knife node list
knife node show `knife node list` -r (shows the recipes for the node)
run_list:
- download the appropriate cookbook, e.g. apt, from https://supermarket.chef.io/cookbooks/apt
-
unpack it and move it to your chef-repo/cookbooks directory
knife cookbook upload apt -V
added the Verbose parameter just to see it work
Try and do the same for the cookbook "java"
- After uploading the java cookbook use the opscode web gui -> Edit Node
- drag and drop roles (groups of recipes) or single recipes onto a Node
In this example we'll only drag and drop java::sun (a sub recipe of the java cookbook)
SSH into that node and run chef-client -V (verbose)
If you hadn't uploaded the apt cookbook into your hosted opscode account you would have gotten errors,
Note that the community java cookbook depends on the "apt" cookbook, welcome to potential chef dependency hell!
(During a chef-client run, if metadata.rb indicates "depends", it will actually use the apt cookbook even if it's not on the run list - note that if you are not making a generalized script for multiple OS environments, i.e. one without apt, then you don't need to include that dependency in your metadata.rb!)
java -version
verify the install
sudo update-rc.d -f avahi-daemon remove
best security practice if you're not using avahi
sudo /etc/init.d/avahi-daemon stop
see the chef recipe created below just for this!
COMMAND LINE MODIFY NODE ROLES AND RECIPES
knife node run_list add `knife node list` "recipe[java::sun]" ([COOKBOOK:RECIPENAME]
knife node run_list add `knife node list` "role[base]"
knife node run_list remove i-12345678 "recipe[java::sun]"
NOTE that removing the recipe from the run list does NOT remove the package/binaries, it just means further chef runs will not execute that script
INSTANCE CREATION WITH ROLES AND RECIPES
knife ec2 server create recipe[java::sun] -I ami-136f3c56 -f t1.micro -g default -S john-aws -i ~/chef-repo/.chef/john-aws.pem -x ubuntu --region us-west-1 -Z us-west-1a
knife cookbook create COOKBOOK
This will create all the cookbook directory components, you can delete ones you don't need. MOST OF THESE WE WON'T NEED FOR BASIC USAGE
attributes/
definitions/
files/
libraries/
metadata.rb
providers/
README.rdoc
recipes/
resources/
templates/
knife cookbook create test (WE ONLY USE 3 FILES AND 3 SUB DIRECTORIES!)
nano chef-repo/cookbooks/test/metadata.rb
name "test"
version "0.0.1"
nano chef-repo/cookbooks/test/recipes/default.rb
template "/tmp/example-file-from-template.txt" do
source "example-file-from-template.txt.erb"
end
nano chef-repo/cookbooks/test/templates/default/example-file-from-template.txt.erb
This is Chef version <%= node[:chef_packages][:chef][:version] %>
Running on <%= node[:platform] %>
Version <%= node[:platform_version] %>
knife cookbook upload test
knife node run_list add `knife node list` "recipe[test]"
SSH into the Node, execute chef-client, and then verify
cat /tmp/example-file-from-template.txt
This is Chef version 0.10.0
Running on ubuntu
Version 11.04
(NOTE: as an exercise you can modify the template .txt.erb , knife cookbook upload test,
SSH into the Node and run chef-client and again display the .txt file (see the changes!)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
METADATA.RB OPTIONS
depends "apt" - indicates in metadata.rb that this recipe requires another recipe/cookbook
depends "apt", "> 1.0" (must be newer than version 1.0 of apt)
description "single line description
long_description IO.read(File.join(File.dirname(__FILE__), 'README.rdoc')) (modify the README.rdoc to add more)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
INSTALLING A PACKAGE USING CHEF
knife cookbook create install-test (ALL WE'RE ACTUALLY GOING TO USE IS metadata.rb and recipes/default.rb)
nano chef-repo/cookbooks/install-test/metadata.rb
name "install-test"
version "0.0.1"
nano chef-repo/cookbooks/install-test/recipes/default.rb
package "unzip" do
action :install
end
knife cookbook upload install-test
knife node run_list add `knife node list` "recipe[install-test]"
knife cookbook list
knife cookbook delete test
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EXECUTING COMMANDS ON A REMOTE SERVER USING CHEF ("Recipes are evaluated as Ruby code on the node")
knife cookbook create exec-test (ONLY REQUIRES metadata.rb and recipes/default.rb)
nano chef-repo/cookbooks/exec-test/metadata.rb
name "exec-test"
version "0.0.1"
nano chef-repo/cookbooks/exec-test/recipes/default.rb
execute "wget" do
url = "http://news.google.com"
cwd "/tmp"
command "wget #{url}"
action :run
end
THE ADVANTAGES, A CUSTOMIZABLE SCALABLE SERVER TEMPLATING SYSTEM
apt-get install libtcnative-1 tomcat6 (now replaced by a chef recipe!)
sudo update-rc.d -f avahi-daemon remove
sudo /etc/init.d/avahi-daemon stop
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
cookbook_file "/usr/local/bin/apache2_module_conf_generate.pl" do
source "apache2_module_conf_generate.pl"
mode 0755
owner "root"
group "root"
end
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
knife cookbook site download COOKBOOK (cookbooks without using GIT, http://community.opscode.com/cookbooks)
sun-java install cookbook
sed -i 's/^# \(.*\)partner/\1partner/g' /etc/apt/sources.list
sudo sh -c ‘echo sun-java6-jre shared/accepted-sun-dlj-v1-1 select true | /usr/bin/debconf-set-selections’;
apt-get install sun-java6-jre
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
sed -i 's/^# \(.*\)partner/\1partner/g' /etc/apt/sources.list
(captures the group of text between # space, and partner)
UNNECESSARY sed -i 's/^ //g' test.txt (remove a single whitespace from the beginning of a line)
line that begins with hash, escape the ( , matching infinite repitions of the single character wildcard,
again escape the ), but infinite match ends at partner, replace with the infinite match
lsb_release -c | awk '{print $2}' (displays natty)
if grep "partner" /etc/apt/sources.list
echo "deb http://archive.canonical.com/ubuntu natty partner" >> /etc/apt/sources.list
sed /s/^# deb http://archive.canonical.com/ubuntu natty partner/g/ /etc/apt/sources.list
sed /s/'texttoreplace'/'replacementtext'/g/ filename > filename.txt
REPOSITORY=http://archive.canonical.com/ubuntu natty partner/deb
sed 's/^#*partner/*partner/g' /etc/apt/sources.list > test.txt
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
automatic security updates
/etc/apt/apt.conf.d/10periodic
APT::Periodic::Enable "1";
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "5";
APT::Periodic::Unattended-Upgrade "1";
APT::Periodic::RandomSleep "1800";
ENSURE THAT /etc/apt/apt.conf.d/50unattended-upgrades
Unattended-Upgrade::Allowed-Origins
{ "${distro_id} ${distro_codename}-security";
"${distro_id} ${distro_codename}-updates";
}