Sunday, May 3, 2015

Managing your Azure infrastructure as code - Part 2 (Chef)

In the previous post on managing azure infrastructure in code, we've seen how to leverage the capabilities of PowerShell to fully automate provisioning your Azure infrastructure. By using the capabilities of PowerShell its now easy to define the set of polices in code or a DSC configuration file, that can be used to provision the infrastructure and bring it to the desired state. With this, the effort required to manually install and configure components or software on the machines are eliminated and can be done in a consistent manner across the DTAP street.

With the introduction of tools like Chef, Puppet etc. the focus on automation has been improved and can give a completely new experience in managing the infrastructure. In this post, we'll see how to the combination of Chef and Azure can be utilized to deliver infrastructure as code that can be used to manage the Azure VM's.

About Chef:

Before we dive into the details, we'll have a quick overview of Chef and the associated components.
The main components of a Chef infrastructure is Server, Workstation, client and nodes as given below.

  1. The Chef server acts as a hub for configuration data. The Chef server stores cookbooks, the policies that are applied to nodes, and metadata that describes each registered node that is being managed by the chef-client. Nodes use the chef-client to ask the Chef server for configuration details, such as recipes, templates, and file distributions. Clients communicate with the server to get the right configuration elements from the server and apply it to the nodes.
  2. The workstation is the development machine from which configuration elements like cookbooks, recipes and policies are defined. Configuration elements are synchronized with the chef-repo and uploaded to the server with knife command. The knife commands are executed from the Chef Workstation to manage our infrastructure.
  3. A node is any physical, virtual, or cloud machine that is configured to be maintained by a chef-client. The Chef client is an agent that sits on the servers that needs to be managed.

To start with the Chef infrastructure, you need to first manage the Chef server. There are 3 types of Chef servers.
  1. Hosted Chef: The is the server that is hosted by Chef. For most of scenarios you should be able to use this server. For our example we’ll be using the hosted server.
  2. Enterprise Chef: This server is available on premise and has to be managed by the you.
  3. Open Source Chef: is a free version of Chef Server.

Managing your Chef Infrastructure:

You can sign up free for the hosted chef server at After the signup process, you can download the starter kit that can be installed at the workstations to manage your cookbooks and other resources. You need to copy the files from the starter kit to a folder in your workstation, that will used to manage the configuration, keys etc. for the chef infrastructure. 

To manage the Azure infrastructure, Chef needs to access the publish settings file from your Azure subscription. You can run the Get-AzurePublishSettingsFile cmdlet at the PowerShell prompt in your Azure machine to download the settings file. The file should be copied to the workstation and added the knife.rb file to specify the chef specific configuration details for the knife. Refer to this link at Chef documentation for more details on the knife.rb file

To manage the Azure infrastructure we’ll use the azure-knife resource, a knife plugin to create, delete, and enumerate Microsoft Azure resources to be managed by Chef. This plugin is distributed as a Ruby Gem. To install it, run: gem install knife-azure at the command prompt. Depending on your system's configuration, you may need to run this command with root/administrator privileges. For this plugin to interact with Azure's REST API, you will need to give Knife information about your Azure account and credentials as knife[:azure_publish_settings_file] = ".publishsettings". The knife.rb file in my workstation looks like.

Creating your Azure Infrastructure:
The knife azure create server command can be used to create an Azure VM using chef.
You can create a server with minimal configuration. On the Azure Management Portal, this corresponds to a "Quick Create - VM". For e.g this command will create a Azure VM with the details given below.

knife azure server create
            --azure-dns-name 'cheftest01'
            --azure-service-location 'West Europe'
            --azure-source-image 'source-image-name-of-windows-server'
            --winrm-user adminusername
            --winrm-password 'adminpassword'

You can use the Get-AzureVMImage |? {$_.Label -like 'Windows Server 2012 R2 Datacenter*' }| select imagename cmdlet to see the Azure images available.

You can also set various other options in the advanced create. Eg: If you want to set the Azure VM Name different from that of the Azure DNS Name, set the option :azure_vm_name. If you want to specify the subscription id etc.

knife azure server create
          --azure-subscription-id ''
          --azure-dns-name 'ChefTestVM01'
          --azure-vm-name 'ChefTestVM01'
          --azure-vm-size 'Small'
          --bootstrap-protocol 'cloud-api'
          --azure-source-image ''
          --azure-service-location 'West Europe'
          --tcp-endpoints 80,3390

Once you run the command, you can see the details either at the command prompt or at the management portal for Windows Azure.

Once the deployment is complete, we should be able to see the virtual machine in your available VM list and should be able to connect to it and use it as any other VM's.

No comments: