Chef :17


DevOps Classroom Series – 30/Jan/2021

Chef Server

  • For Chef Server Installation Refer Here
  • Ensure you have a valid chef repo and bootstrap multiple nodes (4)
  • Now bootstrap nodes by executing knife node bootstrap
  • If you dont want to bootstrap manually you can bootstrap by chef unattended bootstrap Refer Here
  • Scenario lets create nodes which have the following purpose Preview
  • On Appservers we need to install
    • java
    • tomcat
  • On WebServer we need to install
    • lamp
  • On db server we need to install mysql
  • Lets bootstrap all the nodes Preview
  • Now lets write a cookbook to install tomcat server and java on app servers
  • Refer Here for the changeset
  • Lets create one more cookbook which installs utilities
  • Refer Here for the changeset
  • Now we would like to run java installation and utilities installation on app servers. We need to create a run_list for every node
  • In chef to manage run_lists on nodes we have reusable concept called as roles. Refer Here
  • Now lets create a role called as appserver and in the role lets try to add these two recipes ltutils[utils],lttomcat[installation]
  • We can create role from ui and also from chef-repo. IN the chef-repo\roles create an .rb file with your role name
  • For creating a role file Refer Here
  • Now lets upload role to the chef server using knife role from file Preview Preview Preview
  • Now consider this scenario, IN the appserver on production environment we need to execute java 8, and in qa environment we need to install java 11
  • For both the cookbooks we have new versions
  • In chef we have concept called as environment where we can put restrictions on which version of cookbook should be uploaded, By default on chef servers we have _default environment.
  • Now lets create two environments Refer Here for knife command line and Refer Here for environments documentation
  • In QA environment Preview
  • Now lets upload new version to chef server Preview
  • Now lets run the chef-client in prod Preview

Attributes in Chef

  • In Chef attributes can be defined in
    • recipes node.default['qttomcatserver']['version']='1.0.0'
    • attribute files
    • environment files
    • roles files
  • Every attribute in chef has types. the types are
    • default
    • force_default
    • normal
    • override
    • force_override
    • automatic (Can be applied only by chef internally not by us)
  • Since attribute has types and multiple places where it can be defined, which attribute will be applied if it is defined at more than one place
  • For this chef has a priority table. Refer Here
  • During chef convergance if there is an attribute defined at multiple locations then chef will find the weight by looking into Preview Preview
  • Whatever has the higher weight will be applied on the node.
  • All the attributes collected by ohai will be of type automatic
  • By default the chef convergance value is 30 mins. How can we change it
  • If you automatically want to converge like cron job use the custom resource chef_client_cron
  • Handling sensitive data as plain text is not secure Preview
  • To handle sensitive data chef has a concept called as data bags Refer Here
  • Create a databag Preview
  • Lets upload data bag item Preview
  • Lets view contents of databag on chef server Preview
  • Now we can encrypt the databag contents using secret text or secret file.
  • In this case i will be using secret text Preview Preview
  • In the chef server the data bag item is encrypted but in local file it is still un encrypted Preview Preview
  • Refer Here

Exercises:

  • Write a chef cookbook to deploy nop commerce Refer Here
  • Write a chef cookbook to deploy openmrs Refer Here