This repo was put together to demonstate using Chef-DK with chef-provisioning and chef-zero for standalone deployment w/o an actual Chef server.
Every Chef installation needs a Chef Repository. This is the place where cookbooks, roles, config files and other artifacts for managing systems with Chef will live. We strongly recommend storing this repository in a version control system such as Git and treat it like source code.
CAVEAT: This repo hasn't been tested for fitness, so it may empty your fridge of all food and thereafter harass a kitten.
First, install the Chef Development Kit. https://downloads.chef.io/chef-dk/
Second, set your PATH (i.e. via ~/.profile) to use ruby, gem, etc from Chef DK. (There are ways of doing this more elegantly, this is just for demo.)
export PATH="/opt/chefdk/bin:/opt/chefdk/embedded/bin:~/.chefdk/gem/ruby/2.1.0/bin:$PATH"
Third, clone this repo and update the cookbook_path parameter in .chef/knife.rb. Chef DK doesn't appear to handle relative paths very nicely yet.
git clone https://github.com/westbywest/chef-dk-repo.git
cd chef-dk-repo
vi .chef/knife.rb
Specifically, this parameter:
cookbook_path ["#{ENV['HOME']}/Documents/chef-dk-repo/cookbooks",
"#{ENV['HOME']}/Documents/chef-dk-repo/berks-cookbooks"]
Fourth, install related gems and 3rd-party cookbooks.
bundle install
berks vendor
Fifth, TBD, but you're probably on your own from here to sort out how nodes are bootstrapped, depending on whether you use AWS, XenServer, bare metal, etc. The chef-provisioning gem supports several environments. Also, example kickstart files are provided under ./kickstart. Additionally, you will need to put a private RSA key at ./chef/chef_user.pem, corresponding to a sudo-capable "chef" user already baked into your machines. Likewise, that user's public RSA key will also need to be in the data_bags/users/chef.json item.
Sixth, update/add custom cookbooks, roles, environments, data bags, and machine definitions.
Seventh, and again depending on where your machines live (AWS, XenServer, bare metal), launch chef-zero to provision nodes.
chef-client -z machines/frontend.rb
TODO:
- encrypted data bags
- search by node name inside recipes
This repository contains several directories, and each directory contains a README file that describes what it is for in greater detail, and how to use it for managing your systems with Chef.
certificates/
- SSL certificates generated byrake ssl_cert
live here.config/
- Contains the Rake configuration file,rake.rb
.cookbooks/
- Custom cookbooks you download or create.berks-cookbooks/
- 3rd-party cookbooks vendored in by Berkshelf, not stored in the repository.data_bags/
- Store data bags and items in .json in the repository.environments/
- Store environments in .json in the repository.kickstart/
- Demostation Kickstart files.machines/
- Store machine definitions in .rb, to be used by chef-zero.roles/
- Store roles in .json in the repository. Note that roles in .rb don't appear to work with chef-zero.
The repository contains a Rakefile
that includes tasks that are installed with the Chef libraries. To view the tasks available with in the
repository with a brief description, run rake -T
.
The default task (default
) is run when executing rake
with no arguments. It will call the task test_cookbooks
.
The following tasks are not directly replaced by knife sub-commands.
bundle_cookbook[cookbook]
- Creates cookbook tarballs in thepkgs/
dir.install
- Callsupdate
,roles
andupload_cookbooks
Rake tasks.ssl_cert
- Create self-signed SSL certificates incertificates/
dir.update
- Update the repository from source control server, understands git and svn.
The following tasks duplicate functionality from knife and may be removed in a future version of Chef.
metadata
- replaced byknife cookbook metadata -a
.new_cookbook
- replaced byknife cookbook create
.role[role_name]
- replaced byknife role from file
.roles
- iterates over the roles and uploads withknife role from file
.test_cookbooks
- replaced byknife cookbook test -a
.test_cookbook[cookbook]
- replaced byknife cookbook test COOKBOOK
.upload_cookbooks
- replaced byknife cookbook upload -a
.upload_cookbook[cookbook]
- replaced byknife cookbook upload COOKBOOK
.
The repository uses two configuration files.
- config/rake.rb
- .chef/knife.rb
The first, config/rake.rb
configures the Rakefile in two sections.
- Constants used in the
ssl_cert
task for creating the certificates. - Constants that set the directory locations used in various tasks.
If you use the ssl_cert
task, change the values in the config/rake.rb
file appropriately. These values were also used in the new_cookbook
task,
but that task is replaced by the knife cookbook create
command which can be configured below.
The second config file, .chef/knife.rb
is a repository specific configuration file for knife. If you're using the Opscode Platform, you can
download one for your organization from the management console. If you're using the Open Source Chef Server, you can generate a new one with knife configure
. For more information about configuring Knife, see the Knife documentation.
http://docs.chef.io/knife.html
Read the README file in each of the subdirectories for more information about what goes in those directories.