Skip to content

Instantly share code, notes, and snippets.

@iguoli

iguoli/learn_chef.md

Last active July 30, 2018 06:21
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save iguoli/ef52094ebdb5df35dbbdbb0a3b3b6b3d to your computer and use it in GitHub Desktop.
Save iguoli/ef52094ebdb5df35dbbdbb0a3b3b6b3d to your computer and use it in GitHub Desktop.
Download ZIP
Learn Chef
Raw
learn_chef.md

Manage a node with chef server

I. Setup your workstation

1-1. Create a working directory

$ mkdir ~/chef-repo

II. Get up with hosted Chef

  • Chef server acts as a central repository for your cookbooks as well as for information about every node it manages.
  • You author Chef cookbooks and administer the Chef server from your workstation.
  • The knife command enables you to communicate with the Chef server from your workstation.

2-1. Sign up for hosted Chef

  1. Navigate to https://manage.chef.io/signup and sign up
  2. Navigate to https://manage.chef.io/login and sign in
  3. Create New Organization

2-2. Configure your workstation

Knife requires two files to authenticate with the Chef server

  • an RSA private key
  • a knife configuration file, typically named knife.rb. It contains information such as:
    1. Chef server's URL;
    2. the location of your RSA private key;
    3. the default location of your cookbooks.

Both of these files are typically located in a directory named .chef

$ mkdir ~/chef-repo/.chef

One way to setup these files is to download what's called the starter kit from the web interface

2-3. Generate your knife configuration file

2-4. Generate your RSA private key

2-5. Verify your connection to the Chef server

$ cd ~/chef-repo
$ ls ~/chef-repo/.chef
username.pem
knife.rb

# validate your connection to Chef server
$ knife ssl check
Connecting to host api.chef.io:443
Successfully verified certificates from `api.chef.io'

III. Upload a cookbook to Chef server

3-1. Get the learn_chef_httpd cookbook from GitHub

$ mkdir ~/chef-repo/cookbooks
$ cd ~/chef-repo/cookbooks
$ git clone https://github.com/learn-chef/learn_chef_httpd.git
$ ls ~/chef-repo/cookbooks
learn_chef_httpd

3-2. Upload your cookbook to the Chef server

$ cd ~/chef-repo/
$ knife cookbook upload learn_chef_httpd
Uploading learn_chef_httpd [0.1.0]
Uploaded 1 cookbook.
$ knife cookbook list
learn_chef_httpd   0.1.0

IV. Get a node to bootstrap

4-1. Create a test SSH connection to your node

# Connect using key-based authentication
$ ssh -i ~/.ssh/id_rsa vagrant@chef-node

# Connect using a username and password
$ ssh vagrant@chef-node

# Connect to vagrant box using a forwarded port
$ ssh -i ~/vagrant/centos72/.vagrant/machines/default/virtualbox/private_key -l vagrant -p 2222 localhost

V. Bootstrap your node

5-1. Bootstrap using key-based authentication

$ cd ~/chef-repo
$ knife bootstrap 192.168.88.11 --ssh-user vagrant --sudo --identify-file ~/.ssh/id_rsa --node-name node-centos --run-list 'recipe[learn_chef_httpd]'

5-2. Confirm the result

  1. First, your node associated with your Chef server.
$ knife node list
node-centos

$ knife node show node-centos
Node Name:   node-centos
Environment: _default
FQDN:        localhost
IP:          10.0.2.15
Run List:    recipe[learn_chef_httpd]
Roles:
Recipes:     learn_chef_httpd, learn_chef_httpd::default
Platform:    centos 7.2.1511
Tags:
  1. Second, your node did an inital check-in with the Chef server and run learn_chef_httpd cookbook.

VI. Update your node's configuration

  • You ran knife bootstrap to associate your node with the Chef server and do an initial check-in. Bootstrapping is a one-time process.
  • The knife ssh command enables you to update your node's configuration when your cookbook changes.

6-1. Add template code to your HTML

  • Chef server created what's called a node object
  • The <%= %> syntax enables you to provide placeholders in your template file.

6-2. Update your cookbook's version metadata

Change version from '0.1.0' to '0.2.0'.

$ vim ~/chef-repo/cookbooks/learn_chef_httpd/metadata.rb
name 'learn_chef_httpd'
maintainer 'The Authors'
maintainer_email 'you@example.com'
license 'all_rights'
description 'Installs/Configures learn_chef_httpd'
long_description 'Installs/Configures learn_chef_httpd'
version '0.1.0'
issues_url 'https://github.com/learn-chef/learn_chef_httpd/issues' if respond_to?(:issues_url)
source_url 'https://github.com/learn-chef/learn_chef_httpd' if respond_to?(:source_url)

6-3. Upload your cookbook to Chef server

$ knife cookbook upload learn_chef_httpd
Uploading learn_chef_httpd [0.2.0]
Uploaded 1 cookbook.

6-4. Run the cookbook on your node

$ knife ssh 'name:node-centos' 'sudo chef-client' -x vagrant -i ~/.ssh/id_rsa -a ipaddress

VII. Resolve a failed chef-client run

VIII. Run chef-client periodically

8-1. Get the chef-client cookbook

Berkshelf is a tool that helps you resolve cookbook dependencies.

$ cd ~/chef-repo
$ vim Berksfile
source 'https://supermarket.chef.io'
cookbook 'chef-client'
$ berks install
$ ls -1 ~/.berkshelf/cookbooks
chef-client-10.1.0
cron-6.1.1
logrotate-2.2.0
windows-4.3.3  
$ berks upload
Uploaded windows (4.3.3) to: 'https://api.chef.io/organizations/learning2018'
Uploaded logrotate (2.2.0) to: 'https://api.chef.io/organizations/learning2018'
Uploaded cron (6.1.1) to: 'https://api.chef.io/organizations/learning2018'
Uploaded chef-client (10.1.0) to: 'https://api.chef.io/organizations/learning2018'

8-2. Create a role

Roles enable you to focus on the function your node performs collectively rather than each of its individual components (its run-list, node attributes, and so on). For example, you might have a web server role, a database role, or a load balancer role. Here, you'll create a role named web to define your node's function as a web server.

$ mkdir ~/chef-repo/roles
$ vim ~/chef-repo-roles/web.json
{
   "name": "web",
   "description": "Web server role.",
   "json_class": "Chef::Role",
   "default_attributes": {
     "chef_client": {
       "interval": 300,
       "splay": 60
     }
   },
   "override_attributes": {
   },
   "chef_type": "role",
   "run_list": ["recipe[chef-client::default]",
                "recipe[chef-client::delete_validation]",
                "recipe[learn_chef_httpd::default]"
   ],
   "env_run_lists": {
   }
}
$ knife role from file

$ knife role list

$ knife role show web

$ knife node run_list set node-centos 'role[web]'

$ knife node show node1-centos --run-list

8-3. Run chef-client

$ knife ssh 'role:web' 'sudo chef-client' -x vagrant -a ipaddress

8-4. Clean up your environment

  • Delete the node from the Chef server

$ knife node delete node-centos --yes
$ knife client delete node-centos --yes

  • Delete your cookbook from the Chef server

$ knife cookbook delete learn_chef_httpd --all --yes

  • Delete the role from the Chef server

$ knife role delete web --yes

  • Delete the RSA private key from your node

$ sudo rm /etc/chef/client.pem
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment