DevOps Classroom Series – 19/June/2021

Changing Convergence using Chef-Client Supermarket cookbook

  • Add the following to the attributes file with your time interval
default['chef_client']['interval'] = 60
  • Add the following to the run_list or default.rb
include_recipe 'chef-client::default'

Preview

Attribute Precedence

  • In chef we can define attributes
    • attribute file
    default['qt_tomcat']['java_package'] = 'openjdk_8_jdk'
    • recipe
    node.default['qt_tomcat']['java_package'] = 'openjdk_8_jdk'
    • environments
    default_attributes( {'qt_tomcat' => {'java_package' => 'openjdk_8_jdk'}})
    • roles
    default_attributes( {'qt_tomcat' => {'java_package' => 'openjdk_8_jdk'}})
  • Attributes have types
    • default
    • force_default
    • normal
    • override
    • force_override
    • automatic
  • If we define the attribute at only one location (attributes, recipes, environments) then the attribute will be applied as expected
  • But if we define the attribute with different values at different locations, then chef has weights associated in the combination of location & type.
  • the attribute with higher weight will be applied
  • Environments and roles have only two possible attribute types
    • default
    • override
  • Automatic type is only for the attributes collected by chef client by running ohai tool

Preview

Data bags

  • Data Bags are global variables which are stored as JSON data. Data bags can be used for storing sensitive content as the data bags support encryption and decryption
  • Refer Here for the official docs
  • Lets use a chef data bag to store sensitive
  • Create a data bag using knife command
knife data bag create qtsensitive
  • create a folder structure in chef-repo
chef-repo
----> data_bags
     ----> qtsensitive
           ----> passwords.json
----> cookbooks
----> environments
-----> roles
  • The passwords.json file content
{
 "id": "passwords",
 "tomcat_password": "india@123",
 "mysql_password": "rootinqt123",
 "postgres_password": "rootinqt123"
}
  • Lets upload this data bag item to chef server
knife data bag from file qtsensitive <path to passwords.json>

Preview Preview

  • Upload the data bag with secret text
knife data bag from file qtsensitive <path to passwords.json> --secret <secret text>

Preview Preview

  • But the local file in chef-repo is not encrypted to do that use
knife data bag from file qtsensitive <path to passwords.json> --secret <secret text> --local-mode
  • Now lets see how to decrypt the encrypted password in the chef recipes
  • Refer Here for the chef-repo used in the class room

Chef Server Install

  • Refer Here for the steps

  • Refer Here for the pre-requisites

  • Commands used in the class to install chef server

mv chef-server-core_14.4.4-1_amd64.deb /tmp/
sudo dpkg -i /tmp/chef-server-core_14.4.4-1_amd64.deb
sudo chef-server-ctl reconfigure
sudo chef-server-ctl user-create qtdevops qt Devops qtdevops@gmail.com 'india123' --filename /home/ubuntu/qtdevops.pem
sudo chef-server-ctl org-create qthought 'QT Devops' --association_user qtdevops --filename /home/ubuntu/qthought-validator.pem
sudo chef-server-ctl install chef-manage
sudo chef-server-ctl reconfigure
sudo chef-manage-ctl reconfigure

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Please turn AdBlock off
Animated Social Media Icons by Acurax Responsive Web Designing Company

Discover more from Direct DevOps from Quality Thought

Subscribe now to keep reading and get access to the full archive.

Continue reading

Visit Us On FacebookVisit Us On LinkedinVisit Us On Youtube