Chef
Turn your infrastructure into code
References:
Basic Concept
Cookbook –> project configuration
Workstation –> your local where you setup/manage cookbook
Check DK
Development KitChef-Repo
Working directory contains Cookbooks, Roles, Data bags, environments, etc.Chef
tool to manage cookbookKnife
tool to communicate with ChefServer
Chef Server –> a hub for a configuration data
- Server Component
ChefSupermarket
community cookbook that free to use
Nodes –> machines that are managed/configurated by Chef
ChefClient
run the automation on nodeOhai
collect system configuration data
Berkshelf
: dependency manager
Chef-Repo
Directory structure
.chef
validation key files andknife.rb
cookbooks
data_bags
global variableenvironments
roles
knife.rb
-> configuration details for knife
- Is loaded every time this executable is run
- Is not created by default
- Default path:
.chef/chef.rb
cookbooks
folder can be added to .gitignore
Setup Workstation
- Install Chef DK
- Create or Clone chef repo
git clone CHEF_REPO
- ssh to chef server
- (If not exist) Create organization . This step will generate
ORG_NAME.pem
chef-server-ctl org-create ORG_NAME ORG_FULL_NAME -f FILE_NAME
- Create user. This step will generate
USERNAME.pem
chef-server-ctl user-create USER_NAME FIRST_NAME LAST_NAME EMAIL PASSWORD -f FILE_NAME
- Add user to organization
sudo chef-server-ctl org-user-add ORG_NAME USER_NAME
- Exit from chef serve (back to your workstation)
- Change directory to chef repo
cd CHEF_REPO
- Create .chef directory
mkdir .chef
- Move
ORG_NAME.pem
andUSERNAME.pem
to .chef directory - Setup your
knife.rb
current_dir = File.dirname(__FILE__) log_level :info log_location STDOUT node_name 'node_name' client_key "#{current_dir}/USER.pem" validation_client_name 'ORG_NAME-validator' validation_key "#{current_dir}/ORGANIZATION-validator.pem" chef_server_url 'https://api.chef.io/organizations/ORG_NAME' cache_type 'BasicFile' cache_options( :path => "#{ENV['HOME']}/.chef/checksums" ) cookbook_path ["#{current_dir}/../cookbooks"]
- Get SSL Certificate
knife ssl fetch
- Test
knife client list
Setup Node
- Change directory to chef repo.
- Install
chef-client
to target system by bootstrapping.# plain knife bootstrap FQDN_or_IP_ADDRESS # with some option knife bootstrap FQDN_or_IP_ADDRESS -i PEM_FILE -E ENVIRONMENT -N NOTE -r RECIPE --bootstrap-version VERSION -x USER --sudo
- Run
chef-client
on each machine. Shortcut way to usingknife ssh
# run chef-client on NODE knife ssh 'name:NODE' 'sudo chef-client' # run chef-client on all NODE knife ssh 'name:*' 'sudo chef-client' # run chef-client on all of the web servers running Ubuntu on the Amazon EC2 platform knife ssh "role:web" "sudo chef-client" -x ubuntu -a ec2.public_hostname # upgrade all nodes knife ssh name:* "sudo aptitude upgrade -y"
Undo bootstrapping
knife node delete --yes NODENAME
knife client delete --yes NODENAME
Cookbooks
Structure
Attributes
details of nodeRecipes
metadata.rb
Test your cookbook using kitchen-test
Some knife command
# new cookbook
chef generate cookbook NAME
# upload cookbook
knife cookbook upload NAME
# list of cookbook
knife cookbook list
Misc
Stacktrace for chef solo
~/chef-solo/local-mode-cache/cache/chef-stacktrace.out