Chef - Configuratin Managment Tool

chef - configuration management tool
Pull based - chef
Push based - Ansible
IAC - Infrastructural as a code
lang - ruby

Architecture
workstation (cookbook(recipe)) --knife-- chef server --knife--  node 1, node2(ohai)(chef client)

bootstrap - chef server connect to the node, that process known as bootstrap
ohai - current configuration, or maintain current state info. of node
chef client - Tool runs on every chef node to pull code from chef server (convergence)
knife - is a cmd line tool, that establish communication among workstation, server and node
Idem-potency - tracking the state of system resources to ensure that the changes should not reapply Repeatedly.


How to install chef on workstation
www.chef.io      download chef workstation
now to linux machine copy url and do
weget  <url>
yum install chef...
which chef
check --version

cookbook
cookbook is collection of recipes and some other file and folders
checfignore - like .gitignore
kitchen yml - for testing cookbook
metadata.rb - name version author etc of the cookbook
readme.md - information about usage of cookbook

recipe - where you write code

mkdir cookbooks
cd cookbooks
chef generate cookbook test-cookbook

cd test-cookbook

chef generate recipe test-recipe.rb
to check use tree cmd

cd ..

vi test-cookbook/recipes/test-recipe.rb


create on recipe
file '/home/ec2-user/myfile' do
content 'welcome to nonstopstep'
action :create
end


chef spec ruby -c test-cookbook/recipes/test-recipe.rb        to check if code is ok

chef-client -zr "recipe[test-cookbook::test-recipe]"        z meaning for local machine, r mean run list

2nd recipe
cd test-cookbook
chef generate recipe recipe2
cd ..
vi test-cookbook/recipes/recipe2.rb----------------------------------
package 'tree' do
action :install
end

file '/home/ec2-user/myfile2' do
content 'second Project code'
action :create
end
----------------------------------

chef-client -zr "recipe[test-cookbook::recipe2]"
cat /myfile2
yum remove tree -y
chef

recipe 3 deploying an apache server

chef generate  cookbook apache-cookbook
cd apache-cookbook/
chef generate recipe apache-recipe
tree
cd ..
ls

vi apache-cookbook/recipes/apache-recipe.rb--------------------
package 'httpd' do
action :install
end

file '/var/www/html/index.html' do
content 'welcome to nostopstep'
action :create
end

service 'httpd' do
action [:enable, :start]
end
----------------------------------

chef exec ruby -c apache-cookbook/recipes/apache-recipe.rb
chef-client -zr "recipe[apache-cookbook::apache-recipe]"

Resource: it is the basic component of a recipe used to manage the infrastructure with diff kind of states there can be multiple resources in a recipe, which wil help in configuration and managing the infrastructure
eg
Package: tree, httpd
Service: enable, disable, start, stop, status
user: manage the user, create user.
group: create group
template: manage file with embedded ruby template
cookbook-file: transfers the file from the files sub-directory in the cookbook to a location on the node
file: manage the content of a file on the node.
execute: execute a cmd on the node
cron: edit an existing cron file on the node
directory: manages the directory on the node


type of attribute
default
force-default
normal
override
force-override
automatic

if written 2 code same to same, bt 1 is default and another 1 is force-default, so priority of force-default is higher

where we can define attri
Node
cookbook
roles
environments
recipes

Login into amazon linux machine
sudo su
ohai
ohai ipaddress
ohai memory/total
ohai cpu/0/mhz

recipe 3
cd apache-cookbook
chef generate recipe recipe3
cd ..
vi apache-cookbook/recipe/recipe3.rb----------------------------------
file '/home/ec2-user/basicinfo' do
content "This is to get attribute
HOSTNAME: #{node['hostname']}
IPADDRESS: #{node['ipaddress']}
CPU: #{node['cpu']['0']['mhz']}
MEMORY: #{node['memory']['total']}"
action :create
end
----------------------------------

How to execute linux cmd in b/w the recipe

vi test-cookbook/recipe/test-recipe1.rb----------------------------------
execute "run a script" do
command <<-EOH                
mkdir /home/ec2-user/manjeet
touch /home/ec2-user/manjeet/file1
EOH
end
----------------------------------
EOH means end of here of ruby script


vi test-cookbook/recipe/test-recipe2.rb----------------------------------
user "rajput" do
action :create
end
----------------------------------

vi test-cookbook/recipe/test-recipe3.rb----------------------------------
group "common" do
action :create
members 'rajput'
append true
end
----------------------------------
append true     means add in previous one, don't override

what is runlist?, run multiple cookbook recipe in one go
To run the recipes in a sequence order that we mention in a run list
with the process, we can run multiple recipies, but the condition is, there must be only one recipe from one cookbook

chef-client -zr "recipe[test-cookbook::test-recipe],recipe[apache-cookbook::apache-recipe]"

How to include recipe
vi test-cookbook/recipes/default.rb----------------------------------
include_recipe "test-cookbook::test_recipe"
include_recipe "test-cookbook::recipe2"
----------------------------------

chef-client -zr "recipe[test-cookbook::default]"

combine multiple default
chef-client -zr "recipe[test-cookbook::default],recipe[apache-cookbook::default]"
OR
chef-client -zr "recipe[test-cookbook],recipe[apache-cookbook]"


.............................
chef server is going to be a mediator for the code or cookbook

workstation --chef server -- nodes
first create account on chef server
then attach your workstation to chef-server
Now upload your cookbook from workstation to chef- server
apply cookbooks from chef-server to node

search chef.io - create account
go to chef account - check on organization - start kit - download starter kit
open the download content - unzip - chef- repo

cp chef-repo/
ls -a
cd chef/
ls
knife.rb
cat knife.rb
you will get url of chef server
 

scp -i "AWSSingaporeKey.pem" -rP 22 /root/Downloads/chef-repo/ ec2-user@ec2-18-139-222-22.ap-southeast-1.compute.amazonaws.com:/home/ec2-user

knife ssl check        to check if you are connected with chef server or not?

..........................
Bootstrap a Node - Attaching a node to the chef server
during bootstrap chef repo package will copy on nodes, and it will node will also connect to the chef server

How to connect a node the chef server
create nodes in same AZ

Now go to workstation
knife bootstrap node_ip --ssh-user ec2-user --sudo -i node-key.pem -N node1    (node-key.pem in chef-repo folder)
knife bootstrap 172.31.29.224 --ssh-user ec2-user --sudo -i AWSSingaporeKey.pem -N node2
knife bootstrap 172.31.21.197 --ssh-user ec2-user --sudo -i AWSSingaporeKey.pem -N node1

knife node list         to check connected node list

then node will visible on chef UI server also

there is 2 cookbook 1 that created on root or home folder of user
 /home/ec2-user/cookbooks/apache-cookbook/
/home/ec2-user/chef-repo/cookbooks        and another 1 is in chef-repo folder that is downloaded from the chef server

copy folder from the home folder to chef-repo
pwd
/home/ec2-user/chef-repo/cookbooks
mv /home/ec2-user/cookbooks/apache-cookbook/ cookbooks/
mv /home/ec2-user/cookbooks/test-cookbook/ cookbooks/

rm -rf /home/ec2-user/cookbooks/        delete old

.........................................................
Now We have to upload apache-cookbook
knife cookbook upload apache-cookbook

Now to check whether cookbook is uploaded apache-cookbook
knife cookbook list

Now we will attach the recipe, which we would like to run on node
knife node run_list set node1 "recipe[apache-cookbook::apache-recipe]"

knife node show node1                    to check attached recipe
Runlist recipe[apache-cookbook::apache-recipe]

..................................................

Now take access of node1 with the help of ssh
go to chef-client
Now all files would be updated, go to browser, paste public ip of the node, you will get webpage

...........................................................
go to workstation again
vi cookbook/apache-cookbook/recipes/apache-recipe.rb
Now change some content &  
test 2 note added

go again on node1 and run
chef-client

...........................
now, we do not want to call chef-client everytime
we want to automate this process
go to node1

vi /etc/crontab
* * * * * root chef-client

now go to chef-workstation
make some changes
vi cookbook/apache-cookbook/recipes/apache-recipe.rb
test 3 note added

uplaoad on the chef-server
knife cookbook upload apache-cookbook

...............................................

Now create one more node node2
Advance details
#!/bin/bash
sudo su
yum update -y
echo "* * * * * root chef-client" >> /etc/crontab

Now go to workstation and run bootstrap cmd
Now attach cookbook to node run list
Now check in browser node2 shows webpage

.....................................................

To see list of cookbook which are present in chef-server
knife cookbook list

To delete cookbook from chef-server
Knife cookbook delete <cookbook name> -y

To see list of nodes which are present in chef server
knife node list

To delete nodes from chef-server
knife node delete <node name> -y

To see list of clients which are present in chef-server
knife client delete <client name> -y

To see list of roles which are present in chef-server
knife role list

To delete roles from chef-server
knife role delete <role name> -y


Roles------------------------
cd roles

vi devops.rb
name "devops"
description "Web server role"
run_list "recipe[apache-cookbook::apache-recipe]"

Now comeback to chef-repo
Now upload the role on chef-server
knife role from file roles/devops.rb

If you want to see the role created
knife roles list

Now create two instances as node1 & node2 is same AZ as of workstation
Now bootstrap the node

knife bootstrap <private-ip> --ssh-user ec2-user --sudo -i AWSSingaporeKey.pem -N node1
knife bootstrap <private-ip> --ssh-user ec2-user --sudo -i AWSSingaporeKey.pem -N node2
..................................................................

Now connects these nodes to role
knife role list
knife node run_list set node1 "role[devops]"
knife node run_list set node2 "role[devops]"

knife node show node1 / 2

knife cookbook upload apache-cookbook

Now check public-ip of any node in browser

cat cookbook/apache-cookbook/recipes/recipe1.rb

vi roles/devops.rb
name "devops"
description "web server role"
run_list "recipe[apache-cookbook::recipe1]"

knife role from file roles/devops.rb
Now, take access of any node via ssh & check

Now again go to workstation
vi roles/devops.rb
name "devops"
description "web server role"
run_list "recipe[apache-cookbook]"

knife role from file roles/devops.rb
knife cookbook upload apache-cookbook

vi roles devops.rb
name "devops"
description "web server role"
run_list "recipe[apache-cookbook]","recipe[test-cookbook]"

Now upload this role to server

knife role from file roles/devops.rb

knife cookbook upload test-cookbook

vi cookbook/test-cookbook/recipes/test-recipe6.rb
%w (httpd mariadb-server unzip git vim)
.each do |p|

package p do
action :install
end
end

knife cookbook upload test-cookbook

Now go inside any node search git, if you will get git inside node, it means works properly