This article will guide you through the creation of Chef Cookbook/Recipe and how to deploy it on CentOS/RHEL 6.4.
The procedure mentioned in this tutorial is tested on:
What is a Cookbook?
A cookbook is the fundamental unit of configuration and policy distribution. Each cookbook defines a scenario, such as everything needed to install and configure MySQL, and then it contains all of the components that are required to support that scenario.
What is a Recipe?
Recipe files are Ruby applications that define everything that is required to configure a system, including creating and configuring folders, installing and configuring packages, starting services, and so on. A recipe is a subset or “piece” of a cookbook
What is a Attribute?
Attributes files contain a set of attributes that represent values to be used by the recipes and templates.
For example, the built-in cookbook for the Rails App Server layer includes an attributes file with values for the Rails version, the application server stack, and so on.
What is Template?
Template files are templates that recipes use to create other files, such as configuration files.
Template files typically let you modify the configuration file by overriding attributes—which can be done without touching the cookbook—instead of rewriting a configuration file. The standard practice is that whenever you expect to change a configuration file on an instance even slightly, you should use a template file.
What is Databags?
A data bag is a global variable that is stored as JSON data and is accessible from a server. A data bag is indexed for searching and can be loaded by a recipe or accessed during a search. The contents of a data bag can vary, but they often include sensitive information (such as database passwords).
What is knife?
Knife is a command-line tool that provides an interface between a local chef-repo and the server. Knife helps users to manage nodes, cookbook, recipes, roles etc.
Steps to create a Sample Cookbook and configure a recipe
1) Login to Workstation node which have knife configured.
Adding the following line to create cookbook repo that can be uploaded to git (for version control).
# vi /root/.chef/knife.rb
cookbook_path [ '/usr/local/src/chef/cookbooks' ]
2) Create the cookbook directory.
# mkdir -p /usr/local/src/chef/cookbooks
3) Now lets create sample cookbook to push users to Chef Nodes:
# knife cookbook create cookbook-test
4) Navigate to cookbook directory and you will see the following structure got created.
# cd /usr/local/src/chef/cookbooks
# tree cookbook-test
│ └── default
│ └── default.rb
5) Before creating the recipe lets generate the password for the new user using the following commands.
# openssl passwd -1 "theplaintextpassword"
6) Now lets create a recipe for a new group (system-admins) and user by the name “sanjay”.
# cat /usr/local/src/chef/cookbooks/cookbook-test/recipes/default.rb
# Cookbook Name:: cookbook-test
# Recipe:: default
# Copyright 2013, YOUR_COMPANY_NAME
# All rights reserved - Do Not Redistribute
group "system-admins" do
user "sanjay" do
comment "Sanjay User"
supports :manage_home => true
Note: Please check the Group resource and User resource page for more info.
7) To upload the cookbooks/directory to the server, browse to the top level of the chef-repo and enter:
# knife upload cookbooks
Note: This will upload all the cookbook.
8) To upload a single cookbook use following command:
# knife upload cookbooks cookbook-test
9) Once we have upload the cookbook, now is the time to associate it with a Node using “run_list” Knife option:
# knife node list
# knife node run_list add node1.example.com cookbook-test
9) Now login to machine “node1.example.com” and run the following command:
[2013-10-25T04:47:36-07:00] INFO: Forking chef instance to converge...
Starting Chef Client, version 11.6.2
[2013-10-25T04:47:36-07:00] INFO: *** Chef 11.6.2 ***
[2013-10-25T04:47:37-07:00] INFO: Run List is
Note: Please check the Knife node run_list page for more info.
9) Try to check the user got created using following command:
# su - sanjay
uid=1002(sanjay) gid=1001(system-admins) groups=1001(system-admins) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023