Workstation Objectives
Configuring our local tools (laptop or virtual)
§ Verify local git configuration
§ Configure berks to work with self signed SSL
certificates
Verify ChefDK Install
$ chef --version
Chef Development Kit Version: 0.6.2
chef-client version: 12.3.0
berks version: 3.2.4
kitchen version: 1.4.0
Install ChefDK
§ Install ChefDK (if you haven’t already)
§ https://downloads.chef.io/chef-dk/
− Download and install any version over 0.6.0
− We’re using 0.6.2 with no ill effects
What just happened?
§ We installed the Chef Development Kit package (RPM, Deb, MacOS
Image, or Windows MSI)
§ This package includes:
− Isolated Ruby install used by Chef
− knife
− chef-client
− ohai
− test-kitchen
− foodcritic
− rubocop
And more!
Verify ChefDK Install
$ chef --version
Verify ChefDK Install
$ ls –1 /opt/chefdk/bin
berks
chef
chef-apply
chef-client
chef-shell
chef-solo
chef-vault
foodcritic
kitchen
knife
ohai
rubocop
Checkpoint!
Now we need a Chef Server to work with…let’s create an Organization
CHEF SERVER
>>>>>>>>>>>>>>>>>>>> ADMINISTRATOR'S WORKSTATION
(knife)
Signup for your New Training Organization
http://<IP of Training Chef-Server>
Sign In
Username
Password
Sign
Create a new account. (Hint “Click here to get started”)
Create Organization
http://<IP of Training Chef-Server>
Full Name
Fisher's org
Short Name
fisher
Create Organization
Checkpoint!
Our Organization is now created! Let’s download the Starter Kit…
CHEF SERVER
Org
^
^
^
^ >>>>>>>>>
ADMINISTRATOR'S WORKSTATION
knife
Download the Starter Kit
http://<IP of Training Chef-Server>/organizations/<Your Org>
Chefserver > Administration > organization > Download Starter Kit
Unzip chef-starter.zip
§ Unzip chef-starter.zip into a clean directory
− Make sure this directory is outside your existing Gap chef repos
§ You will get a directory called chef-repo which contains:
− A simple chef repository with a starter cookbook and role
− Configuration files so we can manage our new Organization using Knife
Knife is the command-line utility for
managing our Chef Organization
§ Knife provides an API interface between a local Chef repository and
the Chef Server, and lets you manage:
− Nodes
− Cookbooks and Recipes
− Roles
− Data Bags
− Environments
We’ll be using knife to manage our Training Chef Organization, but in our
normal xxxx workflow we would use Source Control
Take a look inside the chef-repo
cd chef-repo; ls -al
total 16
drwxr-xr-x@ 7 jcook staff 238 Aug 9 15:04 .
drwx------+ 385 jcook staff 13090 Aug 9 15:04 ..
drwxr-xr-x@ 5 jcook staff 170 Aug 9 2015 .chef
-rw-r--r--@ 1 jcook staff 495 Aug 9 2015 .gitignore
-rw-r--r--@ 1 jcook staff 2341 Aug 9 2015 README.md
drwxr-xr-x@ 4 jcook staff 136 Aug 9 2015 cookbooks
drwxr-xr-x@ 3 jcook staff 102 Aug 9 2015 roles
What’s in the .chef directory
$ ls –al .chef
total 24
-rw-r--r--@ 1 jcook staff 1678 Aug 9 2015 dfisher-validator.pem
-rw-r--r--@ 1 jcook staff 1674 Aug 9 2015 dfisher.pem
-rw-r--r--@ 1 jcook staff 550 Aug 9 2015 knife.rb
What’s in the .chef directory
knife.rb – The configuration file for knife
§ dxxxxx.pem – User PEM used for authentication
§ Dxxxxx-validation.pem – Validator PEM used to bootstrap nodes into
your organization
knife.rb
§ Default location
− ~/.chef
− C:\Users\<You>\.chef (Windows)
§ Use a project specific configuration
− .chef of the current directory
− chef-repo/.chef (This is what we are using)
For more information check out:
https://docs.chef.io/config_rb_knife.html
Check out the .chef/knife.rb file
cat .chef/knife.rb
# See https://docs.getchef.com/config_rb_knife.html for more
information on knife configuration options
current_dir = File.dirname(__FILE__)
log_level :info
log_location STDOUT
node_name "dfisher”
client_key "#{current_dir}/dfisher.pem”
validation_client_name "dfisher-validator”
validation_key "#{current_dir}/dfisher-validator.pem”
chef_server_url
https://training-chef-server.gid.gap.com/organizations/dfisher
cookbook_path ["#{current_dir}/../cookbooks"]
Verify our knife configuration
knife client list
ERROR: SSL Validation failure connecting to host: training-chefserver.
gid.gap.com - SSL_connect returned=1 errno=0 state=SSLv3
read server certificate B: certificate verify failed
ERROR: Could not establish a secure connection to the server.
Use `knife ssl check` to troubleshoot your SSL configuration.
If your Chef Server uses a self-signed certificate, you can
use`knife ssl fetch` to make knife trust the server's certificates.
Original Exception: OpenSSL::SSL::SSLError: SSL_connect returned=1
errno=0 state=SSLv3 read server certificate B: certificate verify
failed
knife ssl fetch
Verify our knife configuration
knife client list
dfisher-validator
knife client list
§ Read the Chef Server URL from the knife.rb
§ Invoke HTTP GET to #{chef_server_url}/clients
§ Display the results to STDOUT
For more debugging information try knife with -VV
§ $ knife client list -VV
Knife handling tips
§ Knife commands (usually) follow the pattern
− knife
− NOUN ( client )
− VERB ( list )
§ You can get more info about knife commands using
− knife --help list
− knife help list
§ Or help about a specific topic by running
− knife NOUN help
Best Practices: Use a REAL IDE
§ Chef code is just like any other application code
§ Developers use an IDE that is designed for the task, so should we.
§ There are a variety of IDEs that might work including:
− Sublime
− Atom
− RubyMine
§ A good IDE will
− Show line numbers
− Highlight syntax
− Autocomplete commands
− Allow you to manipulate multiple file
Verify Berks and Git config
Configure Berks to work with self signed
SSL certificates
$ cat ~/.berkshelf/config.json
{
"ssl": { "verify": false }
}
Do you have a ~/.gitconfig file?
cat ~/.gitconfig
[user]
name = Dxxxxxxxxxxxxx
email = dxxxxxxxxxx@gmail.com
These values can be added with the following commands:
$ git config --global user.name "Dxxxxxxxxxxx”
$ git config --global user.email
dxxxxxxxx@gmail.com
Clone the Skeleton-Cookbook repo
git clone git@github.gapinc.dev:enterprise-management/skeleton-cookbook.git
The Skeleton-Cookbook repo
http://github.gapinc.dev/enterprise-management/skeleton-cookbook
No comments:
Post a Comment