Resources and Recipes
CHAPTER 3
Chef Solo Version
TOPICS
-
Resource DSL
-
Recipes
-
chef-client
-
Idempotence
-
Execute Resource
Resources
Chef looks at your infrastructure as a collection of entities
package
file
network interface
service
cronjob
cronjob
user
directory
Resources
these entities can then be described using resources.
Ruby DSL
( Domain specific language)
which are written using
resources are statements of configuration policy
Resources
Chef then translates these resources
package
yum
apt
zypper
into providers
which are platform specific procedures
DSL
user
'devops'
do
end
action
:create
uid
gid
home
shell
'5001'
'5001'
'/home/devops'
'/bin/bash'
type
name
properties
Finding resources
how do i know which resources to use with what actions and properties?
RECIPES
-
recipes are files which contain collection of resources
-
written to achieve a specific objective
-
have .rb extension
-
resources in a recipe are always applied in serial order
user 'www-data' do
comment 'web admin'
uid '1004'
gid 'www-data'
shell '/bin/sh'
end
package 'httpd' do
action :install
enf
service 'httpd' do
action [:enable, :start]
end
writing our first recipe
Group exercise
-
tree
-
git
-
ntp
Create user
- deploy
Install Packages
Lets create a recipe base.rb with following resource specifications
Remove user
- dojo
Add file /etc/motd
with content
"Property of XYZ"
-
wget
-
unzip
Start service
- ntp
approach
Group exercise
-
Find out the chef resource required to manage the entity
-
Find out the relevant actions and properties
-
Create a recipe and apply
Writing first resource
recipe
Group exercise
file: base.rb
user 'deploy' do
uid 5001
home '/home/deploy'
action :create
password '$1$Ze1eJK3R$j5I0NRP5WxbZAaeXcfYW7/'
end
Syntax check
Group exercise
[output]
Syntax OK/opt/chefdk/embedded/bin/ruby -c base.rb
applying recipe
chef-client
-
we are using a masterless chef mode, and applying chef recipe locally
-
chef-client comes with has introduced -z | --local-mode option which allows it to apply recipes locally
-
It actually sets up a light weight, fast, in memory chef server to apply configuration locally.
Alternate methods
chef-client
chef-apply
chef-solo
- applies single recipe
- works with only limited features
applying recipe
Group exercise
chef-solo --help
Usage: /usr/local/bin/chef-solo (options)
-f, --[no-]fork Fork client
--[no-]color Use colored output, defaults to enabled
-c, --config CONFIG The configuration file to use
-d, --daemonize Daemonize the process
--delete-entire-chef-repo DANGEROUS: does what it says, only useful with --recipe-url
-E, --environment ENVIRONMENT Set the Chef Environment on the node
--ez A memorial for Ezra Zygmuntowicz
--force-formatter Use formatter output instead of logger output
--force-logger Use logger output instead of formatter output
-F, --format FORMATTER output format to use
-g, --group GROUP Group to set privilege to
-i, --interval SECONDS Run chef-client periodically, in seconds
-j JSON_ATTRIBS, Load attributes from a JSON file or URL
--json-attributes
--lockfile LOCKFILE Set the lockfile location. Prevents multiple processes from converging at the same time
-l, --log_level LEVEL Set the log level (debug, info, warn, error, fatal)
-L, --logfile LOGLOCATION Set the log file location, defaults to STDOUT
--minimal-ohai Only run the bare minimum ohai plugins chef needs to function
-N, --node-name NODE_NAME The node name for this client
-o RunlistItem,RunlistItem..., Replace current run list with specified items
--override-runlist
--[no-]profile-ruby Dump complete Ruby call graph stack of entire Chef run (expert only)
-r, --recipe-url RECIPE_URL Pull down a remote gzipped tarball of recipes and untar it to the cookbook cache.
--run-lock-timeout SECONDS Set maximum duration to wait for another client run to finish, default is indefinitely.
-s, --splay SECONDS The splay time for running at intervals, in seconds
-u, --user USER User to set privilege to
-v, --version Show chef version
-W, --why-run Enable whyrun mode
-h, --help Show this messageoptions
-W, --why-run
-l, --log_level info
-c, --config config file to use (solo.rb)
solo.rb
Group exercise
file: /workspace/solo.rb
cookbook_path "cookbooks"
log_location "/var/log/chef.solo.log"
log_level :info
(dry) why run
Group exercise
chef-solo -c /workspace/solo.rb --why-run base.rb
# chef-solo -c /workspace/solo.rb --why-run base.rb
Starting Chef Client, version 12.16.42
resolving cookbooks for run list: []
Synchronizing Cookbooks:
Installing Cookbook Gems:
Compiling Cookbooks...
[2017-09-11T07:53:32+00:00] WARN: Node ws.codespaces.io has an empty run list.
Converging 1 resources
Recipe: @recipe_files::/workspace/chapter3/base.rb
* linux_user[deploy] action create
- Would create user deploy
[2017-09-11T07:53:32+00:00] WARN: In why-run mode, so NOT performing node save.
Running handlers:
Running handlers complete
Chef Client finished, 1/1 resources would have been updated commit changes
Group exercise
chef-solo -c /workspace/solo.rb base.rb
# chef-solo -c /workspace/solo.rb base.rb
Starting Chef Client, version 12.16.42
resolving cookbooks for run list: []
Synchronizing Cookbooks:
Installing Cookbook Gems:
Compiling Cookbooks...
[2017-09-11T07:54:44+00:00] WARN: Node ws.codespaces.io has an empty run list.
Converging 1 resources
Recipe: @recipe_files::/workspace/chapter3/base.rb
* linux_user[deploy] action create
- create user deploy
Running handlers:
Running handlers complete
Chef Client finished, 1/1 resources updated in 02 seconds
workflow
build node
load run list
/recipes
synchronize
cookbooks
compile
converge
phase1
phase2
convergence
-
by defining the policy, and
-
by comparing current state of the infrastructure and
-
bring it in line with the policy by
-
taking action/not taking action
-
chef resources are idempotent (most)
Chef takes a convergent approach to configuration
apply again
Group exercise
chef-solo -c /workspace/solo.rb base.rb
Starting Chef Client, version 12.16.42
resolving cookbooks for run list: []
Synchronizing Cookbooks:
Installing Cookbook Gems:
Compiling Cookbooks...
[2017-09-11T07:56:29+00:00] WARN: Node ws.codespaces.io has an empty run list.
Converging 1 resources
Recipe: @recipe_files::/workspace/chapter3/base.rb
* linux_user[deploy] action create (up to date)
Running handlers:
Running handlers complete
Chef Client finished, 0/1 resources updated in 02 seconds
chef-solo -c /workspace/solo.rb base.rb
Exercise
LAB
-
tree
-
git
-
ntp
Install Packages
Lets create a recipe base.rb with following resource specifications
Remove user
- dojo
Add file /etc/motd
with content
"Property of XYZ"
-
wget
-
unzip
Start service
- ntp
guards
-
not_if
-
only_if
Execute Resource
Guards
creates
action :nothing
Common Functionality
-
notifies -
subscribes
Execute Resource
Notifications
action :nothing
Actions
-
not_if
-
only_if
Guards
- :before
- :delayed
- :immediate, :immediately
Timers
sample code
package ['libsqlite3-dev', 'sqlite3']
execute 'download_facebooc_from_source' do
command 'wget https://github.com/jserv/facebooc/archive/master.zip'
cwd '/opt'
user 'root'
creates '/opt/master.zip'
notifies :run, 'execute[extract_facebook_app]', :immediately
end
execute 'extract_facebook_app' do
command 'unzip master.zip && touch /opt/.facebooc_compile'
cwd '/opt'
user 'root'
action :nothing
end
execute 'compile_facebooc' do
command 'make all && rm /opt/.facebooc_compile'
cwd '/opt/facebooc-master'
user 'root'
only_if 'test -f /opt/.facebooc_compile'
action :run
end
execute 'run_facebooc' do
command 'bin/facebooc 16000 &'
cwd '/opt/facebooc-master'
user 'root'
not_if 'netstat -an | grep 16000 | grep -i listen'
action :run
end
LAB
summary