Culinary Tricks, Part One (Chef)
After a recent introductory publication about Chef, I decided to talk a bit more about useful recipes:
Sometimes we have to configure our machines not on the basis of internal Chef attributes, but on the basis of the configuration provided by the third-party service (which Chef puts again).
In this case, this trick will help us: we describe the resource and launch it at the stage of the description of the recipe.
')
This is useful, for example, if we store some of the data in LDAP. Then we must first install and configure the openldap client through Chef, put the necessary gem to get the necessary data from LDAP, and then this data can be used directly in the recipe.
After upgrading to Chef 0.8.6, we found that the client authentication method has changed a lot.
Now, to perform the standard bootstrap, we need to put the /etc/chef/validation.pem file in / etc / chef (for taking from the server from there) before the first chef-client.
After that, the client will be able to automatically validate himself and obtain his / her own certificate /etc/chef/client.pem.
Do not forget to update the chef recipe, the config directories and the main rakefile in your Chef repository.
Since many cookbooks are on GitHub, you can find a lot of useful information by running around the forks of the same github.com/opscode/cookbooks .
If possible, try to let your recipes go free floating.
If you have configured Chef using the default initialization style runit , the chef-server does not respond correctly to the
This is solved by adding a file.
/ etc / sv / chef-server / control / t (0755) with the following content:
Applications without errors do not exist. Therefore, they need to be monitored, for which such tools as runit, monit, god, munin, cacti, nagios, zabbix etc. are useful. But I would also like to draw your attention to Bluepill , as a replacement for the monit and god services.
We use external configurators
Sometimes we have to configure our machines not on the basis of internal Chef attributes, but on the basis of the configuration provided by the third-party service (which Chef puts again).
In this case, this trick will help us: we describe the resource and launch it at the stage of the description of the recipe.
')
This is useful, for example, if we store some of the data in LDAP. Then we must first install and configure the openldap client through Chef, put the necessary gem to get the necessary data from LDAP, and then this data can be used directly in the recipe.
Go to Chef 0.8
After upgrading to Chef 0.8.6, we found that the client authentication method has changed a lot.
Now, to perform the standard bootstrap, we need to put the /etc/chef/validation.pem file in / etc / chef (for taking from the server from there) before the first chef-client.
After that, the client will be able to automatically validate himself and obtain his / her own certificate /etc/chef/client.pem.
Do not forget to update the chef recipe, the config directories and the main rakefile in your Chef repository.
Many cookbooks
Since many cookbooks are on GitHub, you can find a lot of useful information by running around the forks of the same github.com/opscode/cookbooks .
If possible, try to let your recipes go free floating.
Correctly restarted chef-server
If you have configured Chef using the default initialization style runit , the chef-server does not respond correctly to the
sv restart chef-server command.This is solved by adding a file.
/ etc / sv / chef-server / control / t (0755) with the following content:
#/bin/sh exec 2>&1 /usr/bin/sv interrupt chef-server We follow the services
Applications without errors do not exist. Therefore, they need to be monitored, for which such tools as runit, monit, god, munin, cacti, nagios, zabbix etc. are useful. But I would also like to draw your attention to Bluepill , as a replacement for the monit and god services.
Source: https://habr.com/ru/post/87324/
All Articles