Chef:- Chef is pulled base automation tool which turns your code into infrastructure and helps to manage servers with increased uptime and performance, ensure compliance, minimize cost and reduce cost.
Configuration management:- configuration management is a method through which we automate admin tasks.
Chef-Client:- tool that pulls configuration from Chef-server with help of a knife and ohai.
Workstation:-work station is a server where DevOps write code (as recipe) and store it in a cookbook.
Cookbook:- Cookbook s place(folder) where DevOps write code as a recipe for automation.
Chef-server:- The server which is managing the cookbook and is connected between the node and Workstation.
Knife:- Knife is a command line tool that uploads the cookbook to the server and connects every node with Chef-server.
Node:- The server which required configuration. Which is communicating with Chef-server using the Chef-Client using the knife.
Bootstrap:- Bootstrap is a knife process that connects nodes and Chef-server for automation.
Chef supermarket:-the place where get recipes for automation.
Ohai:- Ohai is a database that stores the current configuration of the node and supplies it to the Chef-Client before connecting to the Chef server.
Idempotency:- Tracking the state of the system resources to ensure that changes should not reapply repeatedly.
Resource
=======
Resource:- Resources are components of a recipe used to manage the infrastructure with a different type of status. There can be multiple resources in a recipe that will help in configuring t and managing the infrastructure.
|
1 |
package |
Manage packages on node |
package ‘tar’ do version ‘1.16.1’ action :install end |
|
service |
Manage the service on node |
service ‘apache’ do action [ :enable, :start ] retries 3 retry_delay 5 end |
|
|
user |
Manage the users on the node |
user ‘aniljalela’ do action :create comment ‘cron user’ uid 1234 gid ‘1234’ home ‘/home/aniljalela’ shell ‘/bin/bash’ password ‘$1$JJsvHslasdfjVEroftprNn4JHtDi’ end |
|
|
group |
Manage groups |
Group “vmail” do action :create member ‘dovecot’ append true end dont forgot create user before create group and must use append . |
|
|
template |
Manages the files with embedded ruby template |
||
|
Cookbook file |
Transfer the file from the files subdirectory in the cookbook to a location of node |
||
|
file |
Manage content of a file on the node |
File “systeminfo” do content “system information” HOSTNAME: #{node [‘hostname’]} IPADDRESS:#{node [‘ipaddress’]} MEMORY: #{node [‘’memory][‘total’]} owner ‘root’ group ‘root’ end |
|
|
execute |
Executes a command on the node |
execute 'apache_configtest' do command '/usr/sbin/apachectl configtest' end or Execute “run a script” do command <<-EIH chown apache:apache / home / anil / jalela -R EOH end (remove space from path and note that (this commands runs on every calls) |
|
|
cron |
Edits an existing cron job file on the node |
||
|
directory |
Manage the directory on the node |
||
|
git |
git "#{Chef::Config[:file_cache_path]}/ruby-build" do repository 'git://github.com/sstephenson/ruby-build.git' reference 'master' action :sync end bash 'install_ruby_build' do cwd '#{Chef::Config[:file_cache_path]}/ruby-build' user 'rbenv' group 'rbenv' code <<-EOH ./install.sh EOH environment 'PREFIX' => '/usr/local' end |
||
|
bash |
bash 'install_ruby_build' do cwd '#{Chef::Config[:file_cache_path]}/ruby-build' user 'rbenv' group 'rbenv' code <<-EOH ./install.sh EOH environment 'PREFIX' => '/usr/local' end |
||
|
hostname |
hostname 'statically_configured_host' do hostname 'example' ipaddress '198.51.100.2' end |
||
Chef-Workstation:-
rpm -ivh chef-workstation-22.7.1006-1.el7.x86_64.rpm or
yum localinstall chef-workstation-22.7.1006-1.el7.x86_64.rpm
[root@srv25 ~]# which chef
/usr/bin/which: no chef in (/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin)
[root@srv25 ~]#
|
1 |
chef -v |
Check chef version information. |
Chef Workstation version: 22.7.1006 Cook style version: 7.32.1 Chef Infra Client version: 17.10.0 Chef InSpec version: 4.56.20 Chef CLI version: 5.6.1 Chef Habitat version: 1.6.420 Test Kitchen version: 3.3.1 |
|
2 |
mkdir /home/workstation-chef.blackpost.net/chef-repo/cookbooks -p |
cookbooks is the main directory. We will create identical cookbooks into this, and Create recopies in the identical cookbook. |
|
|
3 |
cd /home/workstation-chef.blackpost.net/chef-repo/ cookbooks/ chef generate cookbook common-cookbook |
Generate cookbook common-cookbook and we add recipes into the common-cookbook |
. └── common-cookbook ├── CHANGELOG.md ├── chefignore ├── compliance │ ├── inputs │ ├── profiles │ ├── README.md │ └── waivers ├── kitchen.yml ├── LICENSE ├── metadata.rb ├── Policyfile.rb ├── README.md ├── recipes │ └── default.rb └── test └── integration └── default └── default_test.rb |
|
4 |
Cd /home/workstation-chef.blackpost.net/chef-repo/cookbooks/common-cookbook chef generate recipe common-recipe |
Generate recipe name common-recipe |
|
|
5 |
Cd /home/workstation-chef.blackpost.net/chef-repo/cookbooks/ vi common-cookbook /recipes/common-recipe.rb |
Open generate common-recipe for add code. |
|
|
6 |
Chef exec ruby -c common-cookbook /recipes/common-recipe.rb |
Check code syntax of common-recipe |
|
|
7 |
Chef-client -zr “recipe[common-cookbook::common-recipe” |
Run recipe on local system. |
|
Attributes:- attribute is a key-value pair that represents a specific detail about a node. Which is determine
(1) current state of the node.
(2) previous chef-client run the state.
(3) what stats of the node when checking client run?
Attributes use in node. Cookbook, roles, environment, and recipes.
|
No |
Name |
Priority |
|
1 |
Default |
6 |
|
2 |
Force-default |
5 |
|
3 |
Normal |
4 |
|
5 |
Override |
3 |
|
5 |
Force-override |
2 |
|
6 |
Automatic |
1 |
Convergence:- run chef-client to apply the recipe to bring the node into the desired state this process is known as Convergence.
Runlist:- run recipes in a sequence order that we have mentioned in the run list. Using a run list we can run multiple recipes but the condition is there must be only one recipe from one cookbook.
Chef-client -zr “recipe[common-cookbook::common-recipe], recipe[apache-cookbook::apache-recipe] ”
Include recipe:- from one recipe to call another recipes are present in the same cookbook. For include, you can use any recipe but recommend is the default.
cd /home/workstation-chef.blackpost.net/chef-repo/cookbooks/common-cookbook
vi common-recipe/default.rb
inclde_recipe “common-cookbook::common-recipe”
inclde_recipe “Apache-cookbook::Apache-recipe”
chef-client -zr “recipe[common-cookbook::default]”
Chef-Server:-
Create an account on https://manage.chef.io
Create organization via the Administration tab
We can create or manage multiple organizations on “manage.chef.io”
Each organization is for one company.
Download chef-starter.zip on your workstation and overwrite it on chef-repo
|
root@vps205204 1]# unzip chef-starter.zip Archive: chef-starter.zip : chef-repo/README.md creating: chef-repo/cookbooks/ : chef-repo/cookbooks/chefignore creating: chef-repo/cookbooks/starter/ : chef-repo/cookbooks/starter/metadata.rb creating: chef-repo/cookbooks/starter/files/ creating: chef-repo/cookbooks/starter/files/default/ : chef-repo/cookbooks/starter/files/default/sample.txt creating: chef-repo/cookbooks/starter/templates/ creating: chef-repo/cookbooks/starter/templates/default/ : chef-repo/cookbooks/starter/templates/default/sample.erb creating: chef-repo/cookbooks/starter/attributes/ : chef-repo/cookbooks/starter/attributes/default.rb creating: chef-repo/cookbooks/starter/recipes/ : chef-repo/cookbooks/starter/recipes/default.rb : chef-repo/.gitignore creating: chef-repo/.chef/ creating: chef-repo/roles/ : chef-repo/.chef/config.rb : chef-repo/roles/starter.rb : chef-repo/.chef/aniljalela.pem [root@vps205204 1]# |
|
cp -rpv chef-repo /home/workstation-chef.blackpost.net/chef-repo/ |
/home/workstation-chef.blackpost.net/chef-repo/.chef/config.rb is a knife file.
|
[root@vps205204 chef-repo]# cat /home/workstation-chef.blackpost.net/chef-repo/.chef/config.rb # See http://docs.chef.io/workstation/config_rb/ for more information on knife configuration options current_dir = File.dirname(__FILE__) log_level :info log_location STDOUT node_name “aniljalela” client_key “#{current_dir}/aniljalela.pem” chef_server_url “https://api.chef.io/organizations/blackpost” cookbook_path [“#{current_dir}/../cookbooks”] [root@vps205204 chef-repo]# |
Check connection with the server.
|
[root@vps205204 chef-repo]# knife ssl check Connecting to host api.chef.io:443 Successfully verified certificates from `api.chef.io’ [root@vps205204 chef-repo]# |
Connect node with chef-server via workstations.
knife bootstrap <IP or FQDN> -N <NODE_NAME> -x <USER> — sudo — identity-file <SSH_PEM_FILE>
or
knife bootstrap node_name -x root -P password –sudo
|
Knife bootstrap 10.01.11.1 –ssh-user ec2-user –sudo -i key.pem -N node1 |
Upload cookbook on server and list it
knife cookbook upload cookbook-name
|
knife cookbook upload common-cookbook knife cookbook list |
Apply recipe to specific node:-
|
Knife node run_list set node1 “recipe[common-cookbook::common-recipe]” |
To see a list of cookbooks that are present in the chef server
|
[root@vps205204 chef-repo]# knife cookbook list common-cookbook 0.1.0 [root@vps205204 chef-repo]# |
To delete cookbook from chef server
|
Knife cookbook delete common-cookbook -y |
To see the list of nodes present in the chef server.
|
Knife node list |
To delete a node from the server.
|
Knife node delete node-name -y |
To see list of clients which are present in chef-server
|
Knife client-list |
To delete the client from the chef-server.
|
Knife client delete client-name -y |
To see a list of roles that are present in the chef-server.
|
Knife role list |
to delete roles from chef-server
|
Knife role delete role-name -y |
Role:-
Instead of assigning recipes using knife run_list assign a role to the server and add Recipes into the role
|
Cd /home/workstation-chef.blackpost.net/chef-repo/roles/ vi webserver.rb and add below code name “webserver” description “create web servers” run_list “recipe[common-cookbook::common-recipe]”,“recipe[apache-cookbook::apache-recipe]” |
Upload role chef-server
|
Knife role from file roles/devops.rb |
If you want to see the role created or not on the server.
|
Knife role list |
Bootstrap the node.
|
Knife bootstrap node-ip –ssh-user centos –sudo (-i) node-key.pem -N node1 |
Assign run_list to node
|
knife node run_list set node1 “role[webserver]” |
Show which node have which roles
|
knife node show node1 (node1 is node name) |
You need to upload the recipe to the server.
|
knife cookbook upload common-cookbook |
We can add recipes in two ways in the role.
|
vi webserver.rb and add below code name “webserver” description “create web servers” run_list “recipe[common-cookbook::common-recipe]”,“recipe[apache-cookbook::apache-recipe]” |
Or as below which include all the recipes of common-cookbook and apache-cookbook.
|
vi webserver.rb and add below code name “webserver” description “create web servers” run_list “recipe[common-cookbook”,“recipe[apache-cookbook]” |
Loop in recipe
|
%w (tar zip mysql httpd wget vim) .each do |p| package p do action :install end end |