DevOps Classroom Series – 30/Jan/2021
Chef Server
- For Chef Server Installation Refer Here
- Ensure you have a valid chef repo and bootstrap multiple nodes (4)
- Now bootstrap nodes by executing
knife node bootstrap
- If you dont want to bootstrap manually you can bootstrap by chef unattended bootstrap Refer Here
- Scenario lets create nodes which have the following purpose
- On Appservers we need to install
- java
- tomcat
- On WebServer we need to install
- lamp
- On db server we need to install mysql
- Lets bootstrap all the nodes
- Now lets write a cookbook to install tomcat server and java on app servers
- Refer Here for the changeset
- Lets create one more cookbook which installs utilities
- Refer Here for the changeset
- Now we would like to run java installation and utilities installation on app servers. We need to create a run_list for every node
- In chef to manage run_lists on nodes we have reusable concept called as roles. Refer Here
- Now lets create a role called as appserver and in the role lets try to add these two recipes
ltutils[utils],lttomcat[installation]
- We can create role from ui and also from chef-repo. IN the chef-repo\roles create an .rb file with your role name
- For creating a role file Refer Here
- Now lets upload role to the chef server using
knife role from file
- Now consider this scenario, IN the appserver on production environment we need to execute java 8, and in qa environment we need to install java 11
- For both the cookbooks we have new versions
- In chef we have concept called as environment where we can put restrictions on which version of cookbook should be uploaded, By default on chef servers we have _default environment.
- Now lets create two environments Refer Here for knife command line and Refer Here for environments documentation
- In QA environment
- Now lets upload new version to chef server
- Now lets run the chef-client in prod
Attributes in Chef
- In Chef attributes can be defined in
- recipes
node.default['qttomcatserver']['version']='1.0.0'
- attribute files
- environment files
- roles files
- recipes
- Every attribute in chef has types. the types are
- default
- force_default
- normal
- override
- force_override
- automatic (Can be applied only by chef internally not by us)
- Since attribute has types and multiple places where it can be defined, which attribute will be applied if it is defined at more than one place
- For this chef has a priority table. Refer Here
- During chef convergance if there is an attribute defined at multiple locations then chef will find the weight by looking into
- Whatever has the higher weight will be applied on the node.
- All the attributes collected by ohai will be of type automatic
- By default the chef convergance value is 30 mins. How can we change it
- Refer Here
- Refer Here for the changeset
- If you automatically want to converge like cron job use the custom resource
chef_client_cron
- Handling sensitive data as plain text is not secure
- To handle sensitive data chef has a concept called as data bags Refer Here
- Create a databag
- Lets upload data bag item
- Lets view contents of databag on chef server
- Now we can encrypt the databag contents using secret text or secret file.
- In this case i will be using secret text
- In the chef server the data bag item is encrypted but in local file it is still un encrypted
- Refer Here
Exercises:
- Write a chef cookbook to deploy nop commerce Refer Here
- Write a chef cookbook to deploy openmrs Refer Here