$ mkdir ~/chef-repo
- Chef server acts as a central repository for your cookbooks as well as for information about every node it manages.
- You author Chef cookbooks and administer the Chef server from your workstation.
- The
knife
command enables you to communicate with the Chef server from your workstation.
- Navigate to https://manage.chef.io/signup and sign up
- Navigate to https://manage.chef.io/login and sign in
- Create New Organization
Knife requires two files to authenticate with the Chef server
- an RSA private key
- a
knife
configuration file, typically named knife.rb. It contains information such as:- Chef server's URL;
- the location of your RSA private key;
- the default location of your cookbooks.
Both of these files are typically located in a directory named .chef
$ mkdir ~/chef-repo/.chef
One way to setup these files is to download what's called the starter kit
from the web interface
$ cd ~/chef-repo
$ ls ~/chef-repo/.chef
username.pem
knife.rb
# validate your connection to Chef server
$ knife ssl check
Connecting to host api.chef.io:443
Successfully verified certificates from `api.chef.io'
$ mkdir ~/chef-repo/cookbooks
$ cd ~/chef-repo/cookbooks
$ git clone https://github.com/learn-chef/learn_chef_httpd.git
$ ls ~/chef-repo/cookbooks
learn_chef_httpd
$ cd ~/chef-repo/
$ knife cookbook upload learn_chef_httpd
Uploading learn_chef_httpd [0.1.0]
Uploaded 1 cookbook.
$ knife cookbook list
learn_chef_httpd 0.1.0
# Connect using key-based authentication
$ ssh -i ~/.ssh/id_rsa vagrant@chef-node
# Connect using a username and password
$ ssh vagrant@chef-node
# Connect to vagrant box using a forwarded port
$ ssh -i ~/vagrant/centos72/.vagrant/machines/default/virtualbox/private_key -l vagrant -p 2222 localhost
$ cd ~/chef-repo
$ knife bootstrap 192.168.88.11 --ssh-user vagrant --sudo --identify-file ~/.ssh/id_rsa --node-name node-centos --run-list 'recipe[learn_chef_httpd]'
- First, your node associated with your Chef server.
$ knife node list
node-centos
$ knife node show node-centos
Node Name: node-centos
Environment: _default
FQDN: localhost
IP: 10.0.2.15
Run List: recipe[learn_chef_httpd]
Roles:
Recipes: learn_chef_httpd, learn_chef_httpd::default
Platform: centos 7.2.1511
Tags:
- Second, your node did an inital check-in with the Chef server and run
learn_chef_httpd
cookbook.
- You ran
knife bootstrap
to associate your node with the Chef server and do an initial check-in. Bootstrapping is a one-time process. - The
knife ssh
command enables you to update your node's configuration when your cookbook changes.
- Chef server created what's called a
node object
- The
<%= %>
syntax enables you to provide placeholders in your template file.
Change version from '0.1.0' to '0.2.0'.
$ vim ~/chef-repo/cookbooks/learn_chef_httpd/metadata.rb
name 'learn_chef_httpd'
maintainer 'The Authors'
maintainer_email 'you@example.com'
license 'all_rights'
description 'Installs/Configures learn_chef_httpd'
long_description 'Installs/Configures learn_chef_httpd'
version '0.1.0'
issues_url 'https://github.com/learn-chef/learn_chef_httpd/issues' if respond_to?(:issues_url)
source_url 'https://github.com/learn-chef/learn_chef_httpd' if respond_to?(:source_url)
$ knife cookbook upload learn_chef_httpd
Uploading learn_chef_httpd [0.2.0]
Uploaded 1 cookbook.
$ knife ssh 'name:node-centos' 'sudo chef-client' -x vagrant -i ~/.ssh/id_rsa -a ipaddress
Berkshelf is a tool that helps you resolve cookbook dependencies.
$ cd ~/chef-repo
$ vim Berksfile
source 'https://supermarket.chef.io'
cookbook 'chef-client'
$ berks install
$ ls -1 ~/.berkshelf/cookbooks
chef-client-10.1.0
cron-6.1.1
logrotate-2.2.0
windows-4.3.3
$ berks upload
Uploaded windows (4.3.3) to: 'https://api.chef.io/organizations/learning2018'
Uploaded logrotate (2.2.0) to: 'https://api.chef.io/organizations/learning2018'
Uploaded cron (6.1.1) to: 'https://api.chef.io/organizations/learning2018'
Uploaded chef-client (10.1.0) to: 'https://api.chef.io/organizations/learning2018'
Roles enable you to focus on the function your node performs collectively rather than each of its individual components (its run-list, node attributes, and so on). For example, you might have a web server role, a database role, or a load balancer role. Here, you'll create a role named web to define your node's function as a web server.
$ mkdir ~/chef-repo/roles
$ vim ~/chef-repo-roles/web.json
{
"name": "web",
"description": "Web server role.",
"json_class": "Chef::Role",
"default_attributes": {
"chef_client": {
"interval": 300,
"splay": 60
}
},
"override_attributes": {
},
"chef_type": "role",
"run_list": ["recipe[chef-client::default]",
"recipe[chef-client::delete_validation]",
"recipe[learn_chef_httpd::default]"
],
"env_run_lists": {
}
}
$ knife role from file
$ knife role list
$ knife role show web
$ knife node run_list set node-centos 'role[web]'
$ knife node show node1-centos --run-list
$ knife ssh 'role:web' 'sudo chef-client' -x vagrant -a ipaddress
$ knife node delete node-centos --yes
$ knife client delete node-centos --yes
$ knife cookbook delete learn_chef_httpd --all --yes
$ knife role delete web --yes
$ sudo rm /etc/chef/client.pem