Chef :: McTh — Mostly reminders for future self

Chef is based on multiple tools and software.
Here is some reminders of useful commands

Knife

Knife is the tool that allows you to communicate from your workstation to the chef server

Manage node

Add a node and associate recipe
knife bootstrap ADDRESS --ssh-user USER --ssh-port PORT --sudo --identity-file IDENTITY_FILE --node-name node1-ubuntu --run-list 'recipe[learn_chef_apache2]'

Connect to node and run recipe
knife ssh 'name:node1-ubuntu' 'sudo chef-client' --ssh-user USER --ssh-port PORT --ssh-identity-file IDENTITY_FILE --attribute ipaddress

Knife commands to see nodes :
knife node list knife node show NODENAME

Manage cookbook

Upload recipe knife cookbook upload RECIPE

Create role

Example file :

{
   "name": "web",
   "description": "Web server role.",
   "json_class": "Chef::Role",
   "default_attributes": {
     "chef_client": {
       "interval": 300,
       "splay": 60
     }
   },
   "override_attributes": {
   },
   "chef_type": "role",
   "run_list": ["recipe[chef-client::default]",
                "recipe[chef-client::delete_validation]",
                "recipe[learn_chef_apache2::default]"
   ],
   "env_run_lists": {
   }
}

To add this role simply run : knife role from file roles/web.json
See status of role : knife status 'role:web' --run-list

Berks

This tool manage community cookbook. You have to create a Berksfile :

source 'https://supermarket.chef.io'
cookbook 'chef-client'

Then run berks install
To upload to server those cookbooks : berks upload

Kitchen

This soft allows you to test your recipes before upload them.
Require : vagrant and virtualbox
List you kitchen instance : kitchen list

Create your kitchen and apply your recipes :

kitchen create
kitchen converge

Test your recipe :
Example : kitchen exec -c 'wget -qO- localhost'

Test with Inspec : kitchen verify

Delete your instance: kitchen destroy

Do it all : kitchen test

This command remove any existing instance, bring a new one, run converge then verify then destroy.

Foodcritic & Cookstyle

To test your code : foodcritic .
Analyze ruby static code : cookstyle .
To autocorrect if possible : cookstyle -a .

Inspec

With your own package

Get system info : inspec detect

Test package :

inspec exec /patch_to/package
inspec exec package -t ssh://root:password@target
inspec exec package -t ssh://root:password@target --reporter=json | jq .

Through bastion : inspec exec ../../base-check --bastion-host=BASTION --bastion-user=USER--password='PASS' -t ssh://USER@YOURSERVER

Create your own inspec package: inspec init profile $your_package
Check package and create archive:

inspec check package
inspec archive package

Exec via archive : inspec exec package-version.tar.gz -t ssh://root:password@target

Community package

List supermarket : inspec supermarket profiles
Use it :

inspec supermarket exec dev-sec/linux-baseline
inspec supermarket exec dev-sec/linux-baseline -t ssh://root:password@target

Inspect specific part of the test : inspec supermarket exec dev-sec/linux-baseline -t ssh://root:password@target --controls package-08

Habitat

Installation

brew tap habitat-sh/habitat
brew install hab
hab setup

Runtime

Enter editor : hab studio enter In studio :

build YOURAPP
hab pkg upload ./results/$HAB_ORIGIN-YOURAPP....
hab pkg export docker $HAB_ORIGIN/YOURAPP