[TOC]
opscode recommends for ubuntu curl -L https://www.opscode.com/chef/install.sh | sudo bash
probably a good idea to download and examine the .sh script first
PREREQUISITES
Install ruby, rubygems
rvm -v
ruby -v
gem -v
gem install chef --no-ri --no-rdoc
Successfully installed chef-11.6.0
18 gems installed
Creating an account on opscode.com
- signup for opscode, validate your email
- click on your username (upper right) = get new private key (this is for hosted chef communication)
- click on Console (or Organizations) = Create Organization (free for 5 nodes / 2 users)
the organisation's short name needs to be unique for the whole opscode platform
save the validation key + default knife config (.pem and .rb) - this is for this organzation
knife.rb
cd ~
mkdir ~/.chef
cp USERNAME.pem ~/.chef
cp ORGANIZATION-validator.pem ~/.chef
create ~/.chef/knife.rb
current_dir = File.dirname(__FILE__)
log_level :info
log_location STDOUT
node_name ENV['chef_node_name'] # your opscode username
client_key ENV['chef_client_key'] # your opscode private key
validation_client_name "ORGANIZATION-validator"
validation_key ENV['chef_validation_key']
chef_server_url ENV['chef_server_url'].dup
cache_type 'BasicFile'
cache_options( :path => "#{ENV['HOME']}/.chef/checksums" )
cookbook_path ["#{ENV['CHEF_SRC']}/chef-repo/cookbooks"] # path to cookbooks
encrypted_data_bag_secret ENV['chef_encrypted_secret']
append to .bashrc
export AWS_ENV='DEV'
export CHEF_SRC=$HOME'/Desktop/repos'
export chef_validation_name='ORGANIZATION-validator'
export chef_node_name='USERNAME' # update with you opscode username here
export chef_client_key=$HOME'/.chef/DEV/'$chef_node_name'.pem'
export chef_validation_key=$HOME'/.chef/DEV/ORGANIZATION-validator.pem'
export chef_server_url='https://api.opscode.com/organizations/ORGANIZATION'
export chef_encrypted_secret=$HOME'/.chef/DEV/encrypted_data_bag_secret_dev'
export ORGANIZATION_node='dev-USERNAME'
export ORGANIZATION_env='dev-USERNAME'
knife status
knife cookbook list
knife client list
knife node list
knife role list
knife recipe list
knife status (shows the status of all nodes?)
knife client show CLIENTNAME
knife node list
knife ssh
knife exec -E 'nodes.all {|n| puts "#{n.name} has #{n.memory.total} free memory"}'
knife exec is for one off commands
Chef Repo and Chef Credentials
cd ~
$ wget http://github.com/opscode/chef-repo/tarball/master
$ tar zxvf opscode-chef-repo-*.tar.gz
$ mv opscode-chef-repo-SHA chef-repo
mkdir -p ~/chef-repo/.chef
cp USERNAME.pem ~/chef-repo/.chef
cp ORGANIZATION-validator.pem ~/chef-repo/.chef
cp knife.download ~/chef-repo/.chef/ knife.rb
knife client list (knife role list , etc...)
ERROR: Your private key could not be loaded from /home/john/chef-repo/.chef/username.pem
Ensure the file is there and readable... or if you've renamed it then you can consider modifying knife.rb to reference the correct key
Example knife.rb
current_dir = File.dirname(__FILE__)
log_level :info
log_location STDOUT
node_name 'john'
client_key "#{current_dir}/john.pem"
validation_client_name 'chef-validator'
validation_key "#{current_dir}/validator.pem"
chef_server_url 'https://chef-api.domain.com:443'
cache_type 'BasicFile'
cache_options( :path => "#{ENV['HOME']}/.chef/checksums" )
cookbook_path ["/home/ubuntu/myoperations/cookbooks"]
# Amazon AWS
knife[:aws_access_key_id] = "generatedstring"
knife[:aws_secret_access_key] = "generatedreallylongsecretstring"
# Cookbook Name:: utc-time
# Recipe:: default
execute "utc-time" do
# command "rm /etc/localtime"
# command "ln -sf /usr/share/zoneinfo/UTC /etc/localtime"
command "ntpdate pool.ntp.org"
# command "/sbin/hwclock --systohc"
action :run
end
apt-get install rake
rake test_cookbook[utc-time]
knife cookbook upload utc-time
knife cookbook list
knife node run_list add NODENAME "cookbook[utc-time]"
knife node show NODENAME
nano /home/ubuntu/reponame/cookbooks/utc-time/recipes/default.rb
# Cookbook Name:: utc-time
# Recipe:: default
execute "utc-time" do
command "ntpdate pool.ntp.org"
end
apt-get install rake
rake test_cookbook[utc-time]
cd /home/ubuntu/reponame
git add .
git commit
knife cookbook upload utc-time
knife cookbook list | grep utc-time
knife node list
knife node run_list add NODENAME "cookbook[utc-time]"
knife node show NODENAME
knife bootstrap -E EnvironmentName 10.10.10.195 -r 'recipe[utc-time]' -x root -P password -Nnode-name
nano clean-delete.rb
require 'fog'
def remove(name)
## Delete the Node
delete_node = Chef::Knife::NodeDelete.new()
delete_node.name_args = [name]
delete_node.run
## Delete the client
delete_client = Chef::Knife::ClientDelete.new
delete_client.name_args = [name]
delete_client.run
end
knife exec clean-delete.rb NODENAMETEST (also restore the VM to it's "clean" snapshot...)
nano /home/ubuntu/reponame/cookbooks/utc-time/recipes/default.rb
execute "remove-old-localtime" do
command "rm /etc/localtime"
action :run
end
execute "link-utc-as-localtime" do
command "ln -sf /usr/share/zoneinfo/UTC /etc/localtime"
action :run
end
execute "ntpdate-update" do
command "ntpdate pool.ntp.org"
action :run
end
execute "hwclock-sync" do
command "/sbin/hwclock --systohc"
action :run
end
knife bootstrap -E EnvironmentName 10.10.10.195 -r 'recipe[utc-time]' -x root -P password -Nnode-name
nano cookbooks/ntp/recipes/default.rb
package "ntp" do
action [:install]
end
template "/etc/ntp.conf" do
source "ntp.conf.erb"
variables( :ntp_server => "time.nist.gov" )
end
service "ntpd" do
action[:enable,:start]
end
nano cookbooks/ntp/templates/default/ntp.conf.erb
# generated by Chef.
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery
restrict 127.0.0.1
restrict -6 ::1
server <%= @ntp_server %>
server 127.127.1.0 # local clock
driftfile /var/lib/ntp/drift
keys /etc/ntp/keys
knife role list
knife role show ROLENAME
knife data bag list
knife ssh
knife exec -E 'nodes.all {|n| puts "#{n.name} has #{n.memory.total} free memory"}'
(knife exec is for one off commands)
clean-delete.rb
require 'fog'
def remove(name)
## Delete the Node
delete_node = Chef::Knife::NodeDelete.new()
delete_node.name_args = [name]
delete_node.run
## Delete the client
delete_client = Chef::Knife::ClientDelete.new
delete_client.name_args = [name]
delete_client.run
end
## is this line really necessary, gives ERROR: Errno::ENOENT: No such file or directory - /home/ubuntu/oxygenops/ING-Beanstalk
remove(ARGV[2])
knife exec clean-delete.rb NODENAME
Resource
a Resource is an abstract way of defining what you want done on a host (like pseudo code)
Actions = list of actions for this resource (i.e. action :nothing )
Attributes
action: in {:start,:stop,:restart} (node server should do)
script: the script you want to run as a node server (mandatory)
user: (what user to run the ruby script as)
args:
dependency:
Resource can be a "ruby block"
package "tar" do (type = package, name = "tar" , parameter attribute = "version" , single action ":install"
execute "utc-time" do (type = execute , name = "utc-time"
cwd "/root" (extraneous command showing how to change the executing directory)
user "root" (which user to run the command?)
command "ntpdate pool.ntp.org" (the actual command text)
nano cookbook/new-index-html/recipe/default.rb
cookbook_file "/var/www/index.html" do
action :create
source "index.html"
end