Using MCollective with Chef

MCollective is a Ruby framework “to build server orchestration or parallel job execution systems”. Using messaging middleware (currently STOMP) for communication, a server running on each node can announce its existence, receive requests, and respond with structured data. Writing clients and agents is a straightforward exercise – while you’ll need to know enough Ruby to implement your desired functionality, the framework itself adds little complexity. A number of non-core plugins are available on github.

Although it often seems that MCollective goes hand-in-hand with Puppet, there’s no technical limitation behind this. It can quite readily be used with any other configuration management tool, or none at all. The plugins supporting integration with Puppet may be a little more mature today, but users of Chef won’t be missing out on anything.

Installation

To satisfy MCollective’s requirement for a STOMP server, it’s easiest to use ActiveMQ. For Ubuntu users, this can be easily installed using a cookbook from the Opscode site. After installation, we need to configure the service for use by MCollective – for simplicity, we’ll use the sample configuration from the Getting Started documentation.

See this gist for the necessary changes to the ActiveMQ cookbook.

The community site didn’t have a cookbook to install MCollective, so I’ve been working on one to fill the gap. I’ve released it on the community site, but be warned – this is my first attempt at writing a public cookbook, and your mileage may vary. You can find the source repository on github.

Demonstration

We can use Vagrant to make a simple demonstration using a single node. In practice, there’s not much point to running MCollective on just a single node – fortunately, using these cookbooks on a group of nodes (with Chef Server) is similarly straightforward. The repository for this demonstration is on github – the Vagrantfile specifies a “natty64” base box, but anything from “lucid” onwards should work.

$ git clone git://github.com/zts/vagrant-mcollective-chef-ubuntu.git Cloning into vagrant-mcollective-chef-ubuntu... remote: Counting objects: 68, done. remote: Compressing objects: 100% (38/38), done. remote: Total 68 (delta 12), reused 68 (delta 12) Receiving objects: 100% (68/68), 30.34 KiB | 2 KiB/s, done. Resolving deltas: 100% (12/12), done. $ cd vagrant-mcollective-chef-ubuntu $ vagrant up [ ... output elided ... ] $ vagrant ssh Welcome to Ubuntu 11.04 (GNU/Linux 2.6.38-8-server x86_64) * Documentation: http://www.ubuntu.com/server/doc Last login: Tue Jul 5 11:38:54 2011 from 10.0.2.2

Our first test that everything has worked is to use “mco ping”. This is an MCollective client command which broadcasts an echo request, and presents the replies from any mcollective servers which happen to be listening. As we’re running on a single node, we expect a single response:

Chef Integration

The cookbook incorporates the Chef integration code found in the MCollective documentation (link), with one small improvement – the code in the “Class filters” section has been implemented as a Chef handler, to avoid needing to pin a recipe at the end of the run list. The resulting inventory output looks something like this:

vagrant@vagrant:~$ mco inventory vagrant Inventory for vagrant: Server Statistics: Version: 1.3.0 Start Time: Sat Aug 20 21:54:23 +0000 2011 Config File: /etc/mcollective/server.cfg Collectives: mcollective Main Collective: mcollective Process ID: 22575 Total Messages: 21 Messages Passed Filters: 20 Messages Filtered: 1 Replies Sent: 19 Total Processor Time: 0.55 seconds System Time: 0.62 seconds Agents: discovery rpcutil Configuration Management Classes: recipe.activemq::default recipe.activemq::mcollective recipe.apt recipe.chef_handler recipe.java recipe.java::openjdk recipe.mcollective recipe.mcollective::client recipe.mcollective::common recipe.mcollective::server Facts: [ ... elided ... ] network.interfaces.lo.addresses.127.0.0.1.family => inet network.interfaces.lo.addresses.127.0.0.1.netmask => 255.0.0.0 network.interfaces.lo.addresses.::1.family => inet6 network.interfaces.lo.addresses.::1.prefixlen => 128 network.interfaces.lo.addresses.::1.scope => Node network.interfaces.lo.encapsulation => Loopback network.interfaces.lo.flags => UP, LOOPBACK, RUNNING network.interfaces.lo.mtu => 16436 ohai_time => 1313877751.06135 os => linux os_version => 2.6.38-8-server platform => ubuntu platform_version => 11.04 uptime => 15 minutes 30 seconds uptime_seconds => 930

Issues

While relatively minor, there are several issues with the integration that I’m planning to work on. First, Ohai is a not especially fast. Although MCollective will cache its output, this means that requests might occasionally take several seconds to return (vs the typical tens-of-milliseconds latency). This is merely an annoyance during interactive use, but I expect it to be a problem for more sophisticated applications. An alternative approach used in the Puppet integration is to dump the facts into a YAML file, which MCollective then loads. Second, out of the box, Ohai appears to expose considerably more facts than Facter. I’m not convinced this is especially useful to MCollective, and I’m considering ways to filter the list down to facts I want to select or efficiently report on. Returning the data from only a specified list of Ohai plugins is my short-term plan. That said, I may yet change my mind about it being a problem – undesirably verbose “mco inventory” output is my only real complaint. Third, the list of Chef recipes reported to MCollective needs to be normalised. Depending upon how they made it into the expanded run list, a default recipe may be reported as either “recipe.cookbook” or “recipe.cookbook::default”. I’m not sure whether Chef should be taking care of this, or whether I should just fix it in the report handler.

Cryptocracy

A blog

Using MCollective with Chef

Installation

Demonstration

Chef Integration

Issues

Further Reading

Comments