A lab to play with chef
The lab sets up a basic Chef Server, Chef Automate, Two web servers, and a load balancer. They are highly unsecured, do not use for production systems. This lab was meant for teaching purpouses only.
- Downloads and unpackages the chef-server deb file.
- Create a first user to be able to log in into Chef Server
- Create an Org and associate the user to this Org.
- Install Chef Manage, this is the Web interface for Chef Server.
- Install Chef Reporting.
The lines modifying the hosts file allow chef-server box to talk to all other nodes without knowing the IP's.
Git clone this repo
git clone https://github.com/chito4/chef-lab
cd chef-lab
Then run the Vagrantfile, if this is the first time you have ran this, it will take a long time 10-25 min depending on your hardware
vagrant up chef_server
Once that's done you can open up your browser and go to: https://chef-server/
You will get a certificate exception, that's OK you can skip it and continue.
Login with testlabdev and password password
You dont necesearlly need this but if you want to learn how to use automate do this as well.
Make sure that ChefDK is installed and part of you PATH:
vagrant up chef_automate
You will have to login to accept the T&C
chef-automate deploy
Your next step is to download Chef Starter Package unto your WORKSTATION from you current Chef Server installation:
- Go to https://chef-server/organizations
- Click testcheflab
- On the left menu search for Starter Kit and click on it.
- Click on "Download Starter Kit"
- Click on "Proceed"
This will download a .zip file, the objective is to have the chef-starter-repo next to chef-lab directory.
Unzip the file and you should have something like this:
[dev@workstation]$ ls
chef-repo chef-lab
Chef repo directory is where most of the work would happen. Here you will create cookbook, recipes, assign roles to nodes and make tests for you recipes.
The first step is to make contact with Chef server.
cd chef-repo
knife ssl fetch
knife ssl check
chef verify
//This last command will take a while
Now you're ready to start creating cookbooks.
You will want to upload at least one test cookbook to make sure its all up and running, a hello world will do
cd chef-repo <--- Make sure you're at the root of the project
knife cookbook upload test-cookbook
Open up your browser and go to https://chef-server/organizations/testcheflab/cookbooks
You will see your new test-cookbook cookbook now hosted on your local chef server.
Go back to the chef-lab directory and bring up the missing boxes.
cd ../chef-lab
vagrant up lb web2 web3
Right now, our web-servers don't know how to communicate to our installation of Chef server. knife provides an easy way to
do this. Usually you run this once.
cd ../chef-repo
knife bootstrap web3 -x vagrant -P vagrant --sudo --verbose --node-name web3-node
knife bootstrap web2 -x vagrant -P vagrant --sudo --verbose --node-name web2-node
knife bootstrap lb -x vagrant -P vagrant --sudo --verbose --node-name lb-node
You can go to https://chef-server/organizations/testcheflab/nodes and you will see your new nodes.
A role is a way to define certain patterns and processes that exist across nodes in an organization as belonging to a single job function. Each role consists of zero (or more) attributes and a run-list. Each node can have zero (or more) roles assigned to it. When a role is run against a node, the configuration details of that node are compared against the attributes of the role, and then the contents of that role’s run-list are applied to the node’s configuration details. When a chef-client runs, it merges its own attributes and run-lists with those contained within each assigned role.
Create a new file under roles directory:
{
"name": "webapp-role",
"description": "Role to configure all web nodes",
"chef_type": "role",
"run_list": [
"recipe[test-cookbook::default]"
]
}
Add the roles to your nodes:
knife node run_list add web2-node 'role[webapp-role]'
knife node run_list add web3-node 'role[webapp-role]'
Now we have to run chef-client on each of the boxes.
/chef-lab
vagrant ssh web2
Inside do this:
[vagrant@web2 ~]$ sudo chef-client
//after it finishes
[vagrant@web2 ~]$ exit
Now do the same for web3:
[vagrant@web3 ~]$ sudo chef-client
[vagrant@web3 ~]$ exit
And fimally for the lb
[vagrant@lb ~]$ sudo chef-client
[vagrant@lb ~]$ exit
- Figure out how to automatically accept license for chef automate
- other stuff that im forgetting to do.