Skip to content

Instantly share code, notes, and snippets.

@kmassada kmassada/1-README.MD Secret
Last active Dec 18, 2015

Embed
What would you like to do?
Chef-Workflow

Sever

tools

yum install -y net-tools wget curl git

hostname

hostnamectl --static set-hostname chef-server.dev
systemctl restart systemd-hostnamed

time

timedatectl set-timezone America/New_York
yum install -y ntp
ntpdate pool.ntp.org
systemctl enable ntpd
systemctl start ntpd

Install chef from rpm

wget https://packagecloud.io/chef/stable/packages/el/5/chef-server-core-12.3.1-1.el5.x86_64.rpm/download

install opscode manage

chef-server-ctl install opscode-manage

generate user and organizations

chef-server-ctl reconfigure

chef-server-ctl user-create vagrant user vagrant vagrant@chef-client.dev PASSWORDSTRING --filename vagrant.pem

chef-server-ctl  org-create chefdev "Chef Server Dev" --association_user vagrant  --filename chefdev-validator.pem

copy chef-server.dev.pem /var/opt/opscode/nginx/ca/ to .chef/trusted_certs

Client

install chefdk

sudo yum install -y wget
wget https://opscode-omnibus-packages.s3.amazonaws.com/el/7/x86_64/chefdk-0.10.0-1.el7.x86_64.rpm
sudo yum install -y chefdk-0.10.0-1.el7.x86_64.rpm

environment rules

echo 'eval "$(chef shell-init bash)"' >> ~/.bash_profile
source ~/.bash_profile

echo '192.168.50.10   chef-server.dev chef-server' | sudo tee -a /etc/hosts

bootstrap note

knife bootstrap chef-client.dev --ssh-user vagrant --identity-file /vagrant/chef-repo/.chef/chef-client.dev.pem  --sudo --use-sudo-password --node-name chef-client --run-list 'recipe[kik_httpd]'

ssh into client

knife ssh  chef-client.dev  'sudo chef-client' --manual-list --ssh-user vagrant  --identity-file /vagrant/chef-repo/.chef/chef-client.dev.pem

berks reqs

cd cookbooks/lamp
berks install

upload berks reqs

berks upload --no-ssl-verify

add to berks file

ENV['SSL_CERT_FILE'] = '/vagrant/chef-repo/.chef/trusted_certs/chef-server_dev.crt'

verify ssl working

knife ssl check
knife ssl fetch

Upload recipe

knife cookbook upload kik_httpd

Workstation

generate files

chef generate repo chef-repo
cd chef-repo

chef generate cookbook cookbooks/lamp

chef generate recipe cookbooks/lamp user
chef generate recipe cookbooks/lamp webserver
chef generate recipe cookbooks/lamp firewall
chef generate attribute cookbooks/lamp default
chef generate template cookbooks/lamp web_page

mkdir -p .chef

create environments

knife environment create production --local-mode  --disable-editing
knife environment create development --local-mode  --disable-editing
knife environment create local --local-mode  --disable-editing

encrypted data bags

openssl rand -base64 512 | tr -d '\r\n' > .chef/encrypted_data_bag_secret
knife data bag from file passwords sql_server_root_password.json --local-mode

openssl rand -base64 512 | tr -d '\r\n' > /tmp/encrypted_data_bag_secret
sudo cp /tmp/encrypted_data_bag_secret /etc/chef/
knife data bag create passwords
mkdir data_bags/passwords
touch sql_server_root_password.json

knife data bag from file passwords sql_server_root_password.json --secret-file /tmp/encrypted_data_bag_secret
knife data bag from file passwords db_admin_password.json --secret-file /tmp/encrypted_data_bag_secret
knife data bag show passwords sql_server_root_password
knife data bag show passwords sql_server_root_password --secret-file /tmp/encrypted_data_bag_secret

knife data bag from file passwords sql_server_root_password.json --secret-file /tmp/encrypted_data_bag_secret --local-mode
knife data bag from file passwords db_admin_password.json --secret-file /tmp/encrypted_data_bag_secret --local-mode
current_dir = File.dirname(__FILE__)
current_client = 'chefdev-validator'
log_level :info
log_location STDOUT
node_name 'vagrant'
client_key "#{current_dir}/vagrant.pem"
validation_client_name "#{current_client}"
validation_key "#{current_dir}/#{current_client}.pem"
chef_server_url 'https://chef-server.dev/organizations/chefdev'
cache_type 'BasicFile'
cache_options( :path => "#{ENV['HOME']}/.chef/checksums" )
cookbook_path ["#{current_dir}/../cookbooks"]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.