veszig/gist:395037

## gistfile1.sh
## chef-server "copy-paste howto"

# on alpha.done.hu, a very basic 1024MB rackspace cloud server with a gentoo
# image that has app-admin/chef preinstalled...

# emerge --sync ; pushd /usr/local/chef-overlay ; git pull ; popd
# emerge -DuvN world

# install chef-server
wget -q -O /etc/portage/package.keywords/chef-server \
  http://gist.github.com/raw/332188/b655addb86d03be5ddfb838384476cae1cfaa06b/package.keywords.chef-server
emerge chef-server

# set up rabbitmq
echo 127.0.0.1 alpha.done.hu alpha localhost localhost.localdomain > /etc/hosts
/etc/init.d/rabbitmq start
# sleep
AMQP_PASS=$(dd if=/dev/urandom count=50 2>/dev/null | md5sum | awk '{print $1}')
rabbitmqctl add_vhost /chef
rabbitmqctl add_user chef ${AMQP_PASS}
rabbitmqctl set_permissions -p /chef chef ".*" ".*" ".*"
echo "amqp_pass '${AMQP_PASS}'" >> /etc/chef/server.rb
echo "amqp_pass '${AMQP_PASS}'" >> /etc/chef/solr.rb
#mkdir ~/private ; chmod 0700 ~/private ; echo ${AMQP_PASS} > ~/private/chef_amqp_pass

# start the services
/etc/init.d/chef-server start
#rm /etc/chef/client.pem ; /etc/init.d/chef-client stop
/etc/init.d/chef-client start
# wait for chef-client to finish its run

# simple knife config that uses the generated webui user
mkdir -p /root/.chef/checksums
cat > /root/.chef/knife.rb <<\EOF
log_level                :info
log_location             STDOUT
node_name                "chef-webui"
client_key               "/etc/chef/webui.pem"
validation_client_name   "chef-validator"
validation_key           "/etc/chef/validation.pem"
chef_server_url          "http://127.0.0.1:4000"
cache_type               "BasicFile"
cache_options( :path => "/root/.chef/checksums" )
cookbook_path [ "./site-cookbooks", "./cookbooks" ]
EOF

# test 1 2 3
#knife client list

# repo skeleton
mkdir -p ~/chef-repo/{nodes,roles,site-cookbooks}
cd ~/chef-repo
git clone git://github.com/veszig/gentoo-cookbooks.git cookbooks

cat > roles/gentoo_base.rb <<\EOF
name "gentoo_base"
description "Base role applied to all gentoo systems."

run_list(
  "recipe[gentoo]",
  "recipe[gentoo::packages]",
  "recipe[ruby]",
  "recipe[hosts]",
  "recipe[logrotate]",
  "recipe[iptables::ulogd]",
  "recipe[iptables]",
  "recipe[nagios::nrpe]",
  "recipe[monit]",
  "recipe[chef::client]",
  "recipe[syslog-ng]",
  "recipe[vixie-cron]",
  "recipe[msmtp]",
  "recipe[sudo]",
  "recipe[openssh]",
  "recipe[openssh::known_hosts]",
  "recipe[openntpd]",
  "recipe[net-snmp]",
  "recipe[vim]",
  "recipe[bash-completion]",
  "recipe[users::root]",
  "recipe[users::veszig]"
)

default_attributes(
  "chef_" => {
    "client" => {
      "server_url" => "https://alpha.done.hu:4443"
    }
  },
  "gentoo" => {
    "emerge_options" => ["--binpkg-respect-use y", "--getbinpkg", "--verbose"],
    "accept_licenses" => "*",
    "elog_mailuri" => "veszig+emerge@done.hu mx1.postmaster.hu",
    "rsync_mirror" => "rsync://rsync.gentoo.org/gentoo-portage",
    "distfile_mirrors" => %w(http://mirror.datapipe.net/gentoo http://gentoo.cites.uiuc.edu/pub/gentoo/ http://gentoo.osuosl.org/),
    "locales" => ["en_US ISO-8859-1", "en_US.UTF-8 UTF-8", "hu_HU ISO-8859-2", "hu_HU.UTF-8 UTF-8"],
    "portage_binhost" => "http://binhost.done.hu/i686/"
  },
  "monit" => {
    "mailservers" => ["mx1.postmaster.hu", "mx2.postmaster.hu"],
    "alert_mail_to" => "veszig+monit@done.hu"
  },
  "msmtp" => {
    "host" => "mail.postmaster.hu",
    "user" => "system@done.hu",
    "password" => "redacted"
  },
  "ntpd" => {
    "pool" => "pool.ntp.org"
  },
  "password" => {
    "directory" => "/root/private"
  },
  "snmpd" => {
    "monitoring_ips" => %w(127.0.0.1),
    "syscontact" => "Gabor VESZI <veszig@done.hu>"
  },
  "sshd" => {
    "allow_users" => %w(veszig)
  }
)

# override_attributes()
EOF

cat > nodes/alpha.done.hu.rb <<\EOF
name "alpha.done.hu"

run_list(
  "role[gentoo_base]",
  "recipe[chef::server]",
  "recipe[chef::server_proxy]"
)

chef(
  "server" => {
    "amqp_pass" => "redacted"
  }
)

dns_aliases(
  "chef",
  "chef.done.hu"
)

gentoo(
  "cflags" => "-O2 -pipe"
)
EOF

# some more specific cookbooks
wget -P /tmp/ \
  http://well.done.hu/chef-users-site-cookbook.tbz2 \
  http://well.done.hu/chef-gentoo-site-cookbook.tbz2
tar xjf /tmp/chef-users-site-cookbook.tbz2 -C ~/chef-repo/site-cookbooks/
tar xjf /tmp/chef-gentoo-site-cookbook.tbz2 -C ~/chef-repo/site-cookbooks/

# go go go
knife cookbook upload -a
knife role from file roles/gentoo_base.rb
knife node from file nodes/alpha.done.hu.rb

# sit back and watch the show
/etc/init.d/chef-client restart
tail -f /var/log/chef/client.log
	## chef-server "copy-paste howto"

	# on alpha.done.hu, a very basic 1024MB rackspace cloud server with a gentoo
	# image that has app-admin/chef preinstalled...

	# emerge --sync ; pushd /usr/local/chef-overlay ; git pull ; popd
	# emerge -DuvN world

	# install chef-server
	wget -q -O /etc/portage/package.keywords/chef-server \
	http://gist.github.com/raw/332188/b655addb86d03be5ddfb838384476cae1cfaa06b/package.keywords.chef-server
	emerge chef-server

	# set up rabbitmq
	echo 127.0.0.1 alpha.done.hu alpha localhost localhost.localdomain > /etc/hosts
	/etc/init.d/rabbitmq start
	# sleep
	AMQP_PASS=$(dd if=/dev/urandom count=50 2>/dev/null \| md5sum \| awk '{print $1}')
	rabbitmqctl add_vhost /chef
	rabbitmqctl add_user chef ${AMQP_PASS}
	rabbitmqctl set_permissions -p /chef chef "." "." ".*"
	echo "amqp_pass '${AMQP_PASS}'" >> /etc/chef/server.rb
	echo "amqp_pass '${AMQP_PASS}'" >> /etc/chef/solr.rb
	#mkdir ~/private ; chmod 0700 ~/private ; echo ${AMQP_PASS} > ~/private/chef_amqp_pass

	# start the services
	/etc/init.d/chef-server start
	#rm /etc/chef/client.pem ; /etc/init.d/chef-client stop
	/etc/init.d/chef-client start
	# wait for chef-client to finish its run

	# simple knife config that uses the generated webui user
	mkdir -p /root/.chef/checksums
	cat > /root/.chef/knife.rb <<\EOF
	log_level :info
	log_location STDOUT
	node_name "chef-webui"
	client_key "/etc/chef/webui.pem"
	validation_client_name "chef-validator"
	validation_key "/etc/chef/validation.pem"
	chef_server_url "http://127.0.0.1:4000"
	cache_type "BasicFile"
	cache_options( :path => "/root/.chef/checksums" )
	cookbook_path [ "./site-cookbooks", "./cookbooks" ]
	EOF

	# test 1 2 3
	#knife client list

	# repo skeleton
	mkdir -p ~/chef-repo/{nodes,roles,site-cookbooks}
	cd ~/chef-repo
	git clone git://github.com/veszig/gentoo-cookbooks.git cookbooks

	cat > roles/gentoo_base.rb <<\EOF
	name "gentoo_base"
	description "Base role applied to all gentoo systems."

	run_list(
	"recipe[gentoo]",
	"recipe[gentoo::packages]",
	"recipe[ruby]",
	"recipe[hosts]",
	"recipe[logrotate]",
	"recipe[iptables::ulogd]",
	"recipe[iptables]",
	"recipe[nagios::nrpe]",
	"recipe[monit]",
	"recipe[chef::client]",
	"recipe[syslog-ng]",
	"recipe[vixie-cron]",
	"recipe[msmtp]",
	"recipe[sudo]",
	"recipe[openssh]",
	"recipe[openssh::known_hosts]",
	"recipe[openntpd]",
	"recipe[net-snmp]",
	"recipe[vim]",
	"recipe[bash-completion]",
	"recipe[users::root]",
	"recipe[users::veszig]"
	)

	default_attributes(
	"chef_" => {
	"client" => {
	"server_url" => "https://alpha.done.hu:4443"
	}
	},
	"gentoo" => {
	"emerge_options" => ["--binpkg-respect-use y", "--getbinpkg", "--verbose"],
	"accept_licenses" => "*",
	"elog_mailuri" => "veszig+emerge@done.hu mx1.postmaster.hu",
	"rsync_mirror" => "rsync://rsync.gentoo.org/gentoo-portage",
	"distfile_mirrors" => %w(http://mirror.datapipe.net/gentoo http://gentoo.cites.uiuc.edu/pub/gentoo/ http://gentoo.osuosl.org/),
	"locales" => ["en_US ISO-8859-1", "en_US.UTF-8 UTF-8", "hu_HU ISO-8859-2", "hu_HU.UTF-8 UTF-8"],
	"portage_binhost" => "http://binhost.done.hu/i686/"
	},
	"monit" => {
	"mailservers" => ["mx1.postmaster.hu", "mx2.postmaster.hu"],
	"alert_mail_to" => "veszig+monit@done.hu"
	},
	"msmtp" => {
	"host" => "mail.postmaster.hu",
	"user" => "system@done.hu",
	"password" => "redacted"
	},
	"ntpd" => {
	"pool" => "pool.ntp.org"
	},
	"password" => {
	"directory" => "/root/private"
	},
	"snmpd" => {
	"monitoring_ips" => %w(127.0.0.1),
	"syscontact" => "Gabor VESZI <veszig@done.hu>"
	},
	"sshd" => {
	"allow_users" => %w(veszig)
	}
	)

	# override_attributes()
	EOF

	cat > nodes/alpha.done.hu.rb <<\EOF
	name "alpha.done.hu"

	run_list(
	"role[gentoo_base]",
	"recipe[chef::server]",
	"recipe[chef::server_proxy]"
	)

	chef(
	"server" => {
	"amqp_pass" => "redacted"
	}
	)

	dns_aliases(
	"chef",
	"chef.done.hu"
	)

	gentoo(
	"cflags" => "-O2 -pipe"
	)
	EOF

	# some more specific cookbooks
	wget -P /tmp/ \
	http://well.done.hu/chef-users-site-cookbook.tbz2 \
	http://well.done.hu/chef-gentoo-site-cookbook.tbz2
	tar xjf /tmp/chef-users-site-cookbook.tbz2 -C ~/chef-repo/site-cookbooks/
	tar xjf /tmp/chef-gentoo-site-cookbook.tbz2 -C ~/chef-repo/site-cookbooks/

	# go go go
	knife cookbook upload -a
	knife role from file roles/gentoo_base.rb
	knife node from file nodes/alpha.done.hu.rb

	# sit back and watch the show
	/etc/init.d/chef-client restart
	tail -f /var/log/chef/client.log