Skip to content
/ fromscratch Public

A base chef-repo with a solo config to setup the workstation

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

hh/fromscratch

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
.chef
.chef
 
 
cookbooks
cookbooks
 
 
data_bags
data_bags
 
 
ingredients
ingredients
 
 
roles
roles
 
 
sample_ingredents
sample_ingredents
 
 
shelf/fromscratch
shelf/fromscratch
 
 
Gemfile
Gemfile
 
 
README.md
README.md
 
 

Repository files navigation

Description

To start using a Chef server with Amazon EC2 requires a bit of configuration. You need all your ec2 credentials, pem files, environment vars, then you need your chef organization and a chef user. I wanted to make it easier to share these credentials as a single data_bag each.

This is a base repo that uses contains no cookbooks, roles, or data_bags. However it does contain a chef-solo config in .chef/fromscratch.rb that will setup the ec2, ssh, chef-organization, and chef-user credentials for the workstation.

It uses an ingredients folder instead of the data_bag folder for the chef-solo run.

  • ./ingredients/aws_accounts/FOO.json
  • ./ingredients/chef_organizations/BAR.json
  • ./ingredients/chef_users/BAZ.json

It uses the shelf folder instead of the cookbooks folder to contain the 'fromscratch' recipe.

chef-solo -c .chef/fromscratch.rb is run to generate your .chef/knife.rb, including everything needed to use knife ec2 server create and spiceweasel infrastructure.yml

Requirements

Ruby, bundler, and the from scratch ingredient data_bags populated.

Data Bags / Ingredients

The .chef/fromscratch.rb config uses the ingredients folder as it's databag source. The 'fromscratch' recipe includes a 'library/search.rb' which allows for searching these data bags from chef-solo.

There should be one file in each of the igredients folders. They are data bags that will drive the creation of the various chef/ec2 environment, pem and knife.rb files.

To store CERTIFICATES and RSA/PRIVATE KEYS, you need to put them in a string format:

$ ruby -e "puts open('path/to/aws_cert.pem').read.inspect"
"-----BEGIN CERTIFICATE-----\n7BOm5NuhFxcYClSX6BDx\nTMokSkfpZlazw1taiu3s0hvcATbwRqtUm+iaD5kZlc5o/H4HrpfQQS+NSnh7oET7\nvvnm38h+UYxhgcLVBIYyWfZLvo0o2ir9/xmIhCjIlpcW9yPPx4cgyu9ICmDAiew8\nKTvUTv81spOC+QIDAQo8qv5OZ9wQmJ3IrzgNa5ABo1cwVTAOBgNVHQ8BAf8EBAMCBaAwFgYDVR0lAQH/BAww\nCgYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUyGa6KfSA1RR1kbAB\n3B9zbWuk9KIwDQYJKoZIhvcNAQEFBQADgYEAi0slT2Eik298lweEsDkz5irDLu2E\nUSJ+yO50gDAN5sNSoMNRuQu147SDhiNVW7Ev8aodJlivRyJ0KYHucaACrASLx0Na\nrl9QD20fbGvHqG3e8yLGHYfqJ1Sg4LzZHfyzQ2bmLvCI\nXSdH/GvDdWEE9xE=r0cVvmMA0GCSqGSIb3DQMIICdzCCAeCgAwIBAgIGAPEBBQUAMFMxCzAJBgNVBAYT\nAlVTMRMwEQYDVQQKEwpBbWF6b24uY29tMQwwCgYDVQQLEwNBV1MxITAfBgNVBAMT\nGEFXUyBMaW1pdGVkLUFzc3VyYW5jZSBDQTAeFw0xMTA0MDIxMzE3MzRaFw0xMjA0\nMDExMzE3MzRaMFIxCzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpBbWF6b24uY29tMRcw\nFQYDVQQLEw5BV1MtRGV2ZWxvcGVyczEVMBMGA1UEAxMMeTJlNm5lczZ3Y3VvMIGf\nMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCDeYryRZNi\n-----END CERTIFICATE-----\n"

Cut and paste the output as the values to keys needing them.

aws_accounts

./ingredients/aws_accounts/myaccount.json

{
    "id": "myaccount",
    "username": "myaccount@mycompany.com",
    "password": "aeteewiengahghohngiunaifooceunub",
    "aws_account_id": "3839299583892910",
    "aws_access_key_id": "GAHGHOHNGIUNAIFOOCEUNUB",
    "aws_secret_access_key": "anongahquaedooyuoheetheithiedoht",
    "aws_ssh_key_id": "myaccount",
    "aws_ssh_private_key": "-----BEGIN RSA PRIVATE KEY-----\r\nsufZWfZst....\r\n-----END RSA PRIVATE KEY-----",
    "aws_private_key": "-----BEGIN PRIVATE KEY-----\r\nsufZWfZst....\r\n-----END PRIVATE KEY-----",
    "aws_certificate": "-----BEGIN CERTIFICATE-----\r\nsufZWfZst....\r\n-----END CERTIFICATE-----"
}

chef_organizations

./ingredients/chef_organizations/myorg.json

{ 
  "id": "myorg",
  "chef_server": "https://api.opscode.com/organizations/myorg",
  "validation_client_name": "myorg-validator",
  "validation_key": "-----BEGIN RSA PRIVATE KEY-----\n\nsufZWfZst....\r\n-----END RSA PRIVATE KEY-----"
}

chef_users

./ingredients/chef_users/myuser.json

{ 
  "id": "myuser",
  "private_key": "-----BEGIN RSA PRIVATE KEY-----\nMfWfZst....\r\n-----END RSA PRIVATE KEY-----"
}

Attributes

If you have more than one aws_account, chef_organization, or chef_user, the first one returned from a search will be the one used.

node['fromscratch']['aws_account'] = '*'
node['fromscratch']['chef_organization'] = '*'
node['fromscratch']['chef_user'] = '*'
search(:aws_account,"id:#{node['fromscratch']['aws_account']}")

To override this, put a fromscratch.json in your .chef dir that sets which one you'd like to use:

{
    "fromscratch":{
        "chef_organization": "org-number3",
        "chef_user": "user-number2",
        "aws_account": "aws-account-number4"
    },
    "run_list":[
        "recipe[fromscratch]"
    ]
}

Usage

Fork and clone this repo as a starting point.

Populate ingredients/*/*json but do not upload them anywhere, they will contain all your secrets.

bundle install
bundle exec chef-solo -c .chef/fromscratch.rb
bundle exec knife cookbook upload -a

About

A base chef-repo with a solo config to setup the workstation

Resources

Readme
Activity

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages