|
-
- ssh into the newly launched cnc_cluster-nfs.
|
98
|
-
- You should restart the machine via the AWS console (may or may not be necessary, do anyway).
|
99
|
-
|
100
|
-
* Manipulate security groups
|
101
|
-
- `nfs_server` group should open all UDP ports and all TCP ports to `nfs_client` group
|
102
|
-
|
103
|
-
* Change /etc/ssh/sshd_config to be passwordful and restart the ssh service
|
data/notes/INSTALL.md
DELETED
@@ -1,134 +0,0 @@
|
|
1
|
-
# Ironfan Installation Instructions
|
2
|
-
|
3
|
-
First of all, every Chef installation needs a Chef Homebase. Chef Homebase is the place where cookbooks, roles, config files and other artifacts for managing systems with Chef will live. Store this homebase in a version control system such as Git and treat it like source code.
|
4
|
-
|
5
|
-
## Conventions
|
6
|
-
|
7
|
-
In all of the below,
|
8
|
-
|
9
|
-
* `{homebase}`: is the directory that holds your Chef cookbooks, roles and so forth. For example, this file is in `{homebase}/README.md`.
|
10
|
-
* `{username}`: identifies your personal Chef client name: the thing you use to log into the Chef WebUI.
|
11
|
-
* `{organization}`: identifies the credentials set and cloud settings to use. If your Chef server is on the Opscode platform (Try it! It's super-easy), use your organization name (the last segment of your chef_server url). If not, use an identifier you deem sensible.
|
12
|
-
|
13
|
-
<a name="initial_install"></a>
|
14
|
-
## Install Ironfan's Gem and Homebase
|
15
|
-
|
16
|
-
_Before you begin, you may wish to fork homebase repo, as you'll be making changes to personalize it for your platform that you may want to share with teammates. If you do so, replace all references to infochimps-labs/ironfan-homebase with your fork's path._
|
17
|
-
|
18
|
-
1. Install system prerequisites (libXML and libXSLT). The following works under Debian/Ubuntu:
|
19
|
-
|
20
|
-
sudo apt-get install libxml2-dev libxslt1-dev
|
21
|
-
|
22
|
-
1. Install the Ironfan gem (you may need to use `sudo`):
|
23
|
-
|
24
|
-
gem install ironfan
|
25
|
-
|
26
|
-
1. Clone the repo. It will produce the directory we will call `homebase` from now on:
|
27
|
-
|
28
|
-
git clone https://github.com/infochimps-labs/ironfan-homebase homebase
|
29
|
-
cd homebase
|
30
|
-
bundle install
|
31
|
-
git submodule update --init
|
32
|
-
git submodule foreach git checkout master
|
33
|
-
|
34
|
-
<a name="knife-configuration"></a>
|
35
|
-
## Configure Knife and Add Credentials
|
36
|
-
|
37
|
-
Ironfan expands out the traditional singular [knife.rb](http://wiki.opscode.com/display/chef/Knife#Knife-ConfiguringYourSystemForKnife) into several components. This modularity allows for better management of sensitive shared credentials, personal credentials, and organization-wide configuration.
|
38
|
-
|
39
|
-
### Set up
|
40
|
-
|
41
|
-
_Note_: If your local username differs from your Opscode Chef username, then you should `export CHEF_USER={username}` (eg from your `.bashrc`) before you run any knife commands.
|
42
|
-
|
43
|
-
So that Knife finds its configuration files, symlink the `{homebase}/knife` directory (the one holding this file) to be your `~/.chef` folder.
|
44
|
-
|
45
|
-
cd {homebase}
|
46
|
-
ln -sni $CHEF_HOMEBASE/knife ~/.chef
|
47
|
-
|
48
|
-
<a name="credentials"></a>
|
49
|
-
### Credentials Directory
|
50
|
-
|
51
|
-
All the keys and settings specific to your organization are held in a directory named `credentials/`, versioned independently of the homebase.
|
52
|
-
|
53
|
-
To set up your credentials directory, visit `{homebase}/knife` and duplicate the example, naming it `credentials`:
|
54
|
-
|
55
|
-
cd $CHEF_HOMEBASE/knife
|
56
|
-
rm credentials
|
57
|
-
cp -a example-credentials credentials
|
58
|
-
cd credentials
|
59
|
-
git init ; git add .
|
60
|
-
git commit -m "New credentials universe for $CHEF_ORGANIZATION" .
|
61
|
-
|
62
|
-
You will likely want to store the credentials in another remote repository. We recommend erring on the side of caution in its hosting. Setting that up is outside the scope of this guide, but there [good external resources](http://book.git-scm.com/3_distributed_workflows.html) available to get you started.
|
63
|
-
|
64
|
-
<a name="download"></a>
|
65
|
-
### Download Cloud Credentials
|
66
|
-
|
67
|
-
You will need to obtain user keys from your cloud providers. Your AWS access keys can be obtained from [Amazon IAM](https://console.aws.amazon.com/iam/home):
|
68
|
-
|
69
|
-
![Reset AWS User Key](https://github.com/infochimps-labs/ironfan/wiki/aws_user_key.png)
|
70
|
-
|
71
|
-
__________________________________________________________________________
|
72
|
-
|
73
|
-
Your Opscode user key can be obtained from the [Opscode Password settings](https://www.opscode.com/account/password) console:
|
74
|
-
|
75
|
-
![Reset Opscode User Key](https://github.com/infochimps-labs/ironfan/wiki/opscode_user_key.png)
|
76
|
-
|
77
|
-
__________________________________________________________________________
|
78
|
-
|
79
|
-
Your Opscode organization validator key can be obtained from the [Opscode Organization management](https://manage.opscode.com/organizations) console, by choosing the `Regenerate validation key` link:
|
80
|
-
|
81
|
-
![Reset Opscode Organization Key](https://github.com/infochimps-labs/ironfan/wiki/opscode_org_key.png)
|
82
|
-
|
83
|
-
__________________________________________________________________________
|
84
|
-
|
85
|
-
|
86
|
-
<a name="org"></a>
|
87
|
-
### User / Organization-specific config
|
88
|
-
|
89
|
-
Edit the following in your new `credentials`:
|
90
|
-
|
91
|
-
* Organization-specific settings are in `knife/credentials/knife-org.rb`:
|
92
|
-
- _organization_: Your organization name
|
93
|
-
- _chef server url_: Edit the lines for your `chef_server_url` and `validator`. _Note_: If you are an Opscode platform user, you can skip this step -- your `chef_server_url` defaults to `https://api.opscode.com/organizations/#{organization}` and your validator to `{organization}-validator.pem`.
|
94
|
-
- Cloud-specific settings: if you are targeting a cloud provider, add account information and configuration here.
|
95
|
-
|
96
|
-
* User-specific settings are in `knife/credentials/knife-user-{username}.rb`. (You can duplicate and rename the one in `knife/example-credentials/knife-user-example.rb`). For example, if you're using Amazon EC2 you should set your access keys:
|
97
|
-
|
98
|
-
Chef::Config.knife[:aws_access_key_id] = "XXXX"
|
99
|
-
Chef::Config.knife[:aws_secret_access_key] = "XXXX"
|
100
|
-
Chef::Config.knife[:aws_account_id] = "XXXX"
|
101
|
-
|
102
|
-
* Chef user key is in `{credentials_path}/{username}.pem`
|
103
|
-
|
104
|
-
* Organization validator key in `{credentials_path}/{organization}-validator.pem`
|
105
|
-
|
106
|
-
* If you have existing Amazon machines, place their keypairs in `{credentials_path}/ec2_keys`. Ironfan will also automatically populate this with new keys as new clusters are created. Commit the resulting keys back to the credentials repo to share them with your teammates, or they will be unable to make certain calls against the resulting architecture.
|
107
|
-
|
108
|
-
<a name="go_speed_racer"></a>
|
109
|
-
## Try it out
|
110
|
-
|
111
|
-
You should now be able to use Knife to control your clusters:
|
112
|
-
|
113
|
-
$ knife cluster list
|
114
|
-
+--------------------+---------------------------------------------------+
|
115
|
-
| cluster | path |
|
116
|
-
+--------------------+---------------------------------------------------+
|
117
|
-
| burninator | /cloud/clusters/burninator.rb |
|
118
|
-
| el_ridiculoso | /cloud/clusters/el_ridiculoso.rb |
|
119
|
-
| elasticsearch_demo | /cloud/clusters/elasticsearch_demo.rb |
|
120
|
-
| hadoop_demo | /cloud/clusters/hadoop_demo.rb |
|
121
|
-
| sandbox | /cloud/clusters/sandbox.rb |
|
122
|
-
+--------------------+---------------------------------------------------+
|
123
|
-
|
124
|
-
Launching a cluster in the cloud should now be this easy!
|
125
|
-
|
126
|
-
knife cluster launch sandbox-simple --bootstrap
|
127
|
-
|
128
|
-
## Next
|
129
|
-
|
130
|
-
The README file in each of the subdirectories for more information about what goes in those directories. If you are bored of reading, go customize one of the files in the 'clusters/ directory'. Or, if you're a fan of ridiculous things and have ever pondered how many things you can fit in one box, launch el_ridiculoso:. It contains every single recipe we have ever made stacked on top of one another.
|
131
|
-
|
132
|
-
knife cluster launch el_ridiculoso-gordo --bootstrap
|
133
|
-
|
134
|
-
For more information about configuring Knife, see the [Knife documentation](http://wiki.opscode.com/display/chef/knife).
|
data/notes/Ironfan-Roadmap.md
DELETED
@@ -1,70 +0,0 @@
|
|
1
|
-
# Ironfan Roadmap
|
2
|
-
|
3
|
-
## Summary
|
4
|
-
|
5
|
-
- I. Ironfan-ci
|
6
|
-
- II. DSL Undercarriage / OpenStack
|
7
|
-
- III. Cookbook Updates
|
8
|
-
- IV. Keys Handling
|
9
|
-
- V. Silverware Update
|
10
|
-
- VI. Ironfan Knife
|
11
|
-
- VII. Orchestration
|
12
|
-
|
13
|
-
## Detailed Roadmap
|
14
|
-
|
15
|
-
### Ironfan-CI (I)
|
16
|
-
Jenkins on laptop (Done)
|
17
|
-
Jenkins runs VM sees output of test
|
18
|
-
Translate announcement to cucumber lines
|
19
|
-
Implement as necessary new Cuken tests
|
20
|
-
|
21
|
-
### Openstack / Multi-cloud (II)
|
22
|
-
* Learn Openstack
|
23
|
-
* (get accts @ a couple providers + eucalytus)
|
24
|
-
* Fog (library we use, ec2 only?) compatibility with some tear-out
|
25
|
-
* Depends on DSL Object above
|
26
|
-
* Move stuff in Fog_layer to be methods on Cloud Object
|
27
|
-
* cloud(:ec2, ‘us_east’) do
|
28
|
-
* cores 1
|
29
|
-
* end
|
30
|
-
* Cloud Statement is just a layer, not its own object
|
31
|
-
* (Cloud loses to everything else, we think)
|
32
|
-
|
33
|
-
### Ironfanize Rest of Cookbooks (III)
|
34
|
-
* Debugging and updating exercise.
|
35
|
-
* Ironfan-ci accelerates
|
36
|
-
* Zabbix
|
37
|
-
* MySql
|
38
|
-
* Map to order of operations
|
39
|
-
* Clean Separation of tight-bound services
|
40
|
-
* Resque’s Redis
|
41
|
-
* Flume’s Zookeeper
|
42
|
-
|
43
|
-
### DSL Object / Librarification (Mix)
|
44
|
-
* New DSL Object (II)
|
45
|
-
* Unify Models in Silverware/lib & Ironfan/lib (Birth of the Ironfan API Interface) (II)
|
46
|
-
* Birth of the Ironfan API Interface (V)
|
47
|
-
* Clean up Announcment Interface (framework) (V)
|
48
|
-
* Merge Volume (VIII)
|
49
|
-
* Actual Model for a dummy node (VIII)
|
50
|
-
* Refactor deploy code across cookbooks (III)
|
51
|
-
* Discovers component is an aspect endowed upon a component when it discovers another component to find out what depends on a service (V)
|
52
|
-
* Key Databag Rollout (IV)
|
53
|
-
|
54
|
-
### Ironfan-knife (VI)
|
55
|
-
* Separate SSH user as “Machine” or “Me”
|
56
|
-
* Better Error Messages
|
57
|
-
* Verbose vs. Sustained
|
58
|
-
* Clearout Issues
|
59
|
-
* Refactor Cluster into definitions - “Stacks” (Roles that are smarter)
|
60
|
-
* Role Replacement
|
61
|
-
* (Design doc forthcoming)
|
62
|
-
|
63
|
-
### Orchestration (VI/VII)
|
64
|
-
* System diagram /reporting (VII)
|
65
|
-
* Ticketed Worker Queue to run steps (bring up a Hadoop cluster, for instance) (VII)
|
66
|
-
* Rundeck? Juju? (VII)
|
67
|
-
* Activity stream (VII)
|
68
|
-
* Helpers (VII)
|
69
|
-
* API Frontend (VII)
|
70
|
-
* Richer Slice Queries (VI)
|
@@ -1,16 +0,0 @@
|
|
1
|
-
### Set up Knife on your local machine, and a Chef Server in the cloud
|
2
|
-
|
3
|
-
If you already have a working chef installation you can skip this section.
|
4
|
-
|
5
|
-
To get started with knife and chef, follow the "Chef Quickstart,":http://wiki.opscode.com/display/chef/Quick+Start We use the hosted chef service and are very happy, but there are instructions on the wiki to set up a chef server too. Stop when you get to "Bootstrap the Ubuntu system" -- cluster chef is going to make that much easier.
|
6
|
-
|
7
|
-
* [Launch Cloud Instances with Knife](http://wiki.opscode.com/display/chef/Launch+Cloud+Instances+with+Knife)
|
8
|
-
* [EC2 Bootstrap Fast Start Guide](http://wiki.opscode.com/display/chef/EC2+Bootstrap+Fast+Start+Guide)
|
9
|
-
|
10
|
-
### Auto-vivifying machines (no bootstrap required!)
|
11
|
-
|
12
|
-
On EC2, you can make a machine that auto-vivifies -- no bootstrap necessary. Burn an AMI that has the `config/client.rb` file in /etc/chef/client.rb. It will use the ec2 userdata (passed in by knife) to realize its purpose in life, its identity, and the chef server to connect to; everything happens automagically from there. No parallel ssh required!
|
13
|
-
|
14
|
-
### EBS Volumes
|
15
|
-
|
16
|
-
Define a `snapshot_id` for your volumes, and set `create_at_launch` true.
|
data/notes/aws_servers.jpg
DELETED
Binary file
|
data/notes/aws_user_key.png
DELETED
Binary file
|
@@ -1,11 +0,0 @@
|
|
1
|
-
Cookbook Versioning and Tracking
|
2
|
-
================================
|
3
|
-
|
4
|
-
@temujin9 please complete and correct
|
5
|
-
|
6
|
-
* git tag labels the *release* of a cookbook version: tag 'cookbooks-elasticsearch-3.1.7' denotes the *last* commit to that tag.
|
7
|
-
* The next commit will be the one that bumps the version number: the `metadata.rb` will then read '3.1.8'.
|
8
|
-
|
9
|
-
Periodically, we will release a 'gold' version set and push those to the opscode cookbook community site.
|
10
|
-
|
11
|
-
*
|
data/notes/core_concepts.md
DELETED
@@ -1,200 +0,0 @@
|
|
1
|
-
# Ironfan Core Concepts
|
2
|
-
|
3
|
-
<a name="TOC"></a>
|
4
|
-
|
5
|
-
* [Build your architecture from clusters of cooperating machines](#clusters)
|
6
|
-
|
7
|
-
* [Decoupled *Components* connect](#components)
|
8
|
-
|
9
|
-
* [Components *Announce* their capabilities](#announcements)
|
10
|
-
|
11
|
-
* [Announcements enable *Service Discovery*](#discovery)
|
12
|
-
|
13
|
-
* [Components announce cross-cutting *Aspects*](#aspects)
|
14
|
-
|
15
|
-
* [Aspects enable zero-conf *Amenities*](#amenities) -
|
16
|
-
|
17
|
-
* [Announcements effectively define a component's *Contract*](#contract)
|
18
|
-
|
19
|
-
* [Contracts enable zero-conf *specification testing*](#specs)
|
20
|
-
|
21
|
-
* [Specs + monitoring enable zero-conf *integration testing*](#ci)
|
22
|
-
|
23
|
-
* [Systems *Bind* to provisioned resources](#binding)
|
24
|
-
|
25
|
-
* [Binding declarations enable *Resource Sharing*](#resource-sharing)
|
26
|
-
|
27
|
-
<a name="overview"></a>
|
28
|
-
### Overview
|
29
|
-
|
30
|
-
Ironfan is your system diagram come to life. In ironfan, you use Chef to assemble and configure components on each machine. Ironfan assembles those machines into clusters -- a group of machines united to provide an important service. For example, at Infochimps one cluster of machines serves the webpages for infochimps.com; another consists only of elasticsearch machines to power our API; and another runs the lightweight goliath proxies that implement our API. Our data scientists are able to spin up and shut down terabyte-scale hadoop clusters in minutes. All this is supported by an Ops team of one -- who spends most of his time hacking on Ironfan.
|
31
|
-
|
32
|
-
The powerful abstractions provided by Chef and Ironfan enables an autowiring system diagram, inevitable best practices in the form of "amenities", and a readable, testable contract for each component in the stack.
|
33
|
-
|
34
|
-
<a name="clusters"></a><a name="facets"></a>
|
35
|
-
### Clusters and Facets
|
36
|
-
|
37
|
-
A `cluster`, as mentioned, groups a set of machines around a common purpose. Within that cluster, you define `facet`s: a set of servers with identical components (and nearly identical configuration).
|
38
|
-
|
39
|
-
For example, a typical web stack cluster might have these facets:
|
40
|
-
|
41
|
-
* `webnode`s: nginx reverse-proxies requests to a pool of unicorns running Rails
|
42
|
-
* `mysql`: one or many MySQL servers, with attached persistent storage
|
43
|
-
* `qmaster`s: a redis DB and resque front end to distribute batch-processing tasks
|
44
|
-
* `qworkers`s: resque worker processes
|
45
|
-
|
46
|
-
<a name="components"></a>
|
47
|
-
### Components
|
48
|
-
|
49
|
-
As you can see, the details of a machine largely follow from the list its `component`s: `mysql_server`, `resque_dashboard`, and so forth. What's a component? If you would draw it in a box on your system diagram, want to discover it from elsewhere, or it it forms part of the contract for your machine, it's a component.
|
50
|
-
|
51
|
-
Some systems have more than one component: the `ganglia` monitoring system has a component named `agent` to gather operating metrics, and a component named `master` to aggregate those metrics.
|
52
|
-
|
53
|
-
Those examples all describe daemon processes that listen on ports, but component is more general that that -- it's any isolatable piece of functionality that is interesting to an outside consumer. Here is a set of example systems we'll refer to repeatedly:
|
54
|
-
|
55
|
-
* *Ganglia*, a distributed system monitoring tool. The `agent` components gather and exchange system metrics, and the `master` component aggregates them. A basic setup would run the `master` component on a single machine, and the `agent` component on many machines (including the master). In order to work, the master must discover all agents, and each agent must discover the master.
|
56
|
-
|
57
|
-
* *Elasticsearch* is a powerful distributed document database. A basic setup runs a single `server` component on each machine. Elasticsearch handles discovery, but needs a stable subset of them to declare as discovery `seed`s.
|
58
|
-
|
59
|
-
* *Nginx* is a fast, lightweight webserver (similar to apache). Its `server` component can proxy web requests for one or many web apps. Those apps register a `site` component, which defines the receiving address (public/private/local), how the app connects to nginx (socket, port, files).
|
60
|
-
|
61
|
-
* *Pig* is a Big Data analysis tool that works with Hadoop, Elasticsearch and more. It provides an executable, and imports jars from hadoop, elasticsearch and others.
|
62
|
-
|
63
|
-
<a name="announcements"></a>
|
64
|
-
### Components *Announce* their capabilities
|
65
|
-
|
66
|
-
Notice the recurring patterns: *capabilities* (serve webpages, execute script, send metrics, answer queries), *handles* (ip+port, jars, swarm), *aspects* (ports, daemons, logs, files, dashboards).
|
67
|
-
|
68
|
-
The Silverware cookbook lets your services `announce` their capabilities and `discover` other resources.
|
69
|
-
|
70
|
-
Chef cookbooks describe the related components that form a system. You should always have a recipe, separate from the `default` recipe, that clearly corresponds to the component: the `ganglia` cookbook has `master` and `agent` recipes; the `pig` cookbook has `install_from_package` and `install_from_release` recipes. Those recipes are grouped together into Chef roles that encapsulate the component: the `elasticsearch_server` role calls the recipes to install the software, start the daemon process, and write the config files, each in the correct order.
|
71
|
-
|
72
|
-
Cookbooks do *not* bake in assumptions about their scale or about the machine they're on. The same Elasticsearch cookbook can deploy a tiny little search box to sit next to a web app, or one server in a distributed terabyte scale database.
|
73
|
-
|
74
|
-
<a name="discovery"></a>
|
75
|
-
### Announcements enable *Service Discovery*
|
76
|
-
|
77
|
-
The `discover` and `discover_all` connect decoupled components. Your systems
|
78
|
-
|
79
|
-
* Don't care whether the discovered components are on the same machine, different machines, or a remote data center.
|
80
|
-
* Don't care about the number of underlying machines -- the whole thing might run on your laptop while developing, across a handful of nodes in staging, and on dozens of nodes in production.
|
81
|
-
* Don't necessarily care about the actual system -- your load balancer doesn't care whether it's nginx or apache or anything else, it just wants to discover the correct set of `webnode`s.
|
82
|
-
|
83
|
-
<a name="aspects"></a>
|
84
|
-
### Components announce cross-cutting *Aspects*
|
85
|
-
|
86
|
-
Besides the component's capabilities, the announcement also describes its aspects: cross-cutting attributes common to many components.
|
87
|
-
|
88
|
-
* **log**: write data to a log file.
|
89
|
-
* **daemon**: long-running process. Can specify run state, resource bounds, etc.
|
90
|
-
* **port**: serves data over a port. Can specify the protocol, performance expectations, etc.
|
91
|
-
* **dashboard**: HTML, JMX, etc -- internal component metrics and control
|
92
|
-
* **executable**: executes scripts
|
93
|
-
* **export**: libraries, `jar`s, `conf` files, etc
|
94
|
-
* **consumes**: registered whenever you `discover` another component
|
95
|
-
|
96
|
-
<a name="amenities"></a>
|
97
|
-
### Aspects enable zero-conf *Amenities*
|
98
|
-
|
99
|
-
Typically, consumers discover their provider, and the provider is unconcerned with which consumers it attends to. Ironfan lets you invert this pattern: decoupled `amenities` find components they can cater to.
|
100
|
-
|
101
|
-
* A log aspect would enable the following amenities
|
102
|
-
- `logrotated` to intelligently manage its logs
|
103
|
-
- `flume` to archive logs to a predictable location
|
104
|
-
- If the log is known to be an apache web log, a flume decorator can track rate and duration of requests and errors.
|
105
|
-
* A port aspect would enable
|
106
|
-
- zeroconf configuration of firewall and security groups
|
107
|
-
- remote monitors to regularly pinging the port for uptime and latency
|
108
|
-
- and pings the interfaces that it should *not* appear on to ensure the firewall is in place?
|
109
|
-
|
110
|
-
<a name="contracts"></a>
|
111
|
-
### Announcements effectively define a component's *Contract*
|
112
|
-
|
113
|
-
The announcements that components make don’t just facilitate discovery. In a larger sense, they describe the external contract for the component.
|
114
|
-
|
115
|
-
When `nginx` announces that it listens on `node[:nginx][:http_port] = 80`, it is promising a capability (namely, that http requests to that port return certain results). When elasticsearch announces that it runs the `elasticsearch` daemon, it promised that the daemon will be running, with the right privileges, and not consuming more than its fair share of resources.
|
116
|
-
|
117
|
-
<a name="specs"></a>
|
118
|
-
### Contracts enable zero-conf *Specification Testing*
|
119
|
-
|
120
|
-
|
121
|
-
|
122
|
-
* A daemon aspect
|
123
|
-
- implies a process should be running
|
124
|
-
- owned by the right user
|
125
|
-
- with a stable PID
|
126
|
-
- and live within defined memory bounds
|
127
|
-
* A log aspect
|
128
|
-
- should be open and receiving content from the process
|
129
|
-
- should contain lines showing successful startup (and not contain lines matching an error).
|
130
|
-
* A dashboard/JMX/metrics aspect:
|
131
|
-
- actual configuration settings as read out of the running app should match those drawn from the node attributes. No more finding out a setting was overridden by some hidden config file.
|
132
|
-
- should have a healthy heartbeat and status
|
133
|
-
|
134
|
-
[Ironfan-CI](http://github.com/infochimps-labs/ironfan-ci) uses the announcement to create a suite of detailed [Cucumber](http://cukes.info) (via [Cuken](https://github.com/hedgehog/cuken)) feature tests that document and enforce the machine's contract. You're not limited to just the zeroconf tests: it's easy to drop in additional cucumber specs.
|
135
|
-
|
136
|
-
Ironfan-CI is young -- it's for the tenacious zealot only -- but is the subject of current work and developing fast.
|
137
|
-
|
138
|
-
<a name="ci"></a>
|
139
|
-
### Specs + Monitoring enable zero-conf *Full-stack Testing*
|
140
|
-
|
141
|
-
You can now look at monitoring as the equivalent of a full-stack continuous integration test suite. The same announcement that Ironfan-CI maps into cucumber statements can as well drive your favorite monitoring suite (or more likely, the monitoring suite you hate the least).
|
142
|
-
|
143
|
-
The Ironfan Enterprise product ships with Zabbix, which is actually pretty loveable -- even moreso when you don't have to perform fiddly repeated template definitions.
|
144
|
-
|
145
|
-
<a name="binding"></a>
|
146
|
-
### Systems *Bind* to provisioned resources
|
147
|
-
|
148
|
-
Components should adapt to their machine, but be largely unaware of its defaul arrangement. One common anti-pattern we see in many cookbooks is to place data at some application-specific absolute path, to assume a certain layout of volumes.
|
149
|
-
|
150
|
-
When my grandmother comes to visit, she quite reasonably asks for a room with a comfortable bed and a short climb. This means that at my apartment, she stays in the main bedroom and I use the couch. At my brother's house, she stays in the downstairs guest room, while my brother and sister-in-law stay in their bedroom.
|
151
|
-
|
152
|
-
Suppose Grandmom instead always chose 'the master bedroom on the first floor' no matter how the house was set up. At my apartment, she'd find herself in the parking garage. At my brother's house, she'd find herself in a crowded bed and uninvited from returning to visit.
|
153
|
-
|
154
|
-
Similarly, the well-mannered cookbook does not hard-code a large data directory onto the root partition. The root drive is the private domain of the operating system; typically, there's a large and comfortably-appointed volume just for it to use. On the other hand, hard-coding a location of `/mnt/external2` will end in tears if I'm testing the cookbook on my laptop, where no such drive exists.
|
155
|
-
|
156
|
-
The solution is to request for volumes by their characteristics, and defer to the machine's best effort in meeting that request.
|
157
|
-
|
158
|
-
# Data striped across all persistent dirs
|
159
|
-
volume_dirs('foo.datanode.data') do
|
160
|
-
type :persistent, :bulk, :fallback
|
161
|
-
selects :all
|
162
|
-
mode "0700"
|
163
|
-
end
|
164
|
-
|
165
|
-
# Scratch space for indexing, striped across all scratch dirs
|
166
|
-
volume_dirs('foo.indexer.journal') do
|
167
|
-
type :fast, local, :bulk, :fallback
|
168
|
-
selects :first
|
169
|
-
mode "0755"
|
170
|
-
end
|
171
|
-
|
172
|
-
Another example of this is binding to a network interface. Unfortunately most cookbooks choose the primary address; most of ours choose the 'private' interface if any and fall back to the primary.
|
173
|
-
|
174
|
-
The right pattern here is
|
175
|
-
* provisioners tag resources
|
176
|
-
* cookbooks to request the best match to their purpose
|
177
|
-
* at the cookbook's option, if no good match is found use a fallback or raise an exception
|
178
|
-
|
179
|
-
<a name="resource-sharing"></a>
|
180
|
-
### Binding declarations enable *Resource Sharing*
|
181
|
-
|
182
|
-
Resource sharing is yet another place where an assertive announcement can enable best practices.
|
183
|
-
|
184
|
-
Right now, most java-based components hard-code a default JVM heap size. This can lead to a situation where a component shows up on a 16GB machine with 1GB heap allocated, or where five components show up on a 0.7GB machine each with 1GB allocated.
|
185
|
-
|
186
|
-
We instead deserve a deft but highly predictable way to apportion resources (disks, ram, etc). Nothing that gets in the way of explicit tuning, but one which gives a reasonable result in the default case.
|
187
|
-
|
188
|
-
The Hadoop cookbook has an initial stab at this, but for the most part Resource Sharing is on the roadmap but not yet in place.
|
189
|
-
|
190
|
-
|
191
|
-
__________________________________________________________________________
|
192
|
-
|
193
|
-
### Learn More
|
194
|
-
|
195
|
-
[Aspect-Oriented Programming](http://en.wikipedia.org/wiki/Aspect-oriented_programming): The Ironfan concept of `aspects` as cross-cutting concerns is taken from AOP. Amenities don't correspond precisely to join cuts etc., so don't take the analogy too far. (Or perhaps instead help us understand how to take the analogy the rest of the way.)
|
196
|
-
|
197
|
-
|
198
|
-
Ironfan's primary models form a component-based approach to building a [Service-Oriented Architecture](http://msdn.microsoft.com/en-us/library/aa480021.aspx). Model examples of a modern SOA include the [Netflix API](http://www.slideshare.net/danieljacobson/the-futureofnetflixapi) (see [also](http://techblog.netflix.com/2011/12/making-netflix-api-more-resilient.html)) and [Postrank](http://www.igvita.com/2011/03/08/goliath-non-blocking-ruby-19-web-server/) (see [also](http://www.igvita.com/2010/01/28/cluster-monitoring-with-ganglia-ruby/)).
|
199
|
-
|
200
|
-
|
data/notes/declaring_volumes.md
DELETED
@@ -1,36 +0,0 @@
|
|
1
|
-
|
2
|
-
Examples of concerns that tend to be crosscutting include:
|
3
|
-
|
4
|
-
Synchronization -- (declare an action dependency, trigger, event)
|
5
|
-
Real-time constraints
|
6
|
-
Feature interaction
|
7
|
-
Memory management
|
8
|
-
- data checks
|
9
|
-
- feature checks
|
10
|
-
* security
|
11
|
-
- firewall rules
|
12
|
-
- access control
|
13
|
-
Logging
|
14
|
-
Monitoring
|
15
|
-
Business rules
|
16
|
-
Tuning
|
17
|
-
Refactor pivot
|
18
|
-
|
19
|
-
|
20
|
-
AOP:
|
21
|
-
|
22
|
-
- Scattered (1:n) / Tangled (n:1)
|
23
|
-
- join point: hook
|
24
|
-
- point cut: matches join points
|
25
|
-
- advice: behavior evoked at point cut
|
26
|
-
|
27
|
-
* Interception
|
28
|
-
- Interjection of advice, at least around methods.
|
29
|
-
* Introduction
|
30
|
-
- Enhancing with new (orthogonal!) state and behavior .
|
31
|
-
* Inspection
|
32
|
-
- Access to meta-information that may be exploited by pointcuts or
|
33
|
-
advice.
|
34
|
-
* Modularization
|
35
|
-
- Encapsulate as aspects.
|
36
|
-
|