#MORE
Chef-Workflow
Sever
tools
yum install -y net-tools wget curl git
hostname
hostnamectl --static set-hostname chef-server.dev
systemctl restart systemd-hostnamed
time
timedatectl set-timezone America/New_York
yum install -y ntp
ntpdate pool.ntp.org
systemctl enable ntpd
systemctl start ntpd
Install chef from rpm
wget https://packagecloud.io/chef/stable/packages/el/5/chef-server-core-12.3.1-1.el5.x86_64.rpm/download
install opscode manage
chef-server-ctl install opscode-manage
generate user and organizations
chef-server-ctl reconfigure
chef-server-ctl user-create vagrant user vagrant vagrant@chef-client.dev PASSWORDSTRING --filename vagrant.pem
chef-server-ctl org-create chefdev "Chef Server Dev" --association_user vagrant --filename chefdev-validator.pem
copy chef-server.dev.pem /var/opt/opscode/nginx/ca/ to .chef/trusted_certs
Client
install chefdk
sudo yum install -y wget
wget https://opscode-omnibus-packages.s3.amazonaws.com/el/7/x86_64/chefdk-0.10.0-1.el7.x86_64.rpm
sudo yum install -y chefdk-0.10.0-1.el7.x86_64.rpm
environment rules
echo 'eval "$(chef shell-init bash)"' >> ~/.bash_profile
source ~/.bash_profile
echo '192.168.50.10 chef-server.dev chef-server' | sudo tee -a /etc/hosts
bootstrap note
knife bootstrap chef-client.dev --ssh-user vagrant --identity-file /vagrant/chef-repo/.chef/chef-client.dev.pem --sudo --use-sudo-password --node-name chef-client --run-list 'recipe[kik_httpd]'
ssh into client
knife ssh chef-client.dev 'sudo chef-client' --manual-list --ssh-user vagrant --identity-file /vagrant/chef-repo/.chef/chef-client.dev.pem
berks reqs
cd cookbooks/lamp
berks install
upload berks reqs
berks upload --no-ssl-verify
add to berks file
ENV['SSL_CERT_FILE'] = '/vagrant/chef-repo/.chef/trusted_certs/chef-server_dev.crt'
verify ssl working
knife ssl check
knife ssl fetch
Upload recipe
knife cookbook upload kik_httpd
Workstation
generate files
chef generate repo chef-repo
cd chef-repo
chef generate cookbook cookbooks/lamp
chef generate recipe cookbooks/lamp user
chef generate recipe cookbooks/lamp webserver
chef generate recipe cookbooks/lamp firewall
chef generate attribute cookbooks/lamp default
chef generate template cookbooks/lamp web_page
mkdir -p .chef
create environments
knife environment create production --local-mode --disable-editing
knife environment create development --local-mode --disable-editing
knife environment create local --local-mode --disable-editing
encrypted data bags
openssl rand -base64 512 | tr -d '\r\n' > .chef/encrypted_data_bag_secret
knife data bag from file passwords sql_server_root_password.json --local-mode
openssl rand -base64 512 | tr -d '\r\n' > /tmp/encrypted_data_bag_secret
sudo cp /tmp/encrypted_data_bag_secret /etc/chef/
knife data bag create passwords
mkdir data_bags/passwords
touch sql_server_root_password.json
knife data bag from file passwords sql_server_root_password.json --secret-file /tmp/encrypted_data_bag_secret
knife data bag from file passwords db_admin_password.json --secret-file /tmp/encrypted_data_bag_secret
knife data bag show passwords sql_server_root_password
knife data bag show passwords sql_server_root_password --secret-file /tmp/encrypted_data_bag_secret
knife data bag from file passwords sql_server_root_password.json --secret-file /tmp/encrypted_data_bag_secret --local-mode
knife data bag from file passwords db_admin_password.json --secret-file /tmp/encrypted_data_bag_secret --local-mode
| current_dir = File.dirname(__FILE__) | |
| current_client = 'chefdev-validator' | |
| log_level :info | |
| log_location STDOUT | |
| node_name 'vagrant' | |
| client_key "#{current_dir}/vagrant.pem" | |
| validation_client_name "#{current_client}" | |
| validation_key "#{current_dir}/#{current_client}.pem" | |
| chef_server_url 'https://chef-server.dev/organizations/chefdev' | |
| cache_type 'BasicFile' | |
| cache_options( :path => "#{ENV['HOME']}/.chef/checksums" ) | |
| cookbook_path ["#{current_dir}/../cookbooks"] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment