- From: dreamcat four <
>
- To:
- Subject: [chef] Re: Re: Re: Ideas for using Chef across VPN
- Date: Sun, 16 May 2010 18:58:01 +0100
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type; b=OG9GoLjfKlwEkdbRH00N3QJ+v7X4tI0DxVcrY5aL3aMV15oPNbhHl5OJHupQVMzUzu DFKH2E7SpUJLWSJSrOqi89YDQXAsmd2DZZbBw2rQhSwEkknyl2fbOzizwplS0v62yi8y dFq2EQLJsjALTMl5QbQFyjmTC4ZmQLh/8W5NE=
On Sun, May 16, 2010 at 5:36 PM, Dmitry V'yal
<
>
wrote:
>
On 05/16/2010 05:33 PM, dreamcat four wrote:
>
>
>
> It seems a good point to start from.
>
>
>
> Its certainly possible to run a chef-server on some workstation which
>
> has good connectivity and is always on. It is important that the
>
> computer has enough spare memory for chef-server stack. I figure thats
>
> about 1-2 ruby processes (for merb), plus java and solr. Something
>
> like 200-400Mb RAM. Hosting inside a Virtual Machine will add a bit
>
> more RAM to those basic requirements.
>
>
>
> Of course the search index will be offline whenever chef-server is
>
> offline. If the search index matters, it depends for what reasons the
>
> search index is being used by the client nodes. That can come later
>
> on, and it doesnt really matter to begin with.
>
>
Can you please give an example of what it may be useful for? I'm still
>
struggling with all the concepts and don't have a finished picture in my
>
head.
Search index will hold dynamic information about your nodes. It is
useful for allowing nodes to sense each other and auto-configure.
For example a load balancer node might need to know the list of other
nodes to which it is sending requests to. A search query in a chef
recipe for the load balancer role can update the configuration file of
the load balancer software. The chef index / search query will return
in ruby the list of active nodes which are up and active, and
configured to the web server role.
When one of the nodes with the web server role becomes offline, it is
removed from the index on the chef server. Then the next time the load
balancer updates, it is removed from the load balancer. Same for
adding new nodes.
Adam has a screencast showing this example. Its somewhere in the
archives for the Opscode blog.
>
>
>
> For the VPN, that seems better and more flexible than SSH tunnel. Some
>
> VPN providers like LogMeIn Hamachi are free to try out for
>
> non-commercial use, and will provide you a virtual VPN gateway server
>
> for your VPN hub. You are going to need to write some cookbook to
>
> setup the VPN software locally on your nodes. It should be well worth
>
> the time / effort. Such a recipe can be included for the chef-solo
>
> bootstrap run.
>
>
My plan was to bootstrap openvpn server along with the chef-client on the
>
VPS and openvpn clients on the other hosts. After that I would be able to do
>
the remaining configuration through chef-server.
>
Yeah, most people use OpenVPN. Although today I found 2 alternatives
to OpenVPN. These are perhaps useful if OpenVPN does not work through
your Firewall.
http://www.neorouter.com
http://www.neorouter.com/wiki/index.php/NeoRouterWiki:ServerSetup#Install_NeoRouter_server_for_Linux
http://files.hamachi.cc/linux/
http://networkshamachi.com/default.asp?page=mac-os-x-hamachi
>
>
>
> Be sure to go to chef irc channels for help / advice.
>
>
I'm already there. It's a very nice place with many helpful people I must
>
say. The only problem is what probably most of them are inactive around
>
midday gmt+4 then I'm cooking )
>
>
>
Archive powered by MHonArc 2.6.16.