- http://dougireton.com/blog/2013/02/16/chef-cookbook-anti-patterns/
- http://www.devopsnotes.com/2012/02/how-to-write-good-chef-cookbook.html
- http://devopsanywhere.blogspot.com/2012/11/how-to-write-reusable-chef-cookbooks.html
- https://support.cloud.engineyard.com/entries/21406977-Custom-Chef-Recipes-Examples-Best-Practices
- https://learnchef.opscode.com/quickstart/chef-repo/
- https://github.com/bryanwb/chef-rewind
curl -L https://www.opscode.com/chef/install.sh | bash
git clone git://github.com/opscode/chef-repo.git
sudo knife configure --initial
knife configure client .
curl -L https://www.opscode.com/chef/install.sh | sudo bash -s -- -P chefdk
curl -L https://www.opscode.com/chef/install.sh | sudo bash -s -- -v 12.7.2
curl -L https://www.opscode.com/chef/install.sh | sudo bash
knife ssh 'name:*' 'sudo knife ssl fetch -c /etc/chef/client.rb'
knife search node --local-mode
knife zero bootstrap 193.85.000.00:4999 -r lab_openvpn::default --no-host-key-verify
parallel -j 5 ./bin/knife zero bootstrap ::: nodeA nodeB nodeC
curl -L https://www.opscode.com/chef/install.sh | sudo bash
sed -i s:172.16.240.1:chef.locid.myorg/organizations/myorg: /etc/chef/client.rb
sudo knife ssl fetch -c /etc/chef/client.rb
service chef-client restart
sudo service chef-client run
knife ssh 'name:[* TO *]' 'curl -L https://www.opscode.com/chef/install.sh | sudo bash'
knife ssh 'name:[* TO *]' 'sudo knife ssl fetch -c /etc/chef/client.rb'
knife ssh 'name:[* TO *]' 'sudo sed -i s:172.16.240.1:chef.locid.myorg/organizations/myorg: /etc/chef/client.rb && service chef-client restart && sudo service chef-client run'
knife ssh 'name:[* TO *]' 'sudo sed -i s:10.10.10.10:chef.gtshub.xxx/organizations/gtshub: /etc/chef/client.rb && service chef-client restart && sudo service chef-client run'
knife ssh 'name:[* TO *]' 'sudo service chef-client run'
knife solo init <reponame>
knife cookbook site install openvpn -o cookbooks
knife prepare user@ip
knife solo prepare localhost --ssh-user root --ssh-password PASSWORD --ssh-port 2222
knife solo cook user@ip
knife cookbook site search sudo
knife data bag create users
knife data bag create users --secret-file .chef/encrypted_data_bag_secret -c .chef/knife.rb
knife data bag create users --secret-file .chef/encrypted_data_bag_secret -c .chef/solo.rb
knife role edit openvpn-gw
knife role show openvpn-gw
knife solo data bag create pass mysql --secret-file .chef/encrypted_data_bag_secret -c .chef/knife.rb
knife solo data bag create users xxxadmin --secret-file .chef/encrypted_data_bag_secret
knife solo data bag edit users xxxadmin -c .chef/knife.rb
knife solo data bag create users pmichalec -c .chef/knife.rb
knife solo data bag edit users pmichalec -c .chef/knife.rb
knife solo role edit openvpn-gw
knife solo role create from file openvpn-gw.rb
########################
#berkshelf http://berkshelf.org
#librarian
librarian-chef init
cat Cheffile
site 'http://community.opscode.com/api/v1'
cookbook 'ntp'
cookbook 'timezone', '0.0.1'
cookbook 'rvm',
:git => 'https://github.com/fnichol/chef-rvm',
:ref => 'v0.7.1'
cookbook 'cloudera',
:path => 'vendor/cookbooks/cloudera-cookbook'
librarian-chef install [--clean] [--verbose]
librarian-chef show
chef-repo/
certificates/
config/
cookbooks/ # <-- generic cookbooks
data_bags/
environments/
roles/
site-cookbooks/ # <-- site-specific cookbook
knife cookbook create cookbook-syslog-ng -o cookbooks/ -r md
cookbook-syslog-ng/
README.md
attributes/
definitions/
files/
libraries/
metadata.rb
providers/
recipes/
resources/
templates/
########################
#plugins https://github.com/mitchellh/vagrant/wiki/Available-Vagrant-Plugins
#knife + vagrant
#echo "gem 'chef' \n gem 'knife-solo'" >> Gemfile
bundle
knife solo init .
librarian-chef init
librarian-chef install
vagrant box add quantal64 http://static.aldoborrero.com/vagrant/quantal64.box
vagrant init quantal64
vagrant up
#Vagrantfile
Vagrant::Config.run do |config|
...
config.vm.provision :chef_solo do |chef|
chef.roles_path = 'chef/roles'
chef.cookbooks_path = 'chef/cookbooks'
chef.add_role 'my-app'
end
end
ssh-keygen -f .chef/solo.pem
openssl rand -base64 512 > .chef/encrypted_data_bag_secret
vi .chef/knife.rb
encrypted_data_bag_secret "encrypted_data_bag_secret"
openssl passwd -1
#or
openssl passwd -1 "plaintextpassword"
knife solo data bag create users xxxadmin --secret-file .chef/encrypted_data_bag_secret
{
"id": "xxxadmin",
"name": "xxx Admin",
"ssh-key": "*****************",
"password": "********************"
}
data_bag_name = node['omnibus-gitlab']['data_bag'] data_bag_item = node.chef_environment if search(data_bag_name, "id:#{data_bag_item}").any? environment_secrets = data_bag_item(data_bag_name, data_bag_item) node.consume_attributes(environment_secrets) end
https://github.com/atomic-penguin/cookbook-certificate
knife data bag create certificates
/usr/bin/env ruby -e 'p ARGF.read' <filename>
knife data bag create certificates mail --secret-file ~/.chef/encrypted_data_bag_secret
use custom: create_databag.sh to automate
> {
> "id": "wildcard",
> "cert": "",
> "key": "",
> "chain": ""
> }
openssl rand -base64 512 > data_bag_key