Permalink
Browse files

made things match up pretty well with old homebase

  • Loading branch information...
1 parent d8ee6f6 commit b05511af4e5320c8e5939ceb4241a27f0b871000 Philip (flip) Kromer committed Feb 15, 2012
No changes.
@@ -0,0 +1,19 @@
+Creating SSL certificates is a common task done in web application infrastructures, so a rake task is provided to generate certificates. These certificates are stored here by the ssl_cert task.
+
+Configure the values used in the SSL certificate by modifying `config/rake.rb`.
+
+To generate a certificate set for a new monitoring server, for example:
+
+ rake ssl_cert FQDN=monitoring.example.com
+
+Once the certificates are generated, copy them into the cookbook(s) where you want to use them.
+
+ cp certificates/monitoring.example.com.* cookbooks/COOKBOOK/files/default
+
+In the recipe for that cookbook, create a `cookbook_file` resource to configure a resource that puts them in place on the destination server.
+
+ cookbook_file '/etc/apache2/ssl/monitoring.example.com.pem'
+ owner 'root'
+ group 'root'
+ mode 0600
+ end
View
View
@@ -0,0 +1,54 @@
+This directory contains the cookbooks used to configure systems in your infrastructure with Chef.
+
+Knife needs to be configured to know where the cookbooks are located with the `cookbook_path` setting. If this is not set, then several cookbook operations will fail to work properly.
+
+ cookbook_path ["./cookbooks"]
+
+This setting tells knife to look for the cookbooks directory in the present working directory. This means the knife cookbook subcommands need to be run in the `chef-repo` directory itself. To make sure that the cookbooks can be found elsewhere inside the repository, use an absolute path. This is a Ruby file, so something like the following can be used:
+
+ current_dir = File.dirname(__FILE__)
+ cookbook_path ["#{current_dir}/../cookbooks"]
+
+Which will set `current_dir` to the location of the knife.rb file itself (e.g. `~/chef-repo/.chef/knife.rb`).
+
+Configure knife to use your preferred copyright holder, email contact and license. Add the following lines to `.chef/knife.rb`.
+
+ cookbook_copyright "Example, Com."
+ cookbook_email "cookbooks@example.com"
+ cookbook_license "apachev2"
+
+Supported values for `cookbook_license` are "apachev2", "mit","gplv2","gplv3", or "none". These settings are used to prefill comments in the default recipe, and the corresponding values in the metadata.rb. You are free to change the the comments in those files.
+
+Create new cookbooks in this directory with Knife.
+
+ knife cookbook create COOKBOOK
+
+This will create all the cookbook directory components. You don't need to use them all, and can delete the ones you don't need. It also creates a README file, metadata.rb and default recipe.
+
+You can also download cookbooks directly from the Opscode Cookbook Site. There are two subcommands to help with this depending on what your preference is.
+
+The first and recommended method is to use a vendor branch if you're using Git. This is automatically handled with Knife.
+
+ knife cookbook site install COOKBOOK
+
+This will:
+
+* Download the cookbook tarball from cookbooks.opscode.com.
+* Ensure its on the git master branch.
+* Checks for an existing vendor branch, and creates if it doesn't.
+* Checks out the vendor branch (chef-vendor-COOKBOOK).
+* Removes the existing (old) version.
+* Untars the cookbook tarball it downloaded in the first step.
+* Adds the cookbook files to the git index and commits.
+* Creates a tag for the version downloaded.
+* Checks out the master branch again.
+* Merges the cookbook into master.
+* Repeats the above for all the cookbooks dependencies, downloading them from the community site
+
+The last step will ensure that any local changes or modifications you have made to the cookbook are preserved, so you can keep your changes through upstream updates.
+
+If you're not using Git, use the site download subcommand to download the tarball.
+
+ knife cookbook site download COOKBOOK
+
+This creates the COOKBOOK.tar.gz from in the current directory (e.g., `~/chef-repo`). We recommend following a workflow similar to the above for your version control tool.
View
View
No changes.
View
@@ -0,0 +1,63 @@
+Data Bags
+---------
+
+This directory contains directories of the various data bags you create for your infrastructure. Each subdirectory corresponds to a data bag on the Chef Server, and contains JSON files of the items that go in the bag.
+
+First, create a directory for the data bag.
+
+ mkdir data_bags/BAG
+
+Then create the JSON files for items that will go into that bag.
+
+ $EDITOR data_bags/BAG/ITEM.json
+
+The JSON for the ITEM must contain a key named "id" with a value equal to "ITEM". For example,
+
+ {
+ "id": "foo"
+ }
+
+Next, create the data bag on the Chef Server.
+
+ knife data bag create BAG
+
+Then upload the items in the data bag's directory to the Chef Server.
+
+ knife data bag from file BAG ITEM.json
+
+
+Encrypted Data Bags
+-------------------
+
+Added in Chef 0.10, encrypted data bags allow you to encrypt the contents of your data bags. The content of attributes will no longer be searchable. To use encrypted data bags, first you must have or create a secret key.
+
+ openssl rand -base64 512 > secret_key
+
+You may use this secret_key to add items to a data bag during a create.
+
+ knife data bag create --secret-file secret_key passwords mysql
+
+You may also use it when adding ITEMs from files,
+
+ knife data bag create passwords
+ knife data bag from file passwords data_bags/passwords/mysql.json --secret-file secret_key
+
+The JSON for the ITEM must contain a key named "id" with a value equal to "ITEM" and the contents will be encrypted when uploaded. For example,
+
+ {
+ "id": "mysql",
+ "password": "abc123"
+ }
+
+Without the secret_key, the contents are encrypted.
+
+ knife data bag show passwords mysql
+ id: mysql
+ password: 2I0XUUve1TXEojEyeGsjhw==
+
+Use the secret_key to view the contents.
+
+ knife data bag show passwords mysql --secret-file secret_key
+ id: mysql
+ password: abc123
+
No changes.
View
View
@@ -0,0 +1,16 @@
+Create roles here, in either the Role Ruby DSL (.rb) or JSON (.json) files. To install roles on the server, use knife.
+
+For example, create `roles/base_example.rb`:
+
+ name "base_example"
+ description "Example base role applied to all nodes."
+ # List of recipes and roles to apply. Requires Chef 0.8, earlier versions use 'recipes()'.
+ #run_list()
+ # Attributes applied if the node doesn't have it set already.
+ #default_attributes()
+ # Attributes applied no matter what the node has set already.
+ #override_attributes()
+
+Then upload it to the Chef Server:
+
+ knife role from file roles/base_example.rb
View
@@ -0,0 +1,6 @@
+## vendor/ -- actual checkouts of cookbooks &c
+
+* `infochimps/` - cookbooks maintained by infochimps (either originated us or heavily modified)
+* `opscode/` - the opscode community cookbooks collection. By default a git submodule checkout of http://github.com/infochimps-labs/opscode-cookbooks. This repo tracks the opscode repo but has some relevant fixes applied.
+
+All of the cookbooks you see here are those infochimps uses in production at time of commit. After doing a `git submodule update --init`, you can check out your own fork and git will magically track that instead.

0 comments on commit b05511a

Please sign in to comment.