Chef - Quickref (using chef-zero and knife-zero)

refined and focused quickref for chef-zero and knife-zero.

install Chef on workstation

use one of 2 options:

create devops user on remote node

(local)$ ssh root@<remote-ip>
(remote)# useradd devops -m -s /bin/bash -G sudo
(remote)# passwd devops
(remote)# exit

don’t create application user (say, billing) now

application user should be created by application cookbook.

Each app should run under its own system user.

add new SSH host to ~./ssh/config

host itself and user must be equal to the name of application you’re going to deploy on that host (billing here). if it’s necessary to deploy another application on the same host create a separate SSH host with the name of new application.


Host billing
 User billing
 Hostname LINODE_IP
 IdentityFile ~/.ssh/id_rsa
 ForwardAgent yes

to login as devops user specify him explicitly: ssh devops@billing (don’t use devops user in SSH config entry so that application user is used by default).

also when bootstrapping and converging SSH user (devops) is specified explicitly in .chef/knife.rb config with knife[:ssh_user] option.

don’t add public keys to authorized keys files now

public keys should be added to ~/.ssh/authorized_keys files of both application and devops users by ssh_authorized_keys cookbook.

bootstrap remote node

(local)$ knife zero bootstrap billing --node-name billing
/ enter devops password twice (for login and sudo command)

for login and running sudo command.

here first billing is a host name from SSH config.

if you don’t specify node name explicitly, FQDN will be used by default - this is the name by which node is registered in a chef-zero server.

2 files will be created after bootstrapping:

NOTE: you cannot change node name by renaming node file and changing the name inside this file - node name is also stored in /etc/chef/client.rb on remote node: if you change it locally new node file with the name from /etc/chef/client.rb will be created after converging (its run_list will be empty).

create production environment

(local)$ knife environment create production

environments/production.json file will be created with the following content:

  "name": "production"

this file can be created manually of course.

it doesn’t matter much what the name of production environment is - be it production or prod. these names are mostly used internally when passing attributes for different environments between cookbooks.

still stick to prod name when you are going to create application cookbook for Phoenix project inside this Chef repo and production

add application cookbook default recipe to node run list

(local)$ knife node run_list add billing 'recipe[app_billing]'

converge remote node

(local)$ knife node environment_set billing prod
(local)$ berks vendor
(local)$ knife zero converge 'name:billing'
/ enter devops password twice (on first converge only)

berks vendors cookbooks to berks-cookbooks/ by default (both community and application cookbooks) and knife when converging searches exactly in this directory as specified in .chef/knife.rb:

cookbook_path ['berks-cookbooks']

update attribute whitelist (if necessary)