Sie sind auf Seite 1von 17

CHEF DEVELOPMENT KIT

The Chef DK gives you the tools you need to develop and test
your infrastructure automation code locally from your workstation,
before deploying changes into production. For example, the Test
Kitchen tool lets you run tests in an isolated environment. Chef
DK also includes InSpec, a powerful language for writing
infrastructure tests. Download Chef DK

CHEF SERVER
The Chef Server acts as a central repository for cookbooks as well
as for information about every node it manages.
Chef cookbooks contain code that describes the desired state of
your infrastructure. Download Server

CHEF CLIENT
A node is any physical or virtual machine in your network that is
managed by the Chef server. The Chef client runs on each node
and securely communicates with the Chef server to get the latest
configuration instructions. The Chef client uses the instructions to
bring the node to its desired state. Download Client

Configure a resource
KEY POINT: A Chef resource describes one part of the system, such as a file, a template, or a package. A
Chef recipe is a file that groups related resources, such as everything needed to configure a web server, database
server, or a load balancer.
2. Create the INI file
In this step, you'll first create the INI file and set its initial contents. To keep things basic, you'll
configure the file in the working directory.

Next, you'll write what's called a recipe to describe the desired state of the INI file. Then you'll
run chef-client, the program that applies your Chef code to place your system in the desired state.
Typically, chef-client downloads and runs the latest Chef code from the Chef server, but in this
lesson, you'll run chef-client in what's called local mode to apply Chef code that exists locally
on your virtual machine.

From your ~\chef-repo directory, create a file named hello.rb , add these contents, and then save
the file.

From the command prompt, run the following chef-client command to apply what you've written.

PS> chef-client --local-mode hello.rb[2016-08-19T11:13:11-07:00] WARN: No config file found or


specified on command line, using command line options.[2016-08-19T11:13:11-07:00] WARN: No
cookbooks directory found at or above current directory. Assuming
C:/Users/Administrator/chef-repo.[2016-08-19T11:13:11-07:00] WARN: Port 8889 not
availableStarting Chef Client, version 12.12.15resolving cookbooks for run list:
[]Synchronizing Cookbooks:Installing Cookbook Gems:Compiling Cookbooks...[2016-08-19T11:13:54-
07:00] WARN: Node workstation-windows-2012r2 has an empty run list.Converging 1
resourcesRecipe: @recipe_files::C:/Users/Administrator/chef-repo/hello.rb *
file[C:\Users\Administrator\chef-repo\settings.ini] action create - create new file
C:\Users\Administrator\chef-repo\settings.ini - update content in file
C:\Users\Administrator\chef-repo\settings.ini from none to 6823fa ---
C:\Users\Administrator\chef-repo\settings.ini 2016-08-19 11:13:54.000000000 -0700 +++
C:\Users\Administrator\chef-repo/chef-settings.ini20160819-3528-1ot41w7 2016-08-19
11:13:54.000000000 -0700 @@ -1 +1,2 @@ +greeting=hello world Running handlers:Running
handlers completeChef Client finished, 1/1 resources updated in 42 seconds

This time you get a different response the file is already up to date. This is because Chef applies the
configuration only when it needs to.

Chef looks at the current configuration state and applies the action only if the current state doesn't match the
desired state. Here, Chef doesn't create or modify settings.ini because it already exists and its contents
didn't change. We call this approach test and repair.

3. Update the INI file's contents


Now you're going to change the INI file.

Modify hello.rb like this ('hello world' becomes 'hello chef'.)


Run chef-client using the options as shown below.

PS> chef-client --local-mode hello.rb[2016-08-19T11:14:40-07:00] WARN: No config file found or


specified on command line, using command line options.[2016-08-19T11:14:40-07:00] WARN: No
cookbooks directory found at or above current directory. Assuming
C:/Users/Administrator/chef-repo.[2016-08-19T11:14:40-07:00] WARN: Port 8889 not
availableStarting Chef Client, version 12.12.15resolving cookbooks for run list:
[]Synchronizing Cookbooks:Installing Cookbook Gems:Compiling Cookbooks...[2016-08-19T11:15:21-
07:00] WARN: Node workstation-windows-2012r2 has an empty run list.Converging 1
resourcesRecipe: @recipe_files::C:/Users/Administrator/chef-repo/hello.rb *
file[C:\Users\Administrator\chef-repo\settings.ini] action create - update content in file
C:\Users\Administrator\chef-repo\settings.ini from 6823fa to cfde92 ---
C:\Users\Administrator\chef-repo\settings.ini 2016-08-19 11:13:54.000000000 -0700 +++
C:\Users\Administrator\chef-repo/chef-settings.ini20160819-2832-qp8yv3 2016-08-19
11:15:21.000000000 -0700 @@ -1,2 +1,2 @@ -greeting=hello world +greeting=hello
chef Running handlers:Running handlers completeChef Client finished, 1/1 resources updated in
40 seconds

This time Chef applies the action because you've changed the desired state of the file.

4. Ensure the INI file's contents are not changed by


anyone else
You need to make sure that no other process can change the INI file.

Imagine that a co-worker manually changes settings.ini by replacing 'hello chef' with 'hello robots'. Go
ahead and change your copy of settings.ini through your text editor. Or you can change the file from the
command line like this.

Now run chef-client using the options as shown below.

chef-client --local-mode hello.rb[2016-08-19T11:15:24-07:00] WARN: No config file found or


specified on command line, using command line options.[2016-08-19T11:15:24-07:00] WARN: No
cookbooks directory found at or above current directory. Assuming
C:/Users/Administrator/chef-repo.[2016-08-19T11:15:25-07:00] WARN: Port 8889 not
availableStarting Chef Client, version 12.12.15resolving cookbooks for run list:
[]Synchronizing Cookbooks:Installing Cookbook Gems:Compiling Cookbooks...[2016-08-19T11:16:08-
07:00] WARN: Node workstation-windows-2012r2 has an empty run list.Converging 1
resourcesRecipe: @recipe_files::C:/Users/Administrator/chef-repo/hello.rb *
file[C:\Users\Administrator\chef-repo\settings.ini] action create - update content in file
C:\Users\Administrator\chef-repo\settings.ini from 95e229 to cfde92 ---
C:\Users\Administrator\chef-repo\settings.ini 2016-08-19 11:15:22.000000000 -0700 +++
C:\Users\Administrator\chef-repo/chef-settings.ini20160819-4088-eipzar 2016-08-19
11:16:08.000000000 -0700 @@ -1,2 +1,2 @@ -greeting=hello robots +greeting=hello
chef Running handlers:Running handlers completeChef Client finished, 1/1 resources updated in
42 seconds

Chef restored the original configuration. This is actually a really good thing because Chef ensures that the
actual state of your resource matches what you specify, even if it is altered by some outside process. Chef
enables you to both apply a new configuration state as well as ensure that the current state stays how you want
it.

In practice, it's common to configure chef-client to act as a scheduled task that runs periodically or as part of
a continuous delivery system such as Chef Automate. Running Chef through automation helps to ensure that
your servers remain configured as you expect and also enables them to be reconfigured when you need them
to be.

5. Delete the INI file


OK, you're done experimenting with the INI file, so let's clean up. From your ~\chef-repo directory, create a
new file named goodbye.rb and save the following content to it.

Now apply goodbye.rb to delete the file.

chef-client --local-mode goodbye.rb[2016-08-19T11:16:10-07:00] WARN: No config file found or


specified on command line, using command line options.[2016-08-19T11:16:10-07:00] WARN: No
cookbooks directory found at or above current directory. Assuming
C:/Users/Administrator/chef-repo.[2016-08-19T11:16:10-07:00] WARN: Port 8889 not
availableStarting Chef Client, version 12.12.15resolving cookbooks for run list:
[]Synchronizing Cookbooks:Installing Cookbook Gems:Compiling Cookbooks...[2016-08-19T11:16:51-
07:00] WARN: Node workstation-windows-2012r2 has an empty run list.Converging 1
resourcesRecipe: @recipe_files::C:/Users/Administrator/chef-repo/goodbye.rb *
file[C:\Users\Administrator\chef-repo\settings.ini] action delete - delete file
C:\Users\Administrator\chef-repo\settings.ini Running handlers:Running handlers completeChef
Client finished, 1/1 resources updated in 40 seconds

The output shows that settings.ini is now gone, but let's prove it.

Summary
You ran a few basic Chef commands and got a flavor of what Chef can do. You learned that a
resource describes one part of the system and its desired state. You worked with a file, which is
one kind of resource.

Resources describe the what, not the how


A recipe is a file that holds one or more resources. Each resource declares what state a part of the
system should be in, but not how to get there. Chef handles these complexities for you.

In this lesson, you declared that the file settings.ini must exist and what its contents are, but you
didn't specify how to create or write to the file. This layer of abstraction can not only make you
more productive, but it can also make your work more portable across platforms.

Resources have actions


When you deleted the file, you saw the :delete action.

Think of an action as the process that achieves the desired configuration state. Every resource in
Chef has a default action, and it's often the most common affirmative one for example, create a
file, install a package, and start a service.

When we created the file we didn't specify the :create action because :create is the default. But
of course you can specify it if you want.

The documentation for each resource type, file for example, explains the type's default action.

Recipes organize resources


In Chef, hello.rb is an example of a recipe, or an ordered series of configuration states. A recipe
typically contains related states, such as everything needed to configure a web server, database
server, or a load balancer.

Our recipe states everything we need to manage the INI file. You used chef-client in local mode
to apply that recipe from the command line.

Exercises
1. What is a resource?

Answer

A resource represents a piece of infrastructure and its desired state, such as a package that
should be installed, a service that should be running, or a file that should be generated.

2. What is a recipe?

Answer

A recipe is a collection of resources that describes a particular configuration or policy. A


recipe describes everything that is required to configure part of a system. Recipes do
things such as:

install and configure software components.


manage files.
deploy applications.
execute other recipes.

3. What happens when you don't specify a resource's action?

Answer

When you don't specify a resource's action, Chef applies the default action. For example,
this resource:

is the same as this one:

because :create is the file resource's default action.

The documentation for each resource type, file for example, explains the type's default action.

4. Modify the hello.rb recipe you wrote in this lesson to manage the INI file
under the C:\temp\messages directory, and not in the current directory.
Hint: You'll need to create the C:\temp\messages directory first. The documentation for
the directory resource shows you how.

Answer

Here's the updated recipe. It uses the directory resource to ensure that
the C:\temp\messages directory exists.
Here's how to apply and verify the recipe.

chef-client --local-mode hello.rb[2016-01-07T13:33:07-08:00] WARN: No config file found or


specified on command line, using command line options.[2016-01-07T13:33:07-08:00] WARN: No
cookbooks directory found at or above current directory. Assuming
C:/Users/Administrator/chef-repo.Starting Chef Client, version 12.6.0resolving cookbooks for
run list: []Synchronizing Cookbooks:Compiling Cookbooks...[2016-01-07T13:33:41-08:00] WARN:
Node WIN-8MV74EBIT8G has an empty run list.Converging 2 resourcesRecipe:
@recipe_files::C:/Users/Administrator/chef-repo/hello.rb * directory[C:\temp\messages] action
create - create new directory C:\temp\messages * file[C:\temp\messages\settings.ini]
action create - create new file C:\temp\messages\settings.ini - update content in file
C:\temp\messages\settings.ini from none to 6823fa --- C:\temp\messages\settings.ini 2016-
01-07 13:33:41.000000000 -0800 +++ C:\temp\messages/settings.ini20160107-2668-f4n4jg
2016-01-07 13:33:41.000000000 -0800 @@ -1 +1,2 @@ +greeting=hello world Running
handlers:Running handlers completeChef Client finished, 2/2 resources updated in 34 seconds

Get-Content C:\temp\messages\settings.inigreeting=hello world

Configure a package and service


KEY POINT: Like files, packages and services are also types of resources. Chef applies resources in the order you
specify.

1. Install IIS
Let's install IIS. From your ~\chef-repo directory, add this recipe to a file named webserver.rb .

We don't need to specify an action because :run is the default.

Now run chef-client in local mode to apply the recipe.

chef-client --local-mode webserver.rb[2016-08-19T11:16:54-07:00] WARN: No config file found or


specified on command line, using command line options.[2016-08-19T11:16:54-07:00] WARN: No
cookbooks directory found at or above current directory. Assuming
C:/Users/Administrator.[2016-08-19T11:16:54-07:00] WARN: Port 8889 not availableStarting Chef
Client, version 12.12.15resolving cookbooks for run list: []Synchronizing Cookbooks:Installing
Cookbook Gems:Compiling Cookbooks...[2016-08-19T11:17:40-07:00] WARN: Node workstation-
windows-2012r2 has an empty run list.Converging 1 resourcesRecipe:
@recipe_files::C:/Users/Administrator/webserver.rb * powershell_script[Install IIS] action
run - execute "C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe" -NoLogo -
NonInteractive -NoProfile -ExecutionPolicy Bypass -InputFormat None -File
"C:/Users/ADMINI~1/AppData/Local/Temp/chef-script20160819-4084-yqpxvo.ps1" Running
handlers:Running handlers completeChef Client finished, 1/1 resources updated in 01 minutes 30
seconds

Run the recipe a second time.

chef-client --local-mode webserver.rb[2016-08-19T11:18:38-07:00] WARN: No config file found or


specified on command line, using command line options.[2016-08-19T11:18:38-07:00] WARN: No
cookbooks directory found at or above current directory. Assuming
C:/Users/Administrator.[2016-08-19T11:18:39-07:00] WARN: Port 8889 not availableStarting Chef
Client, version 12.12.15resolving cookbooks for run list: []Synchronizing Cookbooks:Installing
Cookbook Gems:Compiling Cookbooks...[2016-08-19T11:20:15-07:00] WARN: Node workstation-
windows-2012r2 has an empty run list.Converging 1 resourcesRecipe:
@recipe_files::C:/Users/Administrator/webserver.rb * powershell_script[Install IIS] action
run (skipped due to not_if) Running handlers:Running handlers completeChef Client finished,
0/1 resources updated in 01 minutes 53 seconds

This time, Chef does not reinstall IIS. That's because the not_if attribute skips the resource when the
condition is true. In this case, we use the Get-WindowsFeature PowerShell cmdlet to check whether the Web-
Server feature is installed.

2. Start the World Wide Web Publishing Service


Now let's first enable the IIS World Wide Web Publishing Service (W3SVC) service when the server boots and
then start the service. Modify webserver.rb to look like this.

This code declares multiple actions.

Now apply it.

chef-client --local-mode webserver.rb[2016-08-19T11:20:59-07:00] WARN: No config file found or


specified on command line, using command line options.[2016-08-19T11:20:59-07:00] WARN: No
cookbooks directory found at or above current directory. Assuming
C:/Users/Administrator.[2016-08-19T11:21:01-07:00] WARN: Port 8889 not availableStarting Chef
Client, version 12.12.15resolving cookbooks for run list: []Synchronizing Cookbooks:Installing
Cookbook Gems:Compiling Cookbooks...[2016-08-19T11:22:34-07:00] WARN: Node workstation-
windows-2012r2 has an empty run list.Converging 2 resourcesRecipe:
@recipe_files::C:/Users/Administrator/webserver.rb * powershell_script[Install IIS] action
run (skipped due to not_if) * windows_service[w3svc] action enable (up to date) *
windows_service[w3svc] action start (up to date) Running handlers:Running handlers
completeChef Client finished, 0/3 resources updated in 01 minutes 34 seconds

IIS is already installed, so again there's nothing to do. Similarly, the W3SVC service is already started and
enabled. The command would install IIS if it got uninstalled and enable the W3SVC service if it was stopped or
disabled. With Chef, this is easy to verify.

3. Configure the home page


Let's spruce things up and add a custom home page.

You already know how to configure a file resource; append one that configures the default home
page, c:\inetpub\wwwroot\Default.htm , to the end of webserver.rb . The entire recipe now looks like this.

Now apply it

chef-client --local-mode webserver.rb[2016-08-19T11:22:40-07:00] WARN: No config file found or


specified on command line, using command line options.[2016-08-19T11:22:40-07:00] WARN: No
cookbooks directory found at or above current directory. Assuming
C:/Users/Administrator.[2016-08-19T11:22:40-07:00] WARN: Port 8889 not availableStarting Chef
Client, version 12.12.15resolving cookbooks for run list: []Synchronizing Cookbooks:Installing
Cookbook Gems:Compiling Cookbooks...[2016-08-19T11:23:23-07:00] WARN: Node workstation-
windows-2012r2 has an empty run list.Converging 3 resourcesRecipe:
@recipe_files::C:/Users/Administrator/webserver.rb * powershell_script[Install IIS] action
run (skipped due to not_if) * windows_service[w3svc] action enable (up to date) *
windows_service[w3svc] action start (up to date) * file[c:\inetpub\wwwroot\Default.htm]
action create - create new file c:\inetpub\wwwroot\Default.htm - update content in file
c:\inetpub\wwwroot\Default.htm from none to 2914aa --- c:\inetpub\wwwroot\Default.htm
2016-08-19 11:23:24.000000000 -0700 +++ c:\inetpub\wwwroot/chef-Default.htm20160819-4048-
7n12s2 2016-08-19 11:23:24.000000000 -0700 @@ -1 +1,6 @@ +<html> + <body> +
<h1>hello world</h1> + </body> +</html> Running handlers:Running handlers completeChef
Client finished, 1/4 resources updated in 44 seconds

IIS and W3SVC are already in the desired state, but you'll see that the home
page, c:\inetpub\wwwroot\Default.htm , is created.
4. Confirm your web site is running
Run the Invoke-WebRequest PowerShell cmdlet to confirm that your web page is available.

Assuming your server's firewall is open for inbound access on port 80, you can access your web server from a
browser on another machine. You'll see something like this.

Summary
You saw how to work with the package and service resources. You now know how to work with three types of
resources: file,powershell_script, and service.

You also saw how to apply multiple actions. But how does Chef know what order to apply resources and
actions?

Chef works in the order you specify


Let's take another quick look at our web server recipe.
The resources are applied in the order they are specified in the recipe. So here IIS is installed, then the
W3SVC service is configured, and finally the home page is set. If any resource is already in the desired state,
Chef simply moves on to the next one.

The same idea applies to the action list [:enable, :start] for configuring the W3SVC service. The service is
enabled when the server boots before the service is started.

It's important to always think about how you order things. For example, the recipe wouldn't work if we tried to
configure the W3SVC service before IIS is even installed.

A recipe stops if any step fails (don't worry Chef provides info about the error). That's why we ordered the
service actions the way we did. If the service can't be enabled on boot then we don't want to start it.

Exercises
Exercise 1

Are these two recipes the same?


Answer
No, they are not. Remember that Chef applies resources in the order they appear. So the first recipe ensures that IIS is
installed and then configures the W3SVC service. The second recipe configures the service and then ensures IIS is
installed.

The second recipe may not work as you'd expect because the service resource will fail if the IIS package is not yet
installed.
Exercise 4

Write a service resource that stops and then disables the W3SVC service from starting when the system
boots.

Hint: The documentation for the service resource lists the available actions.

chef-client --local-mode webserver.rb[2016-01-07T13:52:31-08:00] WARN: No config file found or


specified on command line, using command line options.[2016-01-07T13:52:31-08:00] WARN: No
cookbooks directory found at or above current directory. Assuming
C:/Users/Administrator/chef-repo.Starting Chef Client, version 12.6.0resolving cookbooks for
run list: []Synchronizing Cookbooks:Compiling Cookbooks...[2016-01-07T13:53:07-08:00] WARN:
Node WIN-8MV74EBIT8G has an empty run list.Converging 3 resourcesRecipe:
@recipe_files::C:/Users/Administrator/chef-repo/webserver.rb * powershell_script[Install IIS]
action run (skipped due to not_if) * windows_service[w3svc] action stop - stop service
windows_service[w3svc] * windows_service[w3svc] action disable - disable service
windows_service[w3svc] * file[c:\inetpub\wwwroot\Default.htm] action create (up to
date) Running handlers:Running handlers completeChef Client finished, 2/4 resources updated in
39 seconds
(Invoke-WebRequest localhost).StatusCodeInvoke-WebRequest : Unable to connect to the remote
server

Next: Make your recipe more manageable


You may notice one big problem with our recipe the HTML code lives inside it, so there is no clear
separation between our web site code and our recipe to manage it. It's a good incremental step because
it helps you get things working, but this of course would never scale to a full web site.

Next you'll learn how to create a cookbook to make your Chef recipes more manageable.

Make your recipe more manageable


KEY POINT: A
cookbook provides structure to your recipes and enables you to more easily reference external files, such
as our web server's home page. In essence, a cookbook helps you stay organized.
The cookbooks/learn_chef_iis part tells Chef to create a cookbook named learn_chef_iis under
the cookbooks directory.

Here's the directory structure that the command created.

tree /F /A cookbooksFolder PATH listing for volume Windows 2012 R2Volume serial number is
ECF5-CAB0C:\USERS\ADMINISTRATOR\COOKBOOKS\---learn_chef_iis
| .kitchen.yml
| Berksfile
| chefignore
| metadata.rb
| README.md
|
+---.delivery
| | config.json
| | project.toml
| |
| \---build_cookbook
| | .kitchen.yml
| | Berksfile
| | chefignore
| | LICENSE
| | metadata.rb
| | README.md
| |
| +---data_bags
| | \---keys
| | delivery_builder_keys.json
| |
| +---recipes
| | default.rb
| | deploy.rb
| | functional.rb
| | lint.rb
| | provision.rb
| | publish.rb
| | quality.rb
| | security.rb
| | smoke.rb
| | syntax.rb
| | unit.rb
| |
| +---secrets
| | fakey-mcfakerton
| | | \---test
| \---fixtures
| \---cookbooks
| \---test
| | metadata.rb
| |
| \---recipes
| default.rb
|
+---recipes
default.rb
| +---spec
| | spec_helper.rb
| |
| \---unit
| \---recipes
| default_spec.rb
| \---test
\---recipes
default_test.rb

Note the default recipe, named default.rb. This is where we'll move our IIS recipe in a
moment.

The .delivery directory contains starter content for working with Chef Automate. As you become
more famililar with Chef, you can check out this tutorial to learn more.