- from code/chef/work create a new repo
chef generate repo chefkata4
- create /code/chef/work/chefkata4/.chef and copy the user pem inside the .chef directory
- generate knife.rb "generate knife config" for that org to put in .chef folder, too
- from code/chef/work/chefkata4/cookbooks
git clone https://github.com/anniehedgpeth/chefkata.git
- from code/chef/work/chefkata4/cookbooks/chefkata create a branch, name it, and switch to it
git checkout -b <branch-name>
- add the ubuntu cookbook to that cookbooks directory and make sure it converges
git clone https://github.com/anniehedgpeth/ubuntu-14-hardening.git
berks install
berks upload
Any time I change the cookbook, from that cookbook’s directory, I need to:
- bump the version in
metadata.rb
or it won't upload the new one - (you would normally automate that in Jenkins)
berks install
berks upload
knife bootstrap chefkata8.southcentralus.cloudapp.azure.com -N chefkata8 -r 'recipe[chefkata::default], recipe[ubuntu-14-hardening::default]' --ssh-user annie --sudo
knife bootstrap production8.southcentralus.cloudapp.azure.com -N chefkata8prod -r 'recipe[chefkata::default], recipe[ubuntu-14-hardening::default]' -E 'prod' --ssh-user annie --sudo
run sudo chef-client
in an ssh session
First you have to add your private key to the local ssh (I don't know if it matters which directory you're in.)
ssh-add
ssh annie@chefkata8.southcentralus.cloudapp.azure.com
inspec exec https://github.com/anniehedgpeth/chefkata_inspec -t ssh://annie@chefkata8.southcentralus.cloudapp.azure.com
inspec exec https://github.com/anniehedgpeth/chefkata_inspec -t ssh://annie@production8.southcentralus.cloudapp.azure.com
knife node run_list set chefkata2 'recipe[chefkata::default]'
knife node show chefkata6
- make sure the cookbook is uploaded
- make sure it has a
Berksfile
berks install
berks upload
knife node run_list add chefkata2 'ubuntu-14-hardening'
- add the org
- reset user key
generate knife config from UI
copy the user key into .chef folder
create a new org key and download knife.rb
see if your user needs a new key
knife node list
knife search node "platform:ubuntu" knife search node "builder:Annie"
- shared data that your cookbooks can use
- data_bags directory is in the chef_repo sibling to cookbooks directory
- each data bag is a folder and each data_bag item is a .json file within that folder
- the data_bag item is just a .json file of all of settings for that data_bag item
- must include
{ "id":"<data_bag_item_name>" }
- must include
- upload data_bag item to chef server so that you can use it in your cookbook
- first create the bag on the server
knife data bag create website messages.json
- run this from the top of the chef repo directory
knife data bag from file BAG_NAME ITEM_NAME.json
knife data bag from file website messages.json
- It's the same command to update the data bag if you edit it
- Verify that it's there in UI
- Policy > Data Bags > name
- Verify that it's there from command line
knife data bag list
- First we access the data from that item
messages = data_bag_item('website', 'messages')
- Then we're calling the specific data element from that item
message = messages['welcomeMessage']
- Then call it in the recipe like
content message
So kitchen can't look inside the "real" data bags directory, so you have to set up a dummy data bags directory just for test kitchen.
- Create cookbooks/thiscookbook/test/integration/data_bags and copy your real data bag directory into that
- Then edit the .kitchen.yml
suites:
- name: default
data_bags_path: "test/integration/data_bags"
Roles function just like data bags in the sense that they're sibling to the cookbooks directory, you have to upload them separately to the chef server, and they have their own attributes. They also have their own run-lists.
- to upload to chef server
knife role from file roles/security.json
- to check
knife role list
- to add the role to the runlist
knife node run_list add chefkata7 'role[security]'
knife environment create ENVIRONMENT_NAME -d DESCRIPTION
knife environment from file FILE (options)
knife environment edit ENVIRONMENT_NAME
knife environment show ENVIRONMENT_NAME