smford22

{
  "version": "2",
  "build_cookbook": {
    "name": "build_cookbook",
    "path": ".delivery/build_cookbook"
  },
  "delivery-truck": {
    "publish": {
      "chef_server": true
    }

smford22

Overview

The folloiwng example shows how to add valid SSL certs to your Chef Automate server

/etc/delivery/delivery.rb

delivery["ssl_certificates"] = {
  "<my_hostname>" => {
    "crt" => "file:///etc/delivery/certificate_chained.pem",
    "key" => "file:///etc/delivery/key.pem"
 }

smford22

These are steps outlined by Nick Rycar to spin up a quick Windows Demo

The Steps!

• Spin up an environment >= 1.4.4 ; run start_me_up script
• download fourthcoffee from https://github.com/juliandunn/fourthcoffee
• replace its stock kitchen.yml with this
• delete Berksfile.lock (there are pinnings that break stuff)
• run kitchen converge and/or verify

smford22

name 'base_windows'
description 'A base role for all windows nodes'
run_list 'recipe[chef-client::default]','recipe[chef-client::delete_validation','recipe[audit::default]'
default_attributes({
  'audit' => {
    'reporter' => 'chef-server-automate',
    'fetcher' => 'chef-server',
    'profiles' => [
      {
        'name' => 'windows-patch-baseline',

smford22

name "fourth_coffee"
description "A simple iis webserver"
run_list 'recipe[fourthcoffee::default]'
default_attributes({
  "fourthcoffee" => {
    "install_method" => "_classic"
  }
})

smford22

---
driver:
  name: vagrant
  network:
    - ["private_network", {ip: "192.168.33.33"}]

provisioner:
  name: chef_zero
 # You may wish to disable always updating cookbooks in CI or other testing environments.

smford22

How to setup base roles to setup chef-client as a service and inspec profiles to run

The following article explains how to setup a structure for a simple base chef role that setups chef-client to run as a service, and sets up inspec profiles

Prerequisites

• ChefDK
• Git

Create a chef_repo

1. Open a terminal of your choice (bash, powershell, cmder, iTerm, Term, etc)
2. Change to your home directory cd ~

smford22

name 'base_linux'
description 'A base role to be applied to all linux nodes'
run_list 'recipe[chef-client::default]','recipe[chef-client::delete_validation]','recipe[audit::default]'
default_attributes({
  'audit' => {
    'reporter' => 'chef-server-automate',
    'fetcher' => 'chef-server',
    'profiles' => [
      {
        'name' => 'linux-patch-baseline',

smford22

# THIS FILE IS MAINTAINED BY CHEF. ALL MANUAL EDITS WILL BE OVERWRITTEN
# 
# This is the main Apache HTTP server configuration file.  It contains the
# configuration directives that give the server its instructions.
# See <URL:http://httpd.apache.org/docs/2.4/> for detailed information.
# In particular, see
# <URL:http://httpd.apache.org/docs/2.4/mod/directives.html>
# for a discussion of each configuration directive.
#
# Do NOT simply read the instructions in here without understanding

smford22

---
driver:
  name: ec2
  aws_ssh_key_id: chef_demo_2x
  region: us-west-2
  security_group_ids: sg-2560a741
  associate_public_ip: true
  instance_type: t2.micro
  tags:
    # Replace YOURNAME and YOURCOMPANY here