john pfeiffer

Chef opscode knife coookbooks recipes 

knife node list

knife node show `knife node list` -r     (shows the recipes for the node)
    run_list:
  • download the appropriate cookbook, e.g. apt, from https://supermarket.chef.io/cookbooks/apt

  • unpack it and move it to your chef-repo/cookbooks directory

    knife cookbook upload apt -V

    added the Verbose parameter just to see it work

Try and do the same for the cookbook "java"

  • After uploading the java cookbook use the opscode web gui -> Edit Node
  • drag and drop roles (groups of recipes) or single recipes onto a Node

In this example we'll only drag and drop java::sun (a sub recipe of the java cookbook)

SSH into that node and run chef-client -V (verbose)

If you hadn't uploaded the apt cookbook into your hosted opscode account you would have gotten errors,

Note that the community java cookbook depends on the "apt" cookbook, welcome to potential chef dependency hell!

(During a chef-client run, if metadata.rb indicates "depends", it will actually use the apt cookbook even if it's not on the run list - note that if you are not making a generalized script for multiple OS environments, i.e. one without apt, then you don't need to include that dependency in your metadata.rb!)

java -version

verify the install

sudo update-rc.d -f avahi-daemon remove

best security practice if you're not using avahi

sudo /etc/init.d/avahi-daemon stop

see the chef recipe created below just for this!

COMMAND LINE MODIFY NODE ROLES AND RECIPES

knife node run_list add `knife node list` "recipe[java::sun]"     ([COOKBOOK:RECIPENAME]
knife node run_list add `knife node list` "role[base]"

knife node run_list remove i-12345678 "recipe[java::sun]"

NOTE that removing the recipe from the run list does NOT remove the package/binaries, it just means further chef runs will not execute that script

INSTANCE CREATION WITH ROLES AND RECIPES

knife ec2 server create recipe[java::sun] -I ami-136f3c56 -f t1.micro -g default -S john-aws -i ~/chef-repo/.chef/john-aws.pem -x ubuntu --region us-west-1 -Z us-west-1a

knife cookbook create COOKBOOK

This will create all the cookbook directory components, you can delete ones you don't need. MOST OF THESE WE WON'T NEED FOR BASIC USAGE

attributes/
definitions/
files/
libraries/
metadata.rb
providers/
README.rdoc
recipes/
resources/
templates/

knife cookbook create test          (WE ONLY USE 3 FILES AND 3 SUB DIRECTORIES!)

nano chef-repo/cookbooks/test/metadata.rb
    name "test"
    version "0.0.1"


nano chef-repo/cookbooks/test/recipes/default.rb
    template "/tmp/example-file-from-template.txt" do
        source "example-file-from-template.txt.erb"
    end

nano chef-repo/cookbooks/test/templates/default/example-file-from-template.txt.erb
    This is Chef version <%= node[:chef_packages][:chef][:version] %>
    Running on <%= node[:platform] %>
    Version <%= node[:platform_version] %>


knife cookbook upload test
knife node run_list add `knife node list` "recipe[test]"
SSH into the Node, execute chef-client, and then verify

cat /tmp/example-file-from-template.txt 
    This is Chef version 0.10.0
    Running on ubuntu
    Version 11.04

(NOTE: as an exercise you can modify the template .txt.erb , knife cookbook upload test, 
 SSH into the Node and run chef-client and again display the .txt file (see the changes!)

- - - - - - - - - - - - - - - -  - - - - - - - -  - - - - - - - -  - - - - - - - - - - - - - - - -
METADATA.RB OPTIONS

depends "apt"  - indicates in metadata.rb that this recipe requires another recipe/cookbook
depends "apt", "> 1.0"  (must be newer than version 1.0 of apt)
description "single line description
long_description IO.read(File.join(File.dirname(__FILE__), 'README.rdoc'))  (modify the README.rdoc to add more)

- - - - - - - - - - - - - - - -  - - - - - - - -  - - - - - - - -  - - - - - - - - - - - - - - - -
INSTALLING A PACKAGE USING CHEF

knife cookbook create install-test  (ALL WE'RE ACTUALLY GOING TO USE IS metadata.rb and recipes/default.rb)

nano chef-repo/cookbooks/install-test/metadata.rb
    name "install-test"
    version "0.0.1"

nano chef-repo/cookbooks/install-test/recipes/default.rb
    package "unzip" do
        action :install
    end

knife cookbook upload install-test
knife node run_list add `knife node list` "recipe[install-test]"
knife cookbook list
knife cookbook delete test

- - - - - - - - - - - - - - - -  - - - - - - - -  - - - - - - - -  - - - - - - - - - - - - - - - -
EXECUTING COMMANDS ON A REMOTE SERVER USING CHEF  ("Recipes are evaluated as Ruby code on the node")

knife cookbook create exec-test  (ONLY REQUIRES metadata.rb and recipes/default.rb)

nano chef-repo/cookbooks/exec-test/metadata.rb
    name "exec-test"
    version "0.0.1"

nano chef-repo/cookbooks/exec-test/recipes/default.rb
    execute "wget" do
        url = "http://news.google.com"
        cwd "/tmp"
        command "wget #{url}"
        action :run
    end


THE ADVANTAGES, A CUSTOMIZABLE SCALABLE SERVER TEMPLATING SYSTEM

apt-get install libtcnative-1 tomcat6 (now replaced by a chef recipe!)

sudo update-rc.d -f avahi-daemon remove
sudo /etc/init.d/avahi-daemon stop

- - - - - - - - - - - - - - - -  - - - - - - - -  - - - - - - - -  - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - -  - - - - - - - -  - - - - - - - -  - - - - - - - - - - - - - - - -    
- - - - - - - - - - - - - - - -  - - - - - - - -  - - - - - - - -  - - - - - - - - - - - - - - - -

cookbook_file "/usr/local/bin/apache2_module_conf_generate.pl" do
  source "apache2_module_conf_generate.pl"
  mode 0755
  owner "root"
  group "root"
end



- - - - - - - - - - - - - - - -  - - - - - - - -  - - - - - - - -  - - - - - - - - - - - - - - - -    
knife cookbook site download COOKBOOK  (cookbooks without using GIT, http://community.opscode.com/cookbooks)

sun-java install cookbook

sed -i 's/^# \(.*\)partner/\1partner/g' /etc/apt/sources.list


sudo sh -c ‘echo sun-java6-jre shared/accepted-sun-dlj-v1-1 select true | /usr/bin/debconf-set-selections’;
apt-get install sun-java6-jre




- - - - - - - - - - - - - - - -  - - - - - - - -  - - - - - - - -  - - - - - - - - - - - - - - - -  
sed -i 's/^# \(.*\)partner/\1partner/g' /etc/apt/sources.list

    (captures the group of text between # space, and partner)

UNNECESSARY sed -i 's/^ //g' test.txt  (remove a single whitespace from the beginning of a line)

line that begins with hash, escape the ( , matching infinite repitions of the single character wildcard,
again escape the ), but infinite match ends at partner, replace with the infinite match


lsb_release -c | awk '{print $2}'               (displays natty)

if grep "partner" /etc/apt/sources.list
    echo "deb http://archive.canonical.com/ubuntu natty partner" >> /etc/apt/sources.list







sed /s/^# deb  http://archive.canonical.com/ubuntu natty partner/g/ /etc/apt/sources.list

sed /s/'texttoreplace'/'replacementtext'/g/ filename > filename.txt

REPOSITORY=http://archive.canonical.com/ubuntu natty partner/deb

sed 's/^#*partner/*partner/g' /etc/apt/sources.list > test.txt




- - - - - - - - - - - - - - - -  - - - - - - - -  - - - - - - - -  - - - - - - - - - - - - - - - -

 automatic security updates

 /etc/apt/apt.conf.d/10periodic

APT::Periodic::Enable "1";
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "5";
APT::Periodic::Unattended-Upgrade "1";
APT::Periodic::RandomSleep "1800";

ENSURE THAT /etc/apt/apt.conf.d/50unattended-upgrades

Unattended-Upgrade::Allowed-Origins 
{  "${distro_id} ${distro_codename}-security";
    "${distro_id} ${distro_codename}-updates";
}

Published

Category

chef

~778 words

Tags