Chef for fun and maybe some profit

Upon joining my new company last month I came into the perfect env of empty servers and all the freedom I wanted. I had been testing Cobbler https://fedorahosted.org/cobbler/ and Chef http://wiki.opscode.com/display/chef/Home over the last month as a replacement for my home grown build system. Well the joy of testing on virtual systems did not truly expose me to the joys of deploying chef in a closed system. I designed the environment to not be reaching outside of our network for anything and chef did not like that, but it turned out to be OK after lots and lots of fun.

Upon joining my new company last month I came into the perfect env of empty servers and all the freedom I wanted. I had been testing Cobbler https://fedorahosted.org/cobbler/ and Chef http://wiki.opscode.com/display/chef/Home the previous month at my at Tagged, Inc as a replacement for my home grown build system that had been implemented there and at Pay By Touch. Well the joy of testing on virtual systems did not truly expose me to the joys of deploying chef in a closed environment. As any security minded person would do I designed the new environment to not allow reaching outside of the local network for anything and chef did not like that, but it turned out to be OK after lots and lots of fun.

My cobbler server is providing a local mirror of http://elff.bravenet.com/, and I have pulled down the current bootstrap file to my cobbler system Apache server.

In the package section of my company_base.ks file, I include

rubygem-chef

Based on notes I found for puppet install I created a snippet in my cobbler install:

Then to prep for install of chef client this is run before the %post section in my company_base.ks file
$SNIPPET(‘company_chef_chroot’)

[jmiller@cobbler ~]$ cat /var/lib/cobbler/snippets/company_chef_nochroot

# Make sure we have network stuff in place so when we register with the server all is well

%post --nochroot
# Copy netinfo, which has our FQDN from DHCP, into the chroot
test -f /tmp/netinfo && cp /tmp/netinfo /mnt/sysimage/tmp/

This snippet in my company_base.ks file installs, validates, and first runs the chef client
$SNIPPET(‘rdio_chef_client’)

[jmiller@cobbler ~]$ cat /var/lib/cobbler/snippets/company_chef_client

# In this script we actually install the client

cat < /root/solo.rb
file_cache_path "/tmp/chef-solo"
cookbook_path "/tmp/chef-solo/cookbooks"
EOF

cat < /root/chef.json
{
"chef": {
"server_fqdn": "chef.int.company"
},
"packages": {
"dist_only": true
},
"recipes": "chef::client"
}
EOF

cat < /root/client.json
{
"run_list": ["role[COMPANY_BASE]"]
}
EOF

# Configure the Env
echo "Installing Chef Bootstrap"
cd /root/
chef-solo -c solo.rb -j chef.json -r http://chef.int.company/bootstrap-0.7.8.tar.gz
cd -

# register with the server
echo "Register with Chef"
chef-client -t "myAuthToken" -j /root/client.json

chef-client
[jmiller@cobbler ~]$

My COMPANY_BASE role in chef was lacking a few recipes and threw me for a huge loop.

recipes in COMPANY_BASE ( chef chef::client sudo screen ntp openssh snmp git )


[root@srv-101-25 ~]# chef-client -l debug -j /root/client.json
/usr/lib/ruby/gems/1.8/gems/chef-0.7.8/lib/chef/recipe.rb:200:in `method_missing': Cannot find Chef::Resource::DistOnly? for dist_only? (NameError)
Original: undefined method `DistOnly?' for Chef::Resource:Class

After a lot of troubleshooting with Joshua Timberman of Opsec we found out that I needed two more recipes ( packages & runit ), turns out this is limit with RPM based systems and caused me a lot of hurt.

Sites I owe a lot of thank you to:
http://wiki.opscode.com/display/chef/Home
https://fedorahosted.org/cobbler/
http://reductivelabs.com/trac/puppet/wiki/BootstrappingWithPuppet
http://wiki.opscode.com/display/chef/Installation+on+RHEL+and+CentOS+5+with+RPMs

Leave a Reply

Your email address will not be published. Required fields are marked *