Chef Tutorial
Chef Tutorial
Chef
Audience
This tutorial has been prepared for those who want to understand the features and
functionality of Chef and how Chef can help in reducing the complexity of managing an
infrastructure.
After completing this tutorial one would have moderate level understanding of Chef and
its key building blocks. It will also give a fair idea on how to configure Chef in a
preconfigured infrastructure and how to use it.
Prerequisites
We assume anyone who wants to learn Chef should have an understanding of system
administration, infrastructure and network protocol communication. To automate the
infrastructure provisioning, one should have a command over basic Ruby script writing
and the underlying system where one wants to use Chef.
All the content and graphics published in this e-book are the property of Tutorials Point (I)
Pvt. Ltd. The user of this e-book is prohibited to reuse, retain, copy, distribute or republish
any contents or a part of contents of this e-book in any manner without written consent
of the publisher.
We strive to update the contents of our website and tutorials as timely and as precisely as
possible, however, the contents may contain inaccuracies or errors. Tutorials Point (I) Pvt.
Ltd. provides no guarantee regarding the accuracy, timeliness or completeness of our
website or its contents including this tutorial. If you discover any errors on our website or
in this tutorial, please notify us at contact@tutorialspoint.com
i
Chef
Table of Contents
About the Tutorial ............................................................................................................................................ i
Audience ........................................................................................................................................................... i
Prerequisites ..................................................................................................................................................... i
Copyright & Disclaimer ..................................................................................................................................... i
Table of Contents ............................................................................................................................................ ii
ii
Chef
iii
Chef
Basic Chef
1
Chef
1. Chef Overview
Chef have got its own convention for different building blocks, which are required to
manage and automate infrastructure.
Why Chef?
Chef is a configuration management technology used to automate the infrastructure
provisioning. It is developed on the basis of Ruby DSL language. It is used to streamline
the task of configuration and managing the companys server. It has the capability to get
integrated with any of the cloud technology.
In DevOps, we use Chef to deploy and manage servers and applications in-house and on
the cloud.
Features of Chef
Following are the most prominent features of Chef:
Chef does not make assumptions on the current status of a node. It uses its
mechanisms to get the current status of machine.
Chef is ideal for deploying and managing the cloud server, storage, and software.
Advantages of Chef
Chef offers the following advantages:
Lower barrier for entry: As Chef uses native Ruby language for configuration, a
standard configuration language it can be easily picked up by anyone having some
development experience.
Excellent integration with cloud: Using the knife utility, it can be easily
integrated with any of the cloud technologies. It is the best tool for an organization
that wishes to distribute its infrastructure on multi-cloud environment.
2
Chef
Disadvantages of Chef
Some of the major drawbacks of Chef are as follows:
One of the huge disadvantages of Chef is the way cookbooks are controlled. It
needs constant babying so that people who are working should not mess up with
others cookbooks.
It is not very easy to learn if the person is not familiar with Ruby.
Recipe
It can be defined as a collection of attributes which are used to manage the infrastructure.
These attributes which are present in the recipe are used to change the existing state or
setting a particular infrastructure node. They are loaded during Chef client run and
comparted with the existing attribute of the node (machine). It then gets to the status
which is defined in the node resource of the recipe. It is the main workhorse of the
cookbook.
Cookbook
A cookbook is a collection of recipes. They are the basic building blocks which get uploaded
to Chef server. When Chef run takes place, it ensures that the recipes present inside it
gets a given infrastructure to the desired state as listed in the recipe.
Resource
It is the basic component of a recipe used to manage the infrastructure with different kind
of states. There can be multiple resources in a recipe, which will help in configuring and
managing the infrastructure. For example -
3
Chef
Attribute
They are basically settings. They can be thought of as a key value pair of anything which
one wants to use in the cookbook. There are several different kinds of attributes that can
be applied, with a different level of precedence over the final settings that the node
operates under.
File
Its a subdirectory within the cookbook that contains any static file which will be placed on
the nodes that uses the cookbooks. A recipe then can be declared as a resource that moves
the files from that directory to the final node.
Templates
They are similar to files, but they are static. Template files end with the .ebr extension,
which means they contain embedded Ruby. They are mainly used to substitute an attribute
value into the files to create the final file version that will be placed on the node.
Metadata.rb
It is used to manage the metadata about the package. This includes details like the name
and details of the package. It also includes things such as dependency information that
tells which cookbooks this cookbook needs to operate. This allows the Chef server to build
the run-list of the node correctly and ensures that all of the pieces are transferred
correctly.
4
Chef
providers
recipes
resources
templates
default
Puppet
Puppet provides a standard way of delivering and operating software, no matter where it
runs. It is an automated administrative engine for Linux, Unix, and Windows system that
performs administrative tasks based on centralized specification.
Updating the systems and upgrading the security and software packages.
Simplifying the roles and enabling the team to focus on core and productive issues.
Ansible
Ansible is a radically simple IT automation platform that makes your applications and
systems easier to deploy. Avoid writing scripts or custom code to deploy and update your
applications automate in a language that approaches plain English, using SSH, with no
agents to install on remote systems.
5
Chef
SaltStack
SaltStack is used for data-driven configuration. It is a new approach of infrastructure
management built on dynamic communication bus. It is used for data-driven
orchestration, remote execution for any infrastructure, and configuration management for
any app stack.
Fabric
Fabric is a Python-based programming language, which is developed as an API of Python
which needs to be imported in Python code in order to configure and manage an
infrastructure.
6
Chef
2. Chef Architecture
Chef works on a three-tier client server model wherein the working units such as
cookbooks are developed on the Chef workstation. From the command line utilities such
as knife, they are uploaded to the Chef server and all the nodes which are present in the
architecture are registered with the Chef server.
In order to get the working Chef infrastructure in place, we need to set up multiple things
in sequence.
Chef Workstation
This is the location where all the configurations are developed. Chef workstation is installed
on the local machine. Detailed configuration structure is discussed in the later chapters of
this tutorial.
7
Chef
Chef Server
This works as a centralized working unit of Chef setup, where all the configuration files are
uploaded post development. There are different kinds of Chef server, some are hosted
Chef server whereas some are built-in premise.
Chef Nodes
They are the actual machines which are going to be managed by the Chef server. All the
nodes can have different kinds of setup as per requirement. Chef client is the key
component of all the nodes, which helps in setting up the communication between the
Chef server and Chef node. The other components of Chef node is Ohai, which helps in
getting the current state of any node at a given point of time.
8
Chef
3. Chef Version Control System Setup
Note: Dont think of building an infrastructure as a code without a version control system.
On Windows
Step 1: Download the Windows installer from www.git-scm.org and follow the
installation steps.
Step 3: Upload the ssh key to the GitHub account, so that one can interact with it easily.
For details on ssh key visit the following link https://help.github.com/articles/generating-
ssh-keys.
Before actually starting to write a cookbook, one can set up an initial GIT repository on
the development box and clone the empty repository provided by Opscode.
$ wget https://github.com/opscode/chef-repo/tarball/master
$ mv opscode-chef-repo-2c42c6a/ chef-repo
$ cd chef-repo
$ git init .
9
Chef
$ git add .
$ git commit m empty repo structure added
$ git push u origin master
By using the above procedure, you will get an empty chef repo in place. You can then start
working on developing the recipes and cookbooks. Once done, you can push the changes
to the GitHub.
10
Chef
4. Chef Workstation Setup
Chef follows the concept of client-server architecture, hence in order to start working with
Chef one needs to set up Chef on the workstation and develop the configuration locally.
Later it can be uploaded to Chef server to make them working on the Chef nodes, which
needs to be configured.
Opscode provides a fully packaged version, which does not have any external
prerequisites. This fully packaged Chef is called the omnibus installer.
On Windows Machine
Step 1: Download the setup .msi file of chefDK on the machine.
Step 2: Follow the installation steps and install it on the target location.
On Linux Machine
In order to set up on the Linux machine, we need to first get curl on the machine
Step 1: Once curl is installed on the machine, we need to install Chef on the workstation
using Opscodes omnibus Chef installer.
11
Chef
The Omnibus Chef will install Ruby and all the required Ruby gems into
/opt/chef/embedded by adding /opt/chef/embedded/bin directory to the
.bash_profile file.
If Ruby is already installed, then install the Chef Ruby gem on the machine by running the
following command.
12
Chef
5. Chef Client Setup
In order to make Chef node communicate with Chef server, you need to set up Chef client
on the node.
Chef Client
This is one of the key components of Chef node, which retrieves the cookbooks from the
Chef server and executes them on the node. It is also known as the Chef provisioner.
Here, we will use Vagrant to manage VM. Vagrant can also be configured with the
provisioner such as Shell script, Chef and Puppet to get VM into a desired state. In our
case, we will use Vagrant to manage VMs using VirtualBox and Chef client as a provisioner.
Step 3: Install Vagrant Omnibus plugin to enable Vagrant to install Chef client on the VM.
Step 2: Once you have the Vagrant file, download the path you need to edit the Vagrant
file.
13
Chef
chef.validation_client_name = "<YOUR_ORG>-validator"
chef.node_name = "server"
end
end
In the above program, you need to update the <YOUR_ORG> name with the correct or
required organization name.
Step 3: Next step after the configuration is, to get the vagrant box up. For this, you need
to move to the location where Vagrant box is located and run the following command.
$ vagrant up
Step 4: Once the machine is up, you can login to the machine using the following
command.
$ vagrant ssh
In the above command, vagrantfile is written in a Ruby Domain Specific Language (DSL)
for configuring the vagrant virtual machine.
In the vagrant file, we have the config object. Vagrant will use this config object to
configure the VM.
Vagrant.configure("2") do |config|
.
End
Inside the config block, you will tell vagrant which VM image to use, in order to boot the
node.
config.vm.box = "opscode-ubuntu-12.04"
config.vm.box_url = https://opscode-vm-bento.s3.amazonaws.com/
vagrant/opscode_ubuntu-12.04_provisionerless.box
In the next step, you will tell Vagrant to download the omnibus plugin.
config.omnibus.chef_version = :latest
After selecting the VM box to boot, configure how to provision the box using Chef.
14
Chef
Inside this, you need to set up instruction on how to hook up the virtual node to the Chef
server. You need to tell Vagrant where you need to store all the Chef stuff on the node.
chef.provisioning_path = "/etc/chef"
15
Chef
6. Chef Test Kitchen Setup
Test Kitchen is Chefs integrated testing framework. It enables writing test recipes, which
will run on the VMs once they are instantiated and converged using the cookbook. The test
recipes run on that VM and can verify if everything works as expected.
ChefSpec is something which only simulates a Chef run. Test kitchen boots up real node
and runs Chef on it.
Step 1: Install test kitchen Ruby gem and test kitchen vagrant gem to enable test kitchen
to use vagrant for spinning up test.
Step 2: Set up test kitchen. This can be done by creating .kitchen.yml in the cookbook
directory.
driver_plugin: vagrant
driver_config:
require_chef_omnibus: true
platforms:
- name: ubuntu-12.04
driver_config:
box: opscode-ubuntu-12.04
box_url: https://opscode-vm.s3.amazonaws.com/vagrant/opscode_
ubuntu-12.04_provisionerless.box
suites:
- name: default
run_list:
- recipe[minitest-handler]
- recipe[my_cookbook_test]
attributes: { my_cookbook: { greeting: 'Ohai, Minitest!'} }
In the above code, one part defines that vagrant needs to spin up the VMs and it defines
that you want Omnibus to install Chef on the target node.
The second part defines which platform you want to test the cookbooks. Vagrant will
always create and destroy new instances. You do not have to fear about the side effects
with vagrant VMs you spin up using Vagrant file.
Test kitchen can be considered as a temporary environment that helps to run and test
cookbooks in a temporary environment that is similar to production. With test kitchen on,
16
Chef
one can make sure that the given piece of code is working, before it is actually getting
deployed on to testing, preproduction, and production environment. This feature of test
kitchen is followed by many organizations as a set before putting the cookbooks in an
actual working environment.
17
Chef
Compiling Cookbooks...
Recipe: code_generator::cookbook
* directory[C:/chef/cookbooks/motd_rhel] action create
- create new directory C:/chef/cookbooks/motd_rhel
* template[C:/chef/cookbooks/motd_rhel/metadata.rb] action create_if_missing
- create new file C:/chef/cookbooks/motd_rhel/metadata.rb
- update content in file C:/chef/cookbooks/motd_rhel/metadata.rb from none
to d6fcc2
(diff output suppressed by config)
* template[C:/chef/cookbooks/motd_rhel/README.md] action create_if_missing
- create new file C:/chef/cookbooks/motd_rhel/README.md
- update content in file C:/chef/cookbooks/motd_rhel/README.md from none to
50deab
(diff output suppressed by config)
* cookbook_file[C:/chef/cookbooks/motd_rhel/chefignore] action create
- create new file C:/chef/cookbooks/motd_rhel/chefignore
- update content in file C:/chef/cookbooks/motd_rhel/chefignore from none
to 15fac5
(diff output suppressed by config)
* cookbook_file[C:/chef/cookbooks/motd_rhel/Berksfile] action
create_if_missing
- create new file C:/chef/cookbooks/motd_rhel/Berksfile
- update content in file C:/chef/cookbooks/motd_rhel/Berksfile from none to
9f08dc
(diff output suppressed by config)
* template[C:/chef/cookbooks/motd_rhel/.kitchen.yml] action create_if_missing
- create new file C:/chef/cookbooks/motd_rhel/.kitchen.yml
- update content in file C:/chef/cookbooks/motd_rhel/.kitchen.yml from none
to 49b92b
(diff output suppressed by config)
* directory[C:/chef/cookbooks/motd_rhel/test/integration/default/serverspec]
action create
- create new directory
C:/chef/cookbooks/motd_rhel/test/integration/default/serverspec
* directory[C:/chef/cookbooks/motd_rhel/test/integration/helpers/serverspec]
action create
- create new directory
C:/chef/cookbooks/motd_rhel/test/integration/helpers/serverspec
18
Chef
*
cookbook_file[C:/chef/cookbooks/motd_rhel/test/integration/helpers/serverspec/s
pec_helper.rb] action create_if_missing
- create new file
C:/chef/cookbooks/motd_rhel/test/integration/helpers/serverspec/spec_helper.rb
- update content in file
C:/chef/cookbooks/motd_rhel/test/integration/helpers/serverspec/spec_helper.rb
from none to d85df4
(diff output suppressed by config)
*
template[C:/chef/cookbooks/motd_rhel/test/integration/default/serverspec/defaul
t_spec.rb] action create_if_missing
- create new file
C:/chef/cookbooks/motd_rhel/test/integration/default/serverspec/default_spec.rb
- update content in file
C:/chef/cookbooks/motd_rhel/test/integration/default/serverspec/default_spec.rb
from none to 3fbdbd
(diff output suppressed by config)
* directory[C:/chef/cookbooks/motd_rhel/spec/unit/recipes] action create
- create new directory C:/chef/cookbooks/motd_rhel/spec/unit/recipes
* cookbook_file[C:/chef/cookbooks/motd_rhel/spec/spec_helper.rb] action
create_if_missing
- create new file C:/chef/cookbooks/motd_rhel/spec/spec_helper.rb
- update content in file C:/chef/cookbooks/motd_rhel/spec/spec_helper.rb
from none to 587075
(diff output suppressed by config)
* template[C:/chef/cookbooks/motd_rhel/spec/unit/recipes/default_spec.rb]
action create_if_missing
- create new file
C:/chef/cookbooks/motd_rhel/spec/unit/recipes/default_spec.rb
- update content in file
C:/chef/cookbooks/motd_rhel/spec/unit/recipes/default_spec.rb from none to
ff3b17
(diff output suppressed by config)
* directory[C:/chef/cookbooks/motd_rhel/recipes] action create
- create new directory C:/chef/cookbooks/motd_rhel/recipes
* template[C:/chef/cookbooks/motd_rhel/recipes/default.rb] action
create_if_missing
- create new file C:/chef/cookbooks/motd_rhel/recipes/default.rb
- update content in file C:/chef/cookbooks/motd_rhel/recipes/default.rb
from none to c4b029
19
Chef
.kitchen.yaml file
driver:
name: vagrant
provisioner:
name: chef_zero
# verifier:
# name: inspec
20
Chef
# format: doc
platforms:
- name: ubuntu-14.04
suites:
- name: default
run_list:
- recipe[motd_rhel::default]
attributes:
Provisioner: It provides specification on how Chef runs. We are using chef_zero because
it enables to mimic a Chef server environment on the local machine. This allows to work
with node attributes and Chef server specifications.
Sutes: It defines what one wants to apply on the virtual environment. Here, you define
multiple definition. It is the location where you define the run list, which specifies which
recipe to run and in which sequence we need to run.
Kitchen List
$ kitchen list
Instance Driver Provisioner Verifier Transport Last Action
ubuntu-1404 Vagrant ChefZero Busser Ssh <Not Created>
Kitchen Create
$ kitchen create
-----> Starting Kitchen (v1.4.2)
-----> Creating <default-centos-72>...
Bringing machine 'default' up with 'virtualbox' provider...
==> default: Box 'opscode-centos-7.2' could not be found. Attempting to
find and install...
default: Box Provider: virtualbox
default: Box Version: >= 0
==> default: Box file was not detected as metadata. Adding it directly...
21
Chef
Kitchen Converge
$ kitchen converge
-----> Converging <default-centos-72>...
Preparing files for transfer
Preparing dna.json
Resolving cookbook dependencies with Berkshelf 4.0.1...
Removing non-cookbook files before transfer
Preparing validation.pem
Preparing client.rb
-----> Chef Omnibus installation detected (install only if missing)
Transferring files to <default-centos-72>
Starting Chef Client, version 12.6.0
resolving cookbooks for run list: ["motd_rhel::default"]
Synchronizing Cookbooks: - motd_rhel (0.1.0)
Compiling Cookbooks... Converging 1 resources
Recipe: motd_rhel::default (up to date)
Running handlers: Running handlers complete
Chef Client finished, 0/1 resources updated in 01 seconds
Finished converging <default-centos-72> (0m3.57s).
-----> Kitchen is finished. (0m4.55s)
Testing Setup
Kitchen login is used to test if the testing VM is provisioned correctly.
$ kitchen login
Last login: Thu Jan 30 19:02:14 2017 from 10.0.2.2
hostname: default-centos-72
fqdn: default-centos-72
22
Chef
Finally Exit
$ exit
Logout
Connection to 127.0.0.1 closed.
Destroying Setup
$ Kitchen destroy
-----> Starting Kitchen (v1.4.2)
-----> Destroying <default-centos-72>...
==> default: Forcing shutdown of VM...
==> default: Destroying VM and associated drives...
Vagrant instance <default-centos-72> destroyed.
Finished destroying <default-centos-72> (0m4.94s).
-----> Kitchen is finished. (0m5.93s)
23
Chef
7. Chef Knife Setup
Knife is Chefs command-line tool to interact with the Chef server. One uses it for uploading
cookbooks and managing other aspects of Chef. It provides an interface between the
chefDK (Repo) on the local machine and the Chef server. It helps in managing -
Chef nodes
Cookbook
Recipe
Environments
Cloud Resources
Cloud Provisioning
Installation on Chef client on Chef nodes
Bootstrap Commands
knife bootstrap [SSH_USER@]FQDN (options)
Client Commands
knife client bulk delete REGEX (options)
knife client create CLIENTNAME (options)
knife client delete CLIENT (options)
knife client edit CLIENT (options)
Usage: C:/opscode/chef/bin/knife (options)
knife client key delete CLIENT KEYNAME (options)
knife client key edit CLIENT KEYNAME (options)
knife client key list CLIENT (options)
knife client key show CLIENT KEYNAME (options)
knife client list (options)
knife client reregister CLIENT (options)
knife client show CLIENT (options)
Configure Commands
knife configure (options)
knife configure client DIRECTORY
Cookbook Commands
knife cookbook bulk delete REGEX (options)
knife cookbook create COOKBOOK (options)
knife cookbook delete COOKBOOK VERSION (options)
knife cookbook download COOKBOOK [VERSION] (options)
24
Chef
Environment Commands
knife environment compare [ENVIRONMENT..] (options)
knife environment create ENVIRONMENT (options)
knife environment delete ENVIRONMENT (options)
knife environment edit ENVIRONMENT (options)
knife environment from file FILE [FILE..] (options)
knife environment list (options)
knife environment show ENVIRONMENT (options)
Exec Commands
knife exec [SCRIPT] (options)
Help Commands
knife help [list|TOPIC]
Index Commands
knife index rebuild (options)
25
Chef
Node Commands
knife node bulk delete REGEX (options)
knife node create NODE (options)
knife node delete NODE (options)
knife node edit NODE (options)
knife node environment set NODE ENVIRONMENT
knife node from file FILE (options)
knife node list (options)
knife node run_list add [NODE] [ENTRY[,ENTRY]] (options)
knife node run_list remove [NODE] [ENTRY[,ENTRY]] (options)
knife node run_list set NODE ENTRIES (options)
knife node show NODE (options)
OSC Commands
knife osc_user create USER (options)
knife osc_user delete USER (options)
knife osc_user edit USER (options)
knife osc_user list (options)
knife osc_user reregister USER (options)
knife osc_user show USER (options)
Path-Based Commands
knife delete [PATTERN1 ... PATTERNn]
knife deps PATTERN1 [PATTERNn]
knife diff PATTERNS
knife download PATTERNS
knife edit [PATTERN1 ... PATTERNn]
knife list [-dfR1p] [PATTERN1 ... PATTERNn]
knife show [PATTERN1 ... PATTERNn]
knife upload PATTERNS
knife xargs [COMMAND]
Raw Commands
knife raw REQUEST_PATH
Recipe Commands
knife recipe list [PATTERN]
Role Commands
knife role bulk delete REGEX (options)
knife role create ROLE (options)
knife role delete ROLE (options)
knife role edit ROLE (options)
26
Chef
Serve Commands
knife serve (options)
SSH Commands
knife ssh QUERY COMMAND (options)
SSL Commands
knife ssl check [URL] (options)
knife ssl fetch [URL] (options)
Status Commands
knife status QUERY (options)
Tag Commands
knife tag create NODE TAG ...
knife tag delete NODE TAG ...
knife tag list NODE
User Commands
knife user create USERNAME DISPLAY_NAME FIRST_NAME LAST_NAME EMAIL
PASSWORD (options)
knife user delete USER (options)
knife user edit USER (options)
knife user key create USER (options)
knife user key delete USER KEYNAME (options)
knife user key edit USER KEYNAME (options)
knife user key list USER (options)
knife user key show USER KEYNAME (options)
knife user list (options)
27
Chef
Knife Setup
In order to set up knife, one needs to move to .chef directory and create a knife.rb inside
the chef repo, which tells knife about the configuration details. This will have a couple up
details.
current_dir = File.dirname(__FILE__)
log_level :info
log_location STDOUT
node_name 'node_name'
client_key "#{current_dir}/USER.pem"
validation_client_name 'ORG_NAME-validator'
validation_key "#{current_dir}/ORGANIZATION-validator.pem"
chef_server_url 'https://api.chef.io/organizations/ORG_NAME'
cache_type 'BasicFile'
cache_options( :path => "#{ENV['HOME']}/.chef/checksums" )
cookbook_path ["#{current_dir}/../cookbooks"]
In the above code, we are using the hosted Chef server which uses the following two keys.
validation_client_name 'ORG_NAME-validator'
validation_key "#{current_dir}/ORGANIZATION-validator.pem"
Here, knife.rb tells knife which organization to use and where to find the private key. It
tells knife where to find the users private key
client_key "#{current_dir}/USER.pem"
The following line of code tells knife we are using the hosted server.
chef_server_url 'https://api.chef.io/organizations/ORG_NAME'
Using the knife.rb file, the validator knife can now connect to your organizations hosted
Opscode.
28
Chef
8. Chef Solo Setup
Chef-Solo is an open source tool that runs locally and allows to provision guest machines
using Chef cookbooks without the complication of any Chef client and server configuration.
It helps to execute cookbooks on a self-created server.
Before running Chef-Solo on the local machine, one needs to install the following two files
on the local machine.
Solo.rb This file tells Chef about where to find cookbooks, roles, and data bags.
Node.json This file sets the run list and any node-specific attribute, if required.
solo.rb Configuration
Following are the steps to configure solo.rb.
current_dir = File.expand_path(File.dirname(__FILE__))
file_cache_path "#{current_dir}"
cookbook_path "#{current_dir}/cookbooks"
role_path "#{current_dir}/roles"
data_bag_path "#{current_dir}/data_bags"
Step 3: Create a node.json file inside the chef repo with the following content.
{
"run_list": [ "recipe[ntp]" ]
}
Step 4: Get the ntp cookbook inside the chef repo using knife.
29
Chef
$ cd chef-repo
30
Chef
solo.rb configures Chef-Solo to look for its cookbooks, roles, and data bags inside the
current directory: the Chef repository.
Chef-Solo takes its node configuration from a JSON file. In our example, we called it
node.json. If you're going to manage multiple servers, you'll need a separate file for each
node. Then, Chef-Solo just executes a Chef run based on the configuration data found in
solo.rb and node.json.
31
Chef
9. Chef Cookbooks
Cookbooks are fundamental working units of Chef, which consists of all the details related
to working units, having the capability to modify configuration and the state of any system
configured as a node on Chef infrastructure. Cookbooks can perform multiple tasks.
Cookbooks contain values about the desired state of node. This is achieved in Chef by
using the desired external libraries.
Creating a Cookbook
There are two ways to dynamically create a cookbook.
32
Chef
33
Chef
*
template[C:/Users/vipinkumarm/VTest/test/integration/default/serverspec/default
_spec.rb] action create_if_missing
- create new file
C:/Users/vipinkumarm/VTest/test/integration/default/serverspec/default_spec.rb
- update content in file
C:/Users/vipinkumarm/VTest/test/integration/default/serverspec/default_spec.rb
from none to 758b94
(diff output suppressed by config)
* directory[C:/Users/vipinkumarm/VTest/spec/unit/recipes] action create
- create new directory C:/Users/vipinkumarm/VTest/spec/unit/recipes
* cookbook_file[C:/Users/vipinkumarm/VTest/spec/spec_helper.rb] action
create_if_missing
- create new file C:/Users/vipinkumarm/VTest/spec/spec_helper.rb
- update content in file C:/Users/vipinkumarm/VTest/spec/spec_helper.rb from
none to 587075
(diff output suppressed by config)
* template[C:/Users/vipinkumarm/VTest/spec/unit/recipes/default_spec.rb] action
create_if_missing
- create new file
C:/Users/vipinkumarm/VTest/spec/unit/recipes/default_spec.rb
- update content in file
C:/Users/vipinkumarm/VTest/spec/unit/recipes/default_spec.rb from none to
779503
(diff output suppressed by config)
- create new file C:/Users/vipinkumarm/VTest/recipes/default.rb
- update content in file C:/Users/vipinkumarm/VTest/recipes/default.rb from
none to 8cc381
(diff output suppressed by config)
* cookbook_file[C:/Users/vipinkumarm/VTest/.gitignore] action create
- create new file C:/Users/vipinkumarm/VTest/.gitignore
- update content in file C:/Users/vipinkumarm/VTest/.gitignore from none to
33d469
(diff output suppressed by config)
The cookbook structure with the name VTest will be created in the directory and following
will be the structure for the same.
34
Chef
35
Chef
36
Chef
10. Chef Cookbook Dependencies
The features of defining cookbook dependencies help in managing cookbook. This feature
is used when we want to use the functionality of one cookbook in other cookbooks.
For example, if one wants to compile C code then one needs to make sure that all the
dependencies required to compile are installed. In order to do so, there might be separate
cookbook which can perform such a function.
When we are using chef-server, we need to know such dependencies in cookbooks which
should be decelerated in the cookbooks metadata file. This file is located at the top on the
cookbook directory structure. It provides hints to the Chef server which helps in deploying
cookbooks on the correct node.
Configuration of metadata.rb
Following is the default content of a metadata file.
37
Chef
38
Chef
11. Chef Roles
Roles in Chef are a logical way of grouping nodes. Typical cases are to have roles for web
servers, database servers, and so on. One can set custom run list for all the nodes and
override attribute value within roles.
Create a Role
vipin@laptop:~/chef-repo $ subl roles/web_servers.rb
name "web_servers"
description "This role contains nodes, which act as web servers"
run_list "recipe[ntp]"
default_attributes 'ntp' => {
'ntpdate' => {
'disable' => true
}
}
Once we have the role created, we need to upload to the Chef server.
39
Chef
How It Works
Define a role in a Ruby file inside the roles folder of Chef repository.
Every node that has a role in its run list will have the roles run list exacted into its
own.
All the recipes in the roles run list will be executed on the node.
The role will be uploaded to Chef server using the knife role from file command.
Running Chef client on a node having the role in its run list will execute all the
recipes listed in the role.
40
Chef
12. Chef Environment
Creating an Environment
Creation of environment on the fly can be done using the knife utility. Following command
will open a Shells default editor, so that one can modify the environment definition.
41
Chef
_default Environment
Each organization will always start with at least a single environment called default
environment, which is always available to the Chef server. A default environment cannot
be modified in anyway. Any kind of changes can only be accommodated in the custom
environment that we create.
Environment Attributes
An attribute can be defined in an environment and then used to override the default
settings in the node. When the Chef client run takes place, then these attributes are
compared with the default attributes that are already present in the node. When the
environment attributes take precedence over the default attributes, Chef client will apply
these settings and values when the Chef client run takes place on each node.
Attribute Type
Default: A default attribute is always reset at the start of every Chef client run and have
the lowest attribute precedence.
Override: An override attribute is always reset at the start of every Chef client run and
has a higher attribute precedence than default, force_default and normal. An override
attribute is most often defined in the recipe but can also be specified in an attribute file
for a role or for an environment.
42
Chef
43
Chef
13. Chef Chef-Client as Daemon
Running Chef-Client as daemon helps in knowing the state of all the nodes at any point of
time. This help in running the Chef-Client at any point of time.
Pre-requisites
The node should be registered with Chef server and it should be running Chef-Client
without any error.
In the above code, i enables to run the Chef-Client in daemon mode on the required
node and 1800 seconds define that the Chef-Client daemon should run in every 30
minutes.
The above command will grep the running daemon process of Chef-Client.
Other Ways
Instead of running Chef-Client as a daemon, we can run the same as a cron job.
44
Chef
14. Chef Chef-Shell
Writing Chef cookbooks is always hard. It makes it even harder because of long feedback
cycle of uploading them to the Chef server, provisioning a vagrant VM, checking how they
failed there, rinsing and repeating. It would be easier if we could try to test some pieces
or recipes before we do all this heavy lifting at once.
Chef comes with Chef-Shell, which is essentially an interactive Ruby session with Chef. In
the Chef-Shell, we can create -
Attributes
Write Recipes
Initializing Chef runs
It is used to evaluate parts of recipes on the fly, before uploading them to Chef server and
execute complete cookbooks on the node.
Running Shell
Step 1: Run Chef-Shell in a standalone mode.
mma@laptop:~/chef-repo $ chef-shell
loading configuration: none (standalone chef-shell session)
Session type: standalone
Loading...[2017-01-12T20:48:01+01:00] INFO: Run List is []
[2017-01-12T20:48:01+01:00] INFO: Run List expands to []
done.
This is chef-shell, the Chef Shell.
Chef Version: 11.0.0
http://www.opscode.com/chef
http://wiki.opscode.com/display/chef/Home
run `help' for help, `exit' or ^D to quit.
Ohai2u mma@laptop!
chef >
45
Chef
chef:recipe >
46
Chef
Step 6: Commence Chef run to create the file with the given content.
How it Works
Chef-Shell starts with an Interactive Ruby (IRB) session enhanced with some
specific features.
We can run Chef-Shell in three different modes: Standalone mode, Client mode, and
Solo mode.
Standalone mode It is the default mode. No cookbooks are loaded, and the
run-list is empty.
47
Chef
15. Chef Testing Cookbooks
In case the cookbook is directly deployed and run on the production server, there are high
chances that the cookbook can break up in production. The best way to prevent this from
happening is, testing the cookbook in the setup environment.
Step 2: Run the knife cookbook test commands on the working cookbook.
48
Chef
Working Method
Knife cookbook test executes a Ruby syntax check on all the Ruby files within the cookbook
as well as all ERB templates. It loops through Ruby files and runs Ruby c against each of
them. Ruby c checks the syntax of the script and quits without running it.
After going through all the Ruby files, knife cookbook test goes through all ERB templates
and pipes, the redundant version created by x through Ruby c.
Limitations
Knife cookbook test does only a simple syntax check on the Ruby files and ERB templates.
We can go ahead fully test driven by using ChefSpec and test kitchen.
49
Chef
16. Chef Foodcritic
Writing good cookbooks without any issue is quite a difficult task. But there are ways which
can help in identifying the pitfalls. Flagging in Chef Cookbook is possible. Foodcritic is one
of the best way of archiving it, which tries to identify possible issues with the logic and
style of cookbooks.
Foodcritic Setup
Step 1: Add Foodcritic gem.
Foodcritic Gem
Step 1: Run Foodcritic on the cookbook.
50
Chef
cookbooks/<Cookbook Name>/recipes/client.rb
FC007: Ensure recipe dependencies are reflected in cookbook
metadata
40| end
41|when "mac_os_x"
42| include_recipe 'homebrew'
43|end
44|
Working Method
Foodcritic defines a set of rules and checks recipe agents, each one of them. It comes with
multiple rules concerning various areas: styles, connectedness, attributes, string,
probability, search, services, files, metadata, and so on.
51
Chef
17. Chef ChefSpec
Test Driven Development (TDD) is a way to write unit test before writing any actual
recipe code. The test should be real and should validate what a recipe does. It should
actually fail as there was no recipe developed. Once the recipe is developed, the test
should pass.
ChefSpec is built on the popular RSpec framework and offers a tailored syntax for testing
Chef recipe.
Creating ChefSpec
Step 1: Create a gem file containing the chefSpec gem.
vipin@laptop:~/chef-repo $ subl
cookbooks/my_cookbook/spec/default_spec.rb
require 'chefspec'
describe 'my_cookbook::default' do
let(:chef_run) {
ChefSpec::ChefRunner.new(
platform:'ubuntu', version:'12.04'
).converge(described_recipe)
}
52
Chef
Failed examples:
rspec ./cookbooks/my_cookbook/spec/default_spec.rb:10 # my_
cookbook::default creates a greetings file, containing the
platform name
53
Chef
How It Works
In order to make it work, we need to first set up the base infrastructure for using RSpec
with Chef. Then we need to ChefSpec Ruby gem and the cookbook needs a directory called
spec where all the tests will be saved.
54
Chef
18. Chef Testing Cookbook with Test Kitchen
Test kitchen is Chefs integration testing framework. It enables writing tests, which run
after VM is instantiated and converged using the cookbook. The tests run on VM and can
verify that everything works as expected.
This is node contract to ChefSpec, which only simulates a Chef run. Test Kitchen boots up
a real node and runs Chef on it.
Setting Up
In order to do this, we need to have Vagrant installed on the machine which helps in
managing a virtual machine. Then we need to have bookshelf installed and hooked with
Vagrant in order to manage cookbook dependencies.
55
Chef
platforms:
- name: ubuntu-12.04
driver_config:
box: opscode-ubuntu-12.04
box_url: https://opscode-vm.s3.amazonaws.com/vagrant/opscode_ubuntu-
12.04_provisionerless.box
suites:
- name: default
run_list:
- recipe[minitest-handler]
- recipe[my_cookbook_test]
attributes: { my_cookbook: { greeting: 'Ohai, Minitest!'} }
vipin@laptop:~/chef-repo/cookbooks/my_cookbook $ subl
test/cookbooks/my_cookbook_test/recipes/default.rb
include_recipe 'my_cookbook::default'
56
Chef
vipin@laptop:~/chef-repo/cookbooks/my_cookbook $ mkdir -p
test/cookbooks/my_cookbook_test/files/default/tests/minitest
vipin@laptop:~/chef-repo/cookbooks/my_cookbook $ subl
test/cookbooks/my_cookbook_test/files/default/tests/
minitest/default_test.rb
require 'minitest/spec'
describe_recipe 'my_cookbook::default' do
describe "greeting file" do
it "creates the greeting file" do
file("/tmp/greeting.txt").must_exist
end
57
Chef
58
Chef
19. Chef Nodes
Knife preflight shows details about all the nodes which uses a certain cookbook before
uploading it to Chef server.
Getting Started
In order to get started, we need to have knife-preflight gem installed.
Working Method
Run knife-preflight on the given cookbook.
We can run the preflight command to find out which nodes and roles have the given
cookbook in their expanded run lists.
59
Chef
There are multiple ways for a cookbook to get executed on the node.
You can assign the cookbook directly to a node by adding it to the node's run list.
You can add a cookbook to the role and add the role to the node's run list.
You can add the role to the run list of another role and add that other role to the
node's run list.
No matter how a cookbook ends up in a node's run list, the knife preflight command will
catch it as Chef stores all expanded lists of roles and recipes in node attributes. The knife
preflight command issues a search for exactly those node attributes.
60
Chef
20. Chef Chef-Client Run
In order to test Chef-Client run, we need to have Chef-Client configured to use the hosted
Chef or own hosted server.
61
Chef
62
Chef
8: #
9>> nil.each {}
10:
63
Chef
Advanced Chef
64
21. Chef Dynamically Configuring Recipes Chef
Attributes are the key components for dynamically configuring cookbooks. Attributes
enable the authors to make the cookbook configurable. By overriding default values set in
cookbooks, the user can inject their own values.
Step 1: Create a default file for cookbook attributes and add a default attribute to it.
Working Method
Chef loads all attributes from the attribute file before it executes them. The attributes are
stored with the node object. One can access all the attributes stored with the node object
within recipes and retrieve their current values.
Chef has a restricted structure starting from the default being the lowest, then comes
normal (which is aliased with the set) and then overrides. The attribute level set in the
recipe has precedence over the same level set in an attribute file.
65
Chef
66
Chef
22. Chef Templates
In Infrastructure, configuration management is all about how well one configures the
hosts. In general, all the configurations are done using the configuration files. Chef uses
templates to be able to fill the configuration file with dynamic values.
Chef provides templates as a resource which can be used in the recipe. Configuration files
dynamic values can be retrieved from data bags, attributes or even calculate them by
passing them into the template.
template '/tmp/message' do
source 'Test.erb'
variables(
hi: 'Tesing',
world: 'Welt',
from: node['fqdn']
)
end
67
Chef
Workflow
Chef uses Erubis as its template language. It allows embedding pure Ruby code inside
special symbols in the templates.
<%= %> is used if you want to print the value of a variable or Ruby expression
into the generated file.
<%- %> is used if you want to embed Ruby logic into your template file. We use
it to loop our expression four times.
68
Chef
23. Chef Plain Ruby With Chef DSL
In Chef, if one needs to create simple recipes one can use resources available in Chef,
such as templates, remote_file, and services. However as the recipes become elaborate,
one needs advanced techniques, such as conditional statements to execute parts of the
recipe on condition. This is the power of mixing plain Ruby with Chef Domain Specific
Language (DSL).
69
Chef
Install multiple Ruby gems using an array, a loop, and string expansion to construct the
gem names.
Working Method
Chef recipes are Ruby files, which gets evaluated in the context of Chef run. They can
contain plain Ruby code such as if statement and loops as well as Chef DSL elements such
as resources.
Inside the recipe, one can simply declare Ruby variables and assign values to it.
70
Chef
24. Chef Ruby Gems with Recipes
Recipes are the key building blocks of cookbook which is basically Ruby code. It is possible
to use all of the Ruby language features inside the Chef recipe. Most of the time Ruby build
in functionality is enough but sometimes one might need to use additional Ruby gems. For
example, if one needs to access MySQL database from the recipe itself.
Chef recipe has the capability to get the required Ruby gems in order to use them inside
the very same recipe.
vipin@laptop:~/chef-repo $ subl
cookbooks/my_cookbook/recipes/default.rb
chef_gem 'ipaddress'
require 'ipaddress'
ip = IPAddress("192.168.0.1/24")
Chef::Log.info("Netmask of #{ip}: #{ip.netmask}")
Working Method
Chef run steps consist of the compilation phase, where it compiles all the resources and
an execution phase where Chef runs the resource providers to converge the node to the
desired state. If one needs any particular Ruby gem inside the cookbook, one needs to
install the gem during the complication phase.
The chef_gem resource will exactly do the same, and in Chef, Omnibus is the only way to
work. Its main function is to make gems available to Chef itself.
71
Chef
25. Chef Libraries
Libraries in Chef provides a place to encapsulate compiled logic so that the cookbook
recipes remain neat and clean.
72
Chef
Working Method
Chef library code can open the chef::Recipe class and add new methods as done in Step
1. This step is not the cleanest but the simplest way of doing it.
class Chef::Recipe
def netmask(ipaddress)
...
end
end
Best Practices
Once we open the chef::recipe class, there are changes that it gets polluted. As a best
practice, it is always a better way to introduce a new sub class inside the library and define
a method as class method. This avoids pulling the chef::recipe namespace.
IPAddress.netmask(ip)
73
Chef
26. Chef Definition
Definition can be defined as a logical method of grouping resources, which are used again
and again. In this flow, we group the resources and give them a name to regain readability
of defined cookbooks.
In order to do this, we should have a recipe. In this case, we are using test_cookbook and
a run list of nodes, which includes the cookbook.
Creating a Definition
Step 1: Create a new definition file in the cookbooks definition folder.
74
Chef
Definition in cookbooks are like micros, which group the resources and give them a name.
A definition has a name by which one can tell them from which can be called inside the
recipe and it has a list of perimeters.
In the definition, we have parameters which in our code looks like the following.
..
directory "#{params[:deploy_to]}/releases"
directory "#{params[:deploy_to]}/shared"
directory "#{params[:deploy_to]}/shared/system
capistrano_deploy_dirs do
deploy_to "/srv"`
end
75
Chef
27. Chef Environment Variable
Environment variable is a key way to make Chef recipe run on any particular node
successfully. There are multiple ways of doing it, either manually setting them up or by
using a Shell script. Setting them via recipe is what we need to perform here.
To do this, we need to have a cookbook here we would use test_cookbook and a run list
which contains test_cookbook.
76
Chef
Validating Variable
user@server:~$ cat /tmp/message
Hello from Chef
Working Method
Ruby exposes the current environment variable via ENV a hash to read and modify the
environment variable.
Execute Resource
We can use execute resource to do the same inside the Chef default recipe of cookbook.
Note: Setting an environment variable using ENV will make that variable available during
the whole Chef run. In contrast, passing it to the execute resource will only make it
available for that one command executed by the resource.
77
Chef
28. Chef Data Bags
Chef data bags can be defined as an arbitrary collection of data which one can use with
cookbooks. Using data bags is very helpful when one does not wish to hardcode attributes
in recipes nor to store attributes in cookbooks.
Working Method
In the following setup, we are trying to communicate to http endpoint URL. For this, we
need to create a data bag, which will hold the endpoint URL detail and use it in our recipe.
Step 2: Create a data bag item for request bin. One needs to make sure one is using a
defined requestBin URL.
Step 5: Update the default recipe of the cookbook to receive the required cookbook from
a data bag.
78
Chef
Step 7: Run the Chef client on the node to check if the http request bin gets executed.
How it Works
Data bag is a named collection of structure data entries. One needs to define data entry
and call the data bag item in JSON file. One can also search for data bag item from within
the recipes to use the data stored in the data bags.
We created a data bag called hooks. A data bag is a directory within Chef repository. We
used knife to create it on the server.
79
Chef
29. Chef Scripts for Data Bags
In certain conditions, it is not possible to put the server under the full control of Chef. In
such cases, one might need to access values in Chef data bags from scripts. In order to
do this, one needs to store data bag values in a JSON file and let the added script access
those values.
For this, one needs to have a cookbook. In our case we would use test_cookbook as earlier
and should have the run list of the node including test_cookbook definition in it.
Working Method
Step 1: Create a data bag.
Using in Cookbook
Step 1: Need to create a JSON file containing data bag values using the above cookbook
so that external scripts can access those values.
80
Chef
group "root"
mode 0644
content data_bag_item('servers', 'backup')['host'].to_json
end
81
Chef
Workflow of Scripts
In the above command, the file resource that we have used which creates JSON file inside
the /etc directory is defined in the default cookbook. It gets the file content directly from
the data bag using the data_bag_item method. We access the host values from the data
bag item and convert it to JSON. The file resource uses the JSON-converted values as its
content and writes it to the disk.
82
Chef
30. Chef Cross-Platform Cookbooks
In order to do this, we need to have a cookbook. In our case it will be test_cookbook and
a run list which will have the cookbook definition in it.
Working Method
Retrieving the nodes platform detail and executing the conditional logic in our cookbook
depends on the platform. In our case, we will test it for Ubuntu.
Alternatively, if one is not interested in a specific platform but only needs to know which
declarative one is using, the following statement can be used.
Uploading the modified cookbook and running Chef client on Ubuntu node will show the
following result.
83
Chef
Workflow of Scripts
In the above command, Ohai will discover the current status of the nodes operating
system and store it as a platform attribute with the node object.
node['platform']
node.platform
Example cookbook
execute "start-runsvdir" do
command value_for_platform(
"debian" => { "default" => "runsvdir-start" },
"ubuntu" => { "default" => "start runsvdir" },
"gentoo" => { "default" => "/etc/init.d/runit-start start" }
)
action :nothing
end
84
Chef
31. Chef Resources
Chef resource represents a piece of the operating system at its desired state. It is a
statement of configuration policy that describes the desired state of a node to which one
wants to take the current configuration to using resource providers. It helps in knowing
the current status of the target machine using the Ohai mechanism of Chef. It also helps
in defining the steps required to perform to get the target machine to that state. The
resources are grouped in recipes which describes the working configuration.
In case of Chef, chef::Platform maps the providers and platform versions of each node. At
the beginning of every Chef-client run, Chef server collects the details of any machines
current state. Later, Chef server uses those values to identify the correct provider.
Resource Syntax
type 'name' do
attribute 'value'
action :type_of_action
end
In the above syntax, type is the resource type and name is the name that we are going
to use. In the do and end block, we have the attribute of that resource and the action
that we need to take for that particular resource.
Every resource that we use in the recipe has its own set of actions, which is defined inside
the do and end block.
Example
type 'name' do
attribute 'value'
action :type_of_action
end
85
Chef
Available Resources
apt_package
Use the apt_package resource to manage packages for the Debian and Ubuntu platforms.
Bash
Use the bash resource to execute scripts using the Bash interpreter. This resource may
also use any of the actions and properties that are available to the execute resource.
Commands that are executed with this resource are (by their nature) not idempotent, as
86
Chef
they are typically unique to the environment in which they are run. Use not_if and only_if
to guard this resource for idempotence.
Batch
Use the batch resource to execute a batch script using the cmd.exe interpreter. The batch
resource creates and executes a temporary file (similar to how the script resource
behaves), rather than running the command inline.
This resource inherits actions (:run and :nothing) and properties (creates, cwd,
environment, group, path, timeout, and user) from the execute resource. Commands that
are executed with this resource are (by their nature) not idempotent, as they are typically
unique to the environment in which they are run. Use not_if and only_if to guard this
resource for idempotence.
bff_package
Use the bff_package resource to manage packages for the AIX platform using the
installp utility. When a package is installed from a local file, it must be added to the node
using the remote_file or cookbook_file resources.
chef_gem
Use the chef_gem resource to install a gem only for the instance of Ruby that is dedicated
to the Chef-Client. When a gem is installed from a local file, it must be added to the node
using the remote_file or cookbook_file resources.
The chef_gem resource works with all of the same properties and options as the
gem_package resource, but does not accept the gem_binary property because it always
uses the CurrentGemEnvironment under which the Chef-Client is running. In addition to
performing actions similar to the gem_package resource, the chef_gem resource does
the above.
cookbook_file
Use the cookbook_file resource to transfer files from a sub-directory of
COOKBOOK_NAME/files/ to a specified path located on a host that is running the Chef-
Client.
The file is selected according to file specificity, which allows different source files to be
used based on the hostname, host platform (operating system, distro, or as appropriate),
or platform version. Files that are located in the COOKBOOK_NAME/files/default sub-
directory may be used on any platform.
Cron
Use the cron resource to manage cron entries for time-based job scheduling. Properties
for a schedule will default to * if not provided. The cron resource requires access to a
crontab program, typically cron.
87
Chef
Csh
Use the csh resource to execute scripts using the csh interpreter. This resource may also
use any of the actions and properties that are available to the execute resource.
Commands that are executed with this resource are (by their nature) not idempotent, as
they are typically unique to the environment in which they are run. Use not_if and only_if
to guard this resource for idempotence.
Deploy
Use the deploy resource to manage and control deployments. This is a popular resource,
but is also complex, having the most properties, multiple providers, the added complexity
of callbacks, plus four attributes that support layout modifications from within a recipe.
Directory
Use the directory resource to manage a directory, which is a hierarchy of folders that
comprises all of the information stored on a computer. The root directory is the top-level,
under which the rest of the directory is organized.
The directory resource uses the name property to specify the path to a location in a
directory. Typically, permission to access that location in the directory is required.
dpkg_package
Use the dpkg_package resource to manage packages for the dpkg platform. When a
package is installed from a local file, it must be added to the node using the remote_file
or cookbook_file resources.
easy_install_package
Use the easy_install_package resource to manage packages for the Python platform.
Env
Use the env resource to manage environment keys in Microsoft Windows. After an
environment key is set, Microsoft Windows must be restarted before the environment key
is available to the Task Scheduler.
erl_call
Use the erl_call resource to connect to a node located within a distributed Erlang system.
Commands that are executed with this resource are (by their nature) not idempotent, as
they are typically unique to the environment in which they are run. Use not_if and only_if
to guard this resource for idempotence.
88
Chef
Execute
Use the execute resource to execute a single command. Commands that are executed
with this resource are (by their nature) not idempotent, as they are typically unique to the
environment in which they are run. Use not_if and only_if to guard this resource for
idempotence.
File
Use the file resource to manage the files directly on a node.
freebsd_package
Use the freebsd_package resource to manage packages for the FreeBSD platform.
gem_package
Use the gem_package resource to manage gem packages that are only included in
recipes. When a package is installed from a local file, it must be added to the node using
the remote_file or cookbook_file resources.
Git
Use the git resource to manage source control resources that exist in a git repository. git
version 1.6.5 (or higher) is required to use all of the functionality in the git resource.
Group
Use the group resource to manage a local group.
homebrew_package
Use the homebrew_package resource to manage packages for the Mac OS X platform.
http_request
Use the http_request resource to send an HTTP request (GET, PUT, POST, DELETE,
HEAD, or OPTIONS) with an arbitrary message. This resource is often useful when custom
callbacks are necessary.
Ifconfig
Use the ifconfig resource to manage interfaces.
ips_package
Use the ips_package resource to manage packages (using Image Packaging System
(IPS)) on the Solaris 11 platform.
89
Chef
Ksh
Use the ksh resource to execute scripts using the Korn shell (ksh) interpreter. This
resource may also use any of the actions and properties that are available to the execute
resource.
Commands that are executed with this resource are (by their nature) not idempotent, as
they are typically unique to the environment in which they are run. Use not_if and only_if
to guard this resource for idempotence.
Link
Use the link resource to create symbolic or hard links.
Log
Use the log resource to create log entries. The log resource behaves like any other
resource: built into the resource collection during the compile phase, and then run during
the execution phase. (To create a log entry that is not built into the resource collection,
use Chef::Log instead of the log resource)
macports_package
Use the macports_package resource to manage packages for the Mac OS X platform.
Mdadm
Use the mdadm resource to manage RAID devices in a Linux environment using the
mdadm utility. The mdadm provider will create and assemble an array, but it will not
create the config file that is used to persist the array upon reboot.
If the config file is required, it must be done by specifying a template with the correct
array layout, and then by using the mount provider to create a file systems table (fstab)
entry.
Mount
Use the mount resource to manage a mounted file system.
Ohai
Use the ohai resource to reload the Ohai configuration on a node. This allows recipes that
change system attributes (like a recipe that adds a user) to refer to those attributes later
on during the chef-client run.
Package
Use the package resource to manage packages. When the package is installed from a
local file (such as with RubyGems, dpkg, or RPM Package Manager), the file must be added
to the node using the remote_file or cookbook_file resources.
90
Chef
pacman_package
Use the pacman_package resource to manage packages (using pacman) on the Arch
Linux platform.
powershell_script
Use the powershell_script resource to execute a script using the Windows PowerShell
interpreter, much like how the script and script-based resourcesbash, csh, perl, python,
and rubyare used. The powershell_script is specific to the Microsoft Windows platform
and the Windows PowerShell interpreter.
Python
Use the python resource to execute scripts using the Python interpreter. This resource
may also use any of the actions and properties that are available to the execute resource.
Commands that are executed with this resource are (by their nature) not idempotent, as
they are typically unique to the environment in which they are run. Use not_if and only_if
to guard this resource for idempotence.
Reboot
Use the reboot resource to reboot a node, a necessary step with some installations on
certain platforms. This resource is supported for use on the Microsoft Windows, Mac OS X,
and Linux platforms.
registry_key
Use the registry_key resource to create and delete registry keys in Microsoft Windows.
remote_directory
Use the remote_directory resource to incrementally transfer a directory from a cookbook
to a node. The directory that is copied from the cookbook should be located under
COOKBOOK_NAME/files/default/REMOTE_DIRECTORY.
remote_file
Use the remote_file resource to transfer a file from a remote location using file specificity.
This resource is similar to the file resource.
Route
Use the route resource to manage the system routing table in a Linux environment.
91
Chef
rpm_package
Use the rpm_package resource to manage packages for the RPM Package Manager
platform.
Ruby
Use the ruby resource to execute scripts using the Ruby interpreter. This resource may
also use any of the actions and properties that are available to the execute resource.
Commands that are executed with this resource are (by their nature) not idempotent, as
they are typically unique to the environment in which they are run. Use not_if and only_if
to guard this resource for idempotence.
ruby_block
Use the ruby_block resource to execute Ruby code during a Chef-Client run. Ruby code
in the ruby_block resource is evaluated with other resources during convergence, whereas
Ruby code outside of a ruby_block resource is evaluated before other resources, as the
recipe is compiled.
Script
Use the script resource to execute scripts using a specified interpreter, such as Bash, csh,
Perl, Python, or Ruby. This resource may also use any of the actions and properties that
are available to the execute resource.
Commands that are executed with this resource are (by their nature) not idempotent, as
they are typically unique to the environment in which they are run. Use not_if and only_if
to guard this resource for idempotence.
Service
Use the service resource to manage a service.
smart_os_package
Use the smartos_package resource to manage packages for the SmartOS platform.
solaris_package
The solaris_package resource is used to manage packages for the Solaris platform.
Subversion
Use the subversion resource to manage source control resources that exist in a
Subversion repository.
92
Chef
Template
Use the template resource to manage the contents of a file using an Embedded Ruby
(ERB) template by transferring files from a sub-directory of COOKBOOK_NAME/templates/
to a specified path located on a host that is running the Chef-Client. This resource includes
actions and properties from the file resource. Template files managed by the template
resource follow the same file specificity rules as the remote_file and file resources.
User
Use the user resource to add users, update existing users, remove users, and to
lock/unlock user passwords.
windows_package
Use the windows_package resource to manage Microsoft Installer Package (MSI)
packages for the Microsoft Windows platform.
windows_service
Use the windows_service resource to manage a service on the Microsoft Windows
platform.
yum_package
Use the yum_package resource to install, upgrade, and remove packages with Yum for
the Red Hat and CentOS platforms. The yum_package resource is able to resolve provides
data for packages much like Yum can do when it is run from the command line. This allows
a variety of options for installing packages, like minimum versions, virtual provides, and
library names.
93
Chef
32. Chef Lightweight Resource Provider
By creating custom resources one can simply write cookbooks because one can own
enriched custom resources using Chef DSL which helps in making the recipe code more
expressive.
In Chef community, many of the custom resources are implemented using LWRPs. There
are many working examples of LWRP such as iptables_rules and apt_repository.
Working Method
Make sure one has cookbook name Testing_resource and a run_list of node which contains
Testing_resource cookbook.
Building LWRP
Step 1: Create a custom resource in Testing_resource cookbook.
action :remove do
Chef::Log.info "Removing '#{new_resource.name}' greeting #{new_resource.path}"
file new_resource.path do
94
Chef
action :delete
end
end
95
Chef
Workflow Scripts
LWRPs live in cookbooks. A custom resource lives inside the cookbooks, and will be
available under the cookbook name. In the workflow, first we define the definitions and
then pass the attributes to the resources which is going to be used in the cookbook. Finally,
we use those actions and attributes in our recipe.
96
Chef
33. Chef Blueprints
In Chef, blueprints are the tools to find out and record exactly what is present on the
server. Blueprints record all the things required such as directors, packages, configuration
files, and so on. Blueprints have the capability to split server information in various
formats. One of them is Chef recipe. This helps to configure unique server using Chef.
Working Method
We need to have Python and Git installed on the node where we need to run the blueprint.
97
Chef
Workflow Script
Blueprint is a Python package that finds out all the relevant configuration data of the server
and stores it in a Git repo. Each blueprint has its own name.
One can ask the blueprint to show the content of its Git repo in various formants.
98
Chef
user@server:~$ ls -l internal-cookbook /
total 8
drwxrwxr-x 3 vagrant vagrant 4096 Jun 28 06:01 files
-rw-rw-r-- 1 vagrant vagrant 0 Jun 28 06:01 metadata.rb
drwxrwxr-x 2 vagrant vagrant 4096 Jun 28 06:01 recipes
The preceding command shows all kinds of installed packages. Other show commands are
as follows:
show-files
show-services
show-sources
99
Chef
34. Chef Files & Packages
In Chef, creating configuration files and moving packages are the key components. There
are multiple ways how Chef manages the same. There are multiple ways how Chef
supports in dealing with the files and software packages.
Step 4: Validate that the package you are trying to install, is not yet installed.
100
Chef
101
Chef
35. Chef Community Cookbooks
Community cookbooks are similar to any other cookbook. The only reason it is called
community cookbook is because anyone who knows to write cookbooks can join this
community and upload their cookbooks to the centralized hub. These cookbooks are
available for free and anyone can download and use it. In order to use these community
cookbooks, one needs to download them, modify them as per the requirement, and upload
them to their respective Chef server.
One needs to have knife configured on their system in order to update, upload, and
download the cookbooks. Interact with cookbooks using the knife cookbook commands.
With knife cookbook, you can create, delete, show, list, download, and upload cookbooks.
Read the knife cookbook commands documentation for more information in Chapter 7.
102