DevOps Classroom Series – 19/June/2021

Changing Convergence using Chef-Client Supermarket cookbook

  • Add the following to the attributes file with your time interval
default['chef_client']['interval'] = 60
  • Add the following to the run_list or default.rb
include_recipe 'chef-client::default'


Attribute Precedence

  • In chef we can define attributes
    • attribute file
    default['qt_tomcat']['java_package'] = 'openjdk_8_jdk'
    • recipe
    node.default['qt_tomcat']['java_package'] = 'openjdk_8_jdk'
    • environments
    default_attributes( {'qt_tomcat' => {'java_package' => 'openjdk_8_jdk'}})
    • roles
    default_attributes( {'qt_tomcat' => {'java_package' => 'openjdk_8_jdk'}})
  • Attributes have types
    • default
    • force_default
    • normal
    • override
    • force_override
    • automatic
  • If we define the attribute at only one location (attributes, recipes, environments) then the attribute will be applied as expected
  • But if we define the attribute with different values at different locations, then chef has weights associated in the combination of location & type.
  • the attribute with higher weight will be applied
  • Environments and roles have only two possible attribute types
    • default
    • override
  • Automatic type is only for the attributes collected by chef client by running ohai tool


Data bags

  • Data Bags are global variables which are stored as JSON data. Data bags can be used for storing sensitive content as the data bags support encryption and decryption
  • Refer Here for the official docs
  • Lets use a chef data bag to store sensitive
  • Create a data bag using knife command
knife data bag create qtsensitive
  • create a folder structure in chef-repo
----> data_bags
     ----> qtsensitive
           ----> passwords.json
----> cookbooks
----> environments
-----> roles
  • The passwords.json file content
 "id": "passwords",
 "tomcat_password": "india@123",
 "mysql_password": "rootinqt123",
 "postgres_password": "rootinqt123"
  • Lets upload this data bag item to chef server
knife data bag from file qtsensitive <path to passwords.json>

Preview Preview

  • Upload the data bag with secret text
knife data bag from file qtsensitive <path to passwords.json> --secret <secret text>

Preview Preview

  • But the local file in chef-repo is not encrypted to do that use
knife data bag from file qtsensitive <path to passwords.json> --secret <secret text> --local-mode
  • Now lets see how to decrypt the encrypted password in the chef recipes
  • Refer Here for the chef-repo used in the class room

Chef Server Install

  • Refer Here for the steps

  • Refer Here for the pre-requisites

  • Commands used in the class to install chef server

mv chef-server-core_14.4.4-1_amd64.deb /tmp/
sudo dpkg -i /tmp/chef-server-core_14.4.4-1_amd64.deb
sudo chef-server-ctl reconfigure
sudo chef-server-ctl user-create qtdevops qt Devops 'india123' --filename /home/ubuntu/qtdevops.pem
sudo chef-server-ctl org-create qthought 'QT Devops' --association_user qtdevops --filename /home/ubuntu/qthought-validator.pem
sudo chef-server-ctl install chef-manage
sudo chef-server-ctl reconfigure
sudo chef-manage-ctl reconfigure

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About learningthoughtsadmin