Skip to content

Instantly share code, notes, and snippets.

@epcim epcim/chef.howto.md
Last active Mar 3, 2016

Embed
What would you like to do?

Chef

Resources

get chef client install - omnibus

curl -L https://www.opscode.com/chef/install.sh | bash

get chef base repo with README.md in each folder

git clone git://github.com/opscode/chef-repo.git
sudo knife configure --initial
knife configure client .

install chef client, chefdk only

curl -L https://www.opscode.com/chef/install.sh | sudo bash -s -- -P chefdk
curl -L https://www.opscode.com/chef/install.sh | sudo bash -s -- -v 12.7.2
curl -L https://www.opscode.com/chef/install.sh | sudo bash

fetch ssl certs

knife ssh 'name:*' 'sudo knife ssl fetch -c /etc/chef/client.rb'

KNIFE Example

knife zero


knife search node --local-mode
knife zero bootstrap 193.85.000.00:4999 -r lab_openvpn::default --no-host-key-verify
parallel -j 5 ./bin/knife zero bootstrap ::: nodeA nodeB nodeC

update chef-client

    curl -L https://www.opscode.com/chef/install.sh | sudo bash
    sed -i s:172.16.240.1:chef.locid.myorg/organizations/myorg: /etc/chef/client.rb
    sudo knife ssl fetch -c /etc/chef/client.rb
    service chef-client restart
    sudo service chef-client run

    knife ssh 'name:[* TO *]' 'curl -L https://www.opscode.com/chef/install.sh | sudo bash'
    knife ssh 'name:[* TO *]' 'sudo knife ssl fetch -c /etc/chef/client.rb'
    knife ssh 'name:[* TO *]' 'sudo sed -i s:172.16.240.1:chef.locid.myorg/organizations/myorg: /etc/chef/client.rb && service chef-client restart && sudo service chef-client run'
    knife ssh 'name:[* TO *]' 'sudo sed -i s:10.10.10.10:chef.gtshub.xxx/organizations/gtshub: /etc/chef/client.rb && service chef-client restart && sudo service chef-client run'
    knife ssh 'name:[* TO *]' 'sudo service chef-client run'

knife solo

knife solo init <reponame>
knife cookbook site install openvpn -o cookbooks

knife prepare user@ip
knife solo prepare localhost --ssh-user root --ssh-password PASSWORD --ssh-port 2222
knife solo cook user@ip

knife

knife cookbook site search sudo
knife data bag create users
knife data bag create users --secret-file .chef/encrypted_data_bag_secret -c .chef/knife.rb
knife data bag create users --secret-file .chef/encrypted_data_bag_secret -c .chef/solo.rb
knife role edit openvpn-gw
knife role show openvpn-gw
knife solo data bag create pass mysql --secret-file .chef/encrypted_data_bag_secret -c .chef/knife.rb
knife solo data bag create users xxxadmin --secret-file .chef/encrypted_data_bag_secret
knife solo data bag edit users xxxadmin -c .chef/knife.rb
knife solo data bag create users pmichalec -c .chef/knife.rb
knife solo data bag edit users pmichalec -c .chef/knife.rb
knife solo role edit openvpn-gw
knife solo role create from file openvpn-gw.rb

GETTING THE COOKBOOKS

########################

#berkshelf http://berkshelf.org

#librarian

librarian-chef init
cat Cheffile
    site 'http://community.opscode.com/api/v1'
    cookbook 'ntp'
    cookbook 'timezone', '0.0.1'
    cookbook 'rvm',
      :git => 'https://github.com/fnichol/chef-rvm',
      :ref => 'v0.7.1'
    cookbook 'cloudera',
      :path => 'vendor/cookbooks/cloudera-cookbook'

librarian-chef install [--clean] [--verbose]
librarian-chef show

CHEF-REPO vs COOKBOOK

chef-repo/
   certificates/
   config/
   cookbooks/       # <-- generic cookbooks
   data_bags/
   environments/
   roles/
   site-cookbooks/  # <-- site-specific cookbook

knife cookbook create cookbook-syslog-ng -o cookbooks/ -r md 

cookbook-syslog-ng/
   README.md
   attributes/
   definitions/
   files/
   libraries/
   metadata.rb
   providers/
   recipes/
   resources/
   templates/

VAGRANT

########################

#plugins https://github.com/mitchellh/vagrant/wiki/Available-Vagrant-Plugins

#knife + vagrant
#echo "gem 'chef' \n gem 'knife-solo'" >> Gemfile
bundle
knife solo init .
librarian-chef init
librarian-chef install
vagrant box add quantal64 http://static.aldoborrero.com/vagrant/quantal64.box
vagrant init quantal64
vagrant up

#Vagrantfile

Vagrant::Config.run do |config|
  ...
  config.vm.provision :chef_solo do |chef|
    chef.roles_path = 'chef/roles'
    chef.cookbooks_path = 'chef/cookbooks'
    chef.add_role 'my-app'
  end
end

DATABAGS

ssh-keygen -f .chef/solo.pem
openssl rand -base64 512 > .chef/encrypted_data_bag_secret
vi .chef/knife.rb
  encrypted_data_bag_secret "encrypted_data_bag_secret"
openssl passwd -1
#or
openssl passwd -1 "plaintextpassword" 

knife solo data bag create users xxxadmin --secret-file .chef/encrypted_data_bag_secret
  {
  "id": "xxxadmin",
  "name": "xxx Admin",
  "ssh-key": "*****************",
  "password": "********************"
}

Environment databags

data_bag_name = node['omnibus-gitlab']['data_bag'] data_bag_item = node.chef_environment if search(data_bag_name, "id:#{data_bag_item}").any? environment_secrets = data_bag_item(data_bag_name, data_bag_item) node.consume_attributes(environment_secrets) end

CERTIFICATES cookbook

https://github.com/atomic-penguin/cookbook-certificate

    knife data bag create certificates
    /usr/bin/env ruby -e 'p ARGF.read' <filename>
    knife data bag create certificates mail --secret-file ~/.chef/encrypted_data_bag_secret

    use custom: create_databag.sh to automate

> {
>  "id": "wildcard",
>  "cert": "",
>  "key": "",
>  "chain": ""
> }

generate data bag key

openssl rand -base64 512 > data_bag_key
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.