title | description | author | tags | date_published |
---|---|---|---|---|
Zero-to-Deploy with Chef on Google Cloud |
Learn how to manage Compute Engine with Chef. |
djmailhot |
Compute Engine, Chef |
2018-06-14 |
David Mailhot | Developer Programs Engineer | Google
Contributed by Google employees.
This tutorial shows how to quickly set up infrastructure on Google Cloud with the Chef configuration management tool. You will start from nothing and end with provisioning and configuring multiple resources on Google Cloud using open source Chef cookbooks.
- Demonstrate an example configuration management workflow using a single machine running Chef Client.
- Show how to install and use the Chef Google Cloud cookbooks.
- Create a new Google Cloud project or select an existing one in the Cloud Console.
- Enable a billing account.
- Install the Cloud SDK.
This tutorial uses billable components of Google Cloud, including Compute Engine.
New Google Cloud users might be eligible for a free trial.
This tutorial is written using the us-east1-b Compute Engine zone. You may choose any zone.
This tutorial is written using the Ubuntu 16.04 LTS machine image. You may use any machine image that supports Chef. See the list of all supported distributions for Chef Client.
- In the Cloud Console, go to the Compute Engine >> VM Instances page.
- Click the Create Instance button.
- Set Name to
chef-workstation
. - For Zone, choose us-east1-b.
- For Machine type, choose f1-micro.
- In the Boot disk section, click Change to begin configuring your boot disk.
- In the Preconfigured image tab, choose Ubuntu 16.04 LTS.
- Click Select at the bottom of the dialog.
- Click the Create button at the bottom to create the instance.
You can also use the gcloud
command instead:
gcloud compute instances create chef-workstation --machine-type f1-micro \
--image-family ubuntu-1604-lts --image-project ubuntu-os-cloud \
--zone us-east1-b
It will take a few moments to create your new instance.
You'll need a service account key to authorize Chef to manage your GCP project.
- In the Cloud Platform Console, go to IAM & admin >> Service Accounts.
- If prompted, select your Google Cloud project.
- Click the Create Service Account button.
- Set Name to
chef-service-account
. - For Role, choose Project >> Editor.
- Check the box Furnish a new private key.
- For Key type, select JSON.
- Click Create at the bottom of the dialog.
The service account key should be automatically downloaded to your computer as a
JSON file with a name like YOUR_PROJECT_NAME-12345678abcdef.json
.
You can also use the gcloud
command instead:
gcloud iam service-accounts create chef-service-account --display-name \
"chef service account"
gcloud iam service-accounts keys create ~/chef-account-key.json \
--iam-account chef-service-account@YOUR_PROJECT_NAME.iam.gserviceaccount.com
In this case, the service account key will be downloaded as
~/chef-account-key.json
.
After your service account key is downloaded, you'll need to upload it to your
new chef-workstation
Compute Engine instance:
gcloud compute scp /PATH/TO/SERVICE_ACCOUNT_KEY.json \
chef-workstation:credentials.json --project YOUR_PROJECT_NAME --zone \
us-east1-b
-
SSH into your
chef-workstation
instance.gcloud compute ssh chef-workstation --zone us-east1-b
-
Download the chef client package for Ubuntu 16.04.
wget https://packages.chef.io/files/stable/chef/13.8.5/ubuntu/16.04/chef_13.8.5-1_amd64.deb
-
Install it.
sudo dpkg -i chef_*
If you selected a different machine image for your Compute Engine instance, you'll have to download the correct package and install it with the appropriate package manager.
Remain ssh'd into your chef-workstation
instance.
On your chef-workstation
instance:
-
Setup a
cookbooks
directory.mkdir -p .chef/cookbooks cd .chef
-
Configure Git.
git config --global user.email "you@example.com" git config --global user.name "Your Name"
If
git
is not installed, install it:sudo apt-get install git
-
Initialize a Git repo.
git init git commit -m genesis --allow-empty
You should see a message like [master (root-commit) 7d75bc7] genesis
.
Having at least one commit allows you to start downloading Chef cookbooks, as you'll do in the next step.
On chef-workstation
:
-
Download the google-cloud cookbook from the Chef Supermarket via the
knife
command.knife cookbook site install google-cloud
~/.chef/cookbooks
is a default path for theknife cookbook
command. If you want a different path, you'll need to specify it in a custom knife configuration file.
When installation finishes, you should see many new directories in the
cookbooks
directory, such as google-cloud
, google-gauth
, etc.
On chef-workstation
:
-
Create a new recipe directory under the
google-cloud
cookbook.mkdir -p cookbooks/google-cloud/recipes
-
Edit a new recipe file
cookbooks/google-cloud/recipes/default.rb
:gauth_credential 'mycred' do action :serviceaccount path ENV['CRED_PATH'] # e.g. '/path/to/my_account.json' scopes [ 'https://www.googleapis.com/auth/compute' ] end gcompute_zone 'us-west1-a' do action :create project ENV['GCP_PROJECT'] # e.g. 'company-org:chef-gcp-project' credential 'mycred' end gcompute_disk 'instance-test-os-1' do action :create source_image 'projects/ubuntu-os-cloud/global/images/family/ubuntu-1604-lts' zone 'us-west1-a' project ENV['GCP_PROJECT'] credential 'mycred' end gcompute_network 'mynetwork-test' do action :create project ENV['GCP_PROJECT'] credential 'mycred' end gcompute_region 'us-west1' do action :create project ENV['GCP_PROJECT'] credential 'mycred' end gcompute_address 'instance-test-ip' do action :create region 'us-west1' project ENV['GCP_PROJECT'] credential 'mycred' end gcompute_machine_type 'n1-standard-1' do action :create zone 'us-west1-a' project ENV['GCP_PROJECT'] credential 'mycred' end gcompute_instance 'instance-test' do action :create machine_type 'n1-standard-1' disks [ { boot: true, auto_delete: true, source: 'instance-test-os-1' } ] network_interfaces [ { network: 'mynetwork-test', access_configs: [ { name: 'External NAT', nat_ip: 'instance-test-ip', type: 'ONE_TO_ONE_NAT' } ] } ] zone 'us-west1-a' project ENV['GCP_PROJECT'] credential 'mycred' end
This example code is pulled from the Google Compute Engine Chef Cookbook.
-
Set the appropriate environment variables. You can directly inline these values in the code; they are parameterized like this for your convenience.
# The service account key JSON file you uploaded earlier to # '~/credentials.json'. However, CRED_PATH requires an absolute path. export CRED_PATH='/home/USERNAME/credentials.json' export GCP_PROJECT='YOUR_PROJECT_NAME'
Feel free to experiment with more example code from any of the other Google Cloud cookbooks. (e.g. the Google Cloud SQL Chef Cookbook).
On chef-workstation
, run chef-client
in 'local mode' with your recipe:
chef-client --local-mode --runlist 'recipe[google-cloud::default]'
You should see output streaming by as the command operates. It should terminate
with something like Chef Client finished, 2/8 resources updated in 35 seconds
.
Awesome! You just provisioned a Compute Engine instance on Google Cloud using a single machine running Chef Client. You can check the status of your Compute Engine instance on the VM Instances page.
After you've finished this tutorial, you can clean up the resources you created on Google Cloud Platform so you won't be billed for them in the future. The following sections describe how to delete or turn off these resources.
The easiest way to eliminate billing is to delete the project you created for the tutorial.
To delete the project:
- In the Cloud Platform Console, go to the Projects page.
- Click the trash can icon to the right of the project name.
Warning: Deleting a project has the following consequences:
If you used an existing project, you'll also delete any other work you've done in the project. You can't reuse the project ID of a deleted project. If you created a custom project ID that you plan to use in the future, you should delete the resources inside the project instead. This ensures that URLs that use the project ID, such as an appspot.com URL, remain available.
To delete your Compute Engine instances:
- In the Cloud Platform Console, go to the VM Instances page.
- Click the checkbox next to the instances named
chef-workstation
,instance-test
, and any other instances you may have provisioned via Chef. - Click the Delete button at the top of the page to delete the instances.
You can use the gcloud
command instead:
# Run on your local machine, _not_ the chef-workstation instance.
gcloud compute instances delete chef-workstation --zone us-east1-b
gcloud compute instances delete instance-test --zone us-east1-b
# Repeat with any other instances you may have made.