john pfeiffer

Chef install and knife

[TOC]

opscode recommends for ubuntu curl -L https://www.opscode.com/chef/install.sh | sudo bash

probably a good idea to download and examine the .sh script first

PREREQUISITES

Install ruby, rubygems

rvm -v
ruby -v
gem -v

gem install chef --no-ri --no-rdoc

Successfully installed chef-11.6.0
18 gems installed

Creating an account on opscode.com

  • signup for opscode, validate your email
  • click on your username (upper right) = get new private key (this is for hosted chef communication)
  • click on Console (or Organizations) = Create Organization (free for 5 nodes / 2 users)

the organisation's short name needs to be unique for the whole opscode platform

save the validation key + default knife config (.pem and .rb) - this is for this organzation

knife.rb

cd ~ 
mkdir ~/.chef 
cp USERNAME.pem ~/.chef 
cp ORGANIZATION-validator.pem ~/.chef

create ~/.chef/knife.rb 

current_dir = File.dirname(__FILE__)
log_level :info
log_location STDOUT
node_name ENV['chef_node_name']     # your opscode username
client_key ENV['chef_client_key']   # your opscode private key
validation_client_name "ORGANIZATION-validator"
validation_key ENV['chef_validation_key']
chef_server_url ENV['chef_server_url'].dup
cache_type 'BasicFile'
cache_options( :path => "#{ENV['HOME']}/.chef/checksums" )
cookbook_path ["#{ENV['CHEF_SRC']}/chef-repo/cookbooks"] # path to cookbooks
encrypted_data_bag_secret ENV['chef_encrypted_secret']

append to .bashrc

export AWS_ENV='DEV'
export CHEF_SRC=$HOME'/Desktop/repos'
export chef_validation_name='ORGANIZATION-validator'
export chef_node_name='USERNAME' # update with you opscode username here                                                                            
export chef_client_key=$HOME'/.chef/DEV/'$chef_node_name'.pem'
export chef_validation_key=$HOME'/.chef/DEV/ORGANIZATION-validator.pem'
export chef_server_url='https://api.opscode.com/organizations/ORGANIZATION'
export chef_encrypted_secret=$HOME'/.chef/DEV/encrypted_data_bag_secret_dev'
export ORGANIZATION_node='dev-USERNAME'
export ORGANIZATION_env='dev-USERNAME'

knife status
knife cookbook list
knife client list    
knife node list
knife role list   
knife recipe list

knife status        (shows the status of all nodes?)


knife client show CLIENTNAME
knife node list

knife ssh

knife exec -E 'nodes.all {|n| puts "#{n.name} has #{n.memory.total} free memory"}'

knife exec is for one off commands

Chef Repo and Chef Credentials

cd ~ 
$ wget http://github.com/opscode/chef-repo/tarball/master 
$ tar zxvf opscode-chef-repo-*.tar.gz 
$ mv opscode-chef-repo-SHA chef-repo

mkdir -p ~/chef-repo/.chef 
cp USERNAME.pem ~/chef-repo/.chef 
cp ORGANIZATION-validator.pem ~/chef-repo/.chef 
cp knife.download ~/chef-repo/.chef/ knife.rb

knife client list    (knife role list , etc...)

ERROR: Your private key could not be loaded from /home/john/chef-repo/.chef/username.pem
Ensure the file is there and readable... or if you've renamed it then you can consider modifying knife.rb to reference the correct key

Example knife.rb

current_dir = File.dirname(__FILE__)
log_level                :info
log_location             STDOUT
node_name                'john'
client_key               "#{current_dir}/john.pem"
validation_client_name   'chef-validator'
validation_key           "#{current_dir}/validator.pem"
chef_server_url          'https://chef-api.domain.com:443'
cache_type               'BasicFile'
cache_options( :path => "#{ENV['HOME']}/.chef/checksums" )
cookbook_path            ["/home/ubuntu/myoperations/cookbooks"]

# Amazon AWS
    knife[:aws_access_key_id] = "generatedstring"
    knife[:aws_secret_access_key] = "generatedreallylongsecretstring"

# Cookbook Name:: utc-time
# Recipe:: default

execute "utc-time" do
#  command "rm /etc/localtime"
#  command "ln -sf /usr/share/zoneinfo/UTC /etc/localtime"
  command "ntpdate pool.ntp.org"
#  command "/sbin/hwclock --systohc"
  action :run
end

apt-get install rake
rake test_cookbook[utc-time]
knife cookbook upload utc-time
knife cookbook list

knife node run_list add NODENAME "cookbook[utc-time]"
knife node show NODENAME


nano /home/ubuntu/reponame/cookbooks/utc-time/recipes/default.rb

# Cookbook Name:: utc-time
# Recipe:: default

execute "utc-time" do
  command "ntpdate pool.ntp.org"
end

apt-get install rake
rake test_cookbook[utc-time]

cd /home/ubuntu/reponame
git add .
git commit

knife cookbook upload utc-time
knife cookbook list | grep utc-time

knife node list
knife node run_list add NODENAME "cookbook[utc-time]"
knife node show NODENAME

knife bootstrap -E EnvironmentName 10.10.10.195 -r 'recipe[utc-time]' -x root -P password -Nnode-name

nano clean-delete.rb

require 'fog'
def remove(name)

  ## Delete the Node
  delete_node = Chef::Knife::NodeDelete.new()
  delete_node.name_args = [name]
  delete_node.run

  ## Delete the client
  delete_client = Chef::Knife::ClientDelete.new
  delete_client.name_args = [name]
  delete_client.run

end

knife exec clean-delete.rb NODENAMETEST    (also restore the VM to it's "clean" snapshot...)

nano /home/ubuntu/reponame/cookbooks/utc-time/recipes/default.rb

execute "remove-old-localtime" do
  command "rm /etc/localtime"
  action :run
end

execute "link-utc-as-localtime" do
  command "ln -sf /usr/share/zoneinfo/UTC /etc/localtime"
  action :run
end

execute "ntpdate-update" do
  command "ntpdate pool.ntp.org"
  action :run
end

execute "hwclock-sync" do
  command "/sbin/hwclock --systohc"
  action :run
end

knife bootstrap -E EnvironmentName 10.10.10.195 -r 'recipe[utc-time]' -x root -P password -Nnode-name

nano cookbooks/ntp/recipes/default.rb

package "ntp" do
    action [:install]
end

template "/etc/ntp.conf" do
    source "ntp.conf.erb"
    variables( :ntp_server => "time.nist.gov" )
end

service "ntpd" do
    action[:enable,:start]
end


nano cookbooks/ntp/templates/default/ntp.conf.erb

# generated by Chef.
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery
restrict 127.0.0.1
restrict -6 ::1
server <%= @ntp_server %>
server  127.127.1.0     # local clock
driftfile /var/lib/ntp/drift
keys /etc/ntp/keys

knife role list
knife role show ROLENAME
knife data bag list

knife ssh

knife exec -E 'nodes.all {|n| puts "#{n.name} has #{n.memory.total} free memory"}'
(knife exec is for one off commands)

clean-delete.rb

require 'fog'
def remove(name)

  ## Delete the Node
  delete_node = Chef::Knife::NodeDelete.new()
  delete_node.name_args = [name]
  delete_node.run

  ## Delete the client
  delete_client = Chef::Knife::ClientDelete.new
  delete_client.name_args = [name]
  delete_client.run

end

## is this line really necessary, gives ERROR: Errno::ENOENT: No such file or directory - /home/ubuntu/oxygenops/ING-Beanstalk
remove(ARGV[2])

knife exec clean-delete.rb NODENAME

Resource

a Resource is an abstract way of defining what you want done on a host (like pseudo code)

  Actions = list of actions for this resource (i.e. action :nothing )
  Attributes



action: in {:start,:stop,:restart}  (node server should do)
script: the script you want to run as a node server (mandatory)
user:  (what user to run the ruby script as)
args: 
dependency:

Resource can be a "ruby block"

package "tar" do    (type = package, name = "tar" ,  parameter attribute = "version" , single action ":install"

execute "utc-time" do                (type = execute , name = "utc-time" 
  cwd "/root"                        (extraneous command showing how to change the executing directory)
  user "root"                        (which user to run the command?)
  command "ntpdate pool.ntp.org"     (the actual command text)

nano cookbook/new-index-html/recipe/default.rb

cookbook_file "/var/www/index.html" do
  action :create
  source "index.html"
end

Published

Category

chef

~786 words

Tags