SlideShare a Scribd company logo

Chef training - Day3

Download as ODP, PDF
Andriy Samilyak, profile picture
Andriy Samilyak

The document outlines key concepts related to deploying applications using Chef, focusing on resources like file, cookbook_file, and managing user access through htpasswd and data bags. It includes steps for setting up password protection on a web server, using Berkshelf for cookbook management, and implementing user authentication with private data stored in JSON format. The document also emphasizes the importance of scalable configurations and user management through Chef's search API.

TechnologySelf Improvement
1 of 25
Downloaded 48 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
Начала DevOps: Opscode Chef Day 3 Andriy Samilyak samilyak@gmail.com skype: samilyaka
Goals ● New resources: file, cookbook_file ● Berkshelf ● DataBags ● Deployment with Chef ● Environments
Password protection We need to close our site by login/password in order to keep it private admin/password
Password protection HTTP Basic Authentication <Directory <%= node['apache']['docroot_dir'] %>/> Options Indexes FollowSymLinks MultiViews AllowOverride None AuthType Basic AuthName "Restricted Files" AuthBasicProvider file AuthUserFile <%= node['apache']['dir'] %>/htpasswd Require valid-user </Directory> Copy/paste from http://goo.gl/6sEYT5
htpasswd We need this contents to be in node['apache']['dir']/htpasswd admin:$apr1$ejZO6aAi$9zUZFyNxkX7pHOfqnjs8/0 Copy/paste from http://goo.gl/6sEYT5
Google it! 'chef resource file'
Putting file to server #1 ../cookbooks/webserver/recipes/default.rb file "#{node['apache']['dir']}/htpasswd" do owner 'root' group node['apache']['root_group'] mode '0644' backup false content "admin: $apr1$ejZO6aAi$9zUZFyNxkX7pHOfqnjs8/0" end
Putting file to server #2 ● 'content' attribute is not really scalable – what if we need 2Kb of text inside? ● Lets first comment out with # content attribute ● create file ../cookbooks/webserver/files/default/htpasswd ● and put root (not admin!) and password hash to it ● Change resource from 'file' to 'cookbook_file'
Putting file to server #2 ../cookbooks/webserver/recipes/default.rb cookbook_file "#{node['apache']['dir']}/htpasswd" do owner 'root' group node['apache']['root_group'] mode '0644' backup false end
Welcome Berks-way! gem install berkshelf Test it with “berks -v” -------------------------------------------------------------On Windows you'll need to add to chefrepo/.berkshelf/config.json: "ssl": { "verify": false }
Move out community cookbooks ● Add a line to Berksfile: cookbook “cookbook” path: cookbooks/webserver ● berks install ← download cookbook to local folder ● berks upload ← upload cookbooks to Chef Server ● remove 'apache2' folder from chef_repo Where is cookbook now anyway?
Well done! Lets put it to git git commit -a -m “Initial commit” git push origin master
Berks locations ● site: cookbook "artifact", site: "http://cookbooks.opscode.com/api/v1/cookbooks" cookbook "artifact", site: :opscode ● git: cookbook "mysql", git: "https://github.com/opscodecookbooks/mysql.git", branch: "foodcritic"
Lets do it better now! https://github.com/Youscribe/htpasswdcookbook Goal: specify user/pass with cookbook attributes Copy/paste from http://goo.gl/6sEYT5
New cookbook in Berksfile cookbook "htpasswd", git: https://github.com/Youscribe/htpasswdcookbook.git
Example: htpasswd "/etc/apache2/htpasswd" do user node['webserver']['auth_user'] password node['webserver']['auth_pass'] end
Htpasswd - review ● webserver/metadata.rb: add dependency ● recipes/default.rb: add resource httpasswd ● attributes/default.rb: add two attributes ● berks update & berks upload
Managing users access Site User1/pass User2/pass User3/pass Site Backend User1/pass User3/pass Store Backend User3/pass
DataBags ● Reusable data containers ● JSON ● Search API
Managing user access - Plan ● Keep user/pass with granted nodes ● Find all users for current node ● Generate htpasswd by adding hash for each user
DataBags as files chef_repo data_bags htpasswd user1.json user2.json user3.json
user1.json { "id": "user1", "pass": "password", "nodes" : ["yournode1", "yournode2"] }
Data bag CLI knife data bag create htpasswd knife data bag from file htpasswd user1.json knife data bag from file htpasswd data_bags/htpasswd/* knife search htpasswd "(id:user1)" knife search htpasswd "(nodes:yournode)"
Search API search(:htpasswd, "nodes:#{node.name}") do |user| #add line to file user['pass'] end
Just an example of solution... file "#{node['apache']['dir']}/htpasswd" do action :delete end search(:htpasswd, "nodes:#{node.name}") do |user| htpasswd "#{node['apache']['dir']}/htpasswd" do user user['id'] password user['pass'] notifies :reload, 'service[apache2]' end end

More Related Content

ODP
Chef training Day5
Andriy Samilyak
 
ODP
Chef training Day4
Andriy Samilyak
 
ODP
Chef training - Day2
Andriy Samilyak
 
PDF
Infrastructure = Code
Georg Sorst
 
PPTX
NLIT 2011: Chef & Capistrano
nickblah
 
KEY
Cooking with Chef
Ken Robertson
 
PDF
Getting Started with Ansible
Ahmed AbouZaid
 
PPTX
Cook Infrastructure with chef -- Justeat.IN
Rajesh Hegde
 
Chef training Day5
Andriy Samilyak
 
Chef training Day4
Andriy Samilyak
 
Chef training - Day2
Andriy Samilyak
 
Infrastructure = Code
Georg Sorst
 
NLIT 2011: Chef & Capistrano
nickblah
 
Cooking with Chef
Ken Robertson
 
Getting Started with Ansible
Ahmed AbouZaid
 
Cook Infrastructure with chef -- Justeat.IN
Rajesh Hegde
 

What's hot (20)

PDF
Cookbook testing with KitcenCI and Serverrspec
Daniel Paulus
 
PDF
Docker Docker Docker Chef
Sean OMeara
 
PPTX
Orchestration? You Don't Need Orchestration. What You Want is Choreography.
Julian Dunn
 
PPTX
What Makes a Good Chef Cookbook? (May 2014 Edition)
Julian Dunn
 
PDF
Introduction to chef framework
morgoth
 
PDF
Practical Chef and Capistrano for Your Rails App
SmartLogic
 
PDF
Frontend JS workflow - Gulp 4 and the like
Damien Seguin
 
PDF
Chef infrastructure as code - paris.rb
Nicolas Ledez
 
PDF
Automating your workflow with Gulp.js
Bo-Yi Wu
 
PDF
Deploying Rails Apps with Chef and Capistrano
SmartLogic
 
PPTX
DevOps Hackathon: Session 3 - Test Driven Infrastructure
Antons Kranga
 
PDF
Ansible introduction - XX Betabeers Galicia
Juan Diego Pereiro Arean
 
PPTX
Vagrant introduction for Developers
Antons Kranga
 
PDF
Using Test Kitchen for testing Chef cookbooks
Timur Batyrshin
 
PDF
A quick intro to Ansible
Dan Vaida
 
PDF
Infrastructure = code - 1 year later
Christian Ortner
 
PPTX
Ansible intro
Hsi-Kai Wang
 
PDF
Cookbook refactoring & abstracting logic to Ruby(gems)
Chef Software, Inc.
 
PDF
Cloud Automation with Opscode Chef
Sri Ram
 
PPTX
DevOps Hackathon - Session 1: Vagrant
Antons Kranga
 
Cookbook testing with KitcenCI and Serverrspec
Daniel Paulus
 
Docker Docker Docker Chef
Sean OMeara
 
Orchestration? You Don't Need Orchestration. What You Want is Choreography.
Julian Dunn
 
What Makes a Good Chef Cookbook? (May 2014 Edition)
Julian Dunn
 
Introduction to chef framework
morgoth
 
Practical Chef and Capistrano for Your Rails App
SmartLogic
 
Frontend JS workflow - Gulp 4 and the like
Damien Seguin
 
Chef infrastructure as code - paris.rb
Nicolas Ledez
 
Automating your workflow with Gulp.js
Bo-Yi Wu
 
Deploying Rails Apps with Chef and Capistrano
SmartLogic
 
DevOps Hackathon: Session 3 - Test Driven Infrastructure
Antons Kranga
 
Ansible introduction - XX Betabeers Galicia
Juan Diego Pereiro Arean
 
Vagrant introduction for Developers
Antons Kranga
 
Using Test Kitchen for testing Chef cookbooks
Timur Batyrshin
 
A quick intro to Ansible
Dan Vaida
 
Infrastructure = code - 1 year later
Christian Ortner
 
Ansible intro
Hsi-Kai Wang
 
Cookbook refactoring & abstracting logic to Ruby(gems)
Chef Software, Inc.
 
Cloud Automation with Opscode Chef
Sri Ram
 
DevOps Hackathon - Session 1: Vagrant
Antons Kranga
 
Ad

Viewers also liked (19)

PDF
Osaaminen uuden yrityksen johtajan näkökulmasta
Marko Taipale
 
PDF
Powerful Ways To End Emails and Blog Posts
Steve Williams
 
PPT
Proxecto 6º o medio no que vivimos
David Paz
 
PDF
NLP meetup 2016.10.05 - Szekeres Péter: Neticle
Zoltan Varju
 
PDF
Presentation1
Scaff-Plan Pty Ltd
 
PPT
Универсальный энергосберегающий режущий аппарат
kulibin
 
PDF
קורס מגיק למפתחים
Noam_Shalem
 
PPTX
Some Notes On "Inclusion" - Pat Kane for Creative Scotland
www.patkane.global
 
PDF
Ux paper prototyping
Grace Ng
 
PDF
Philadelphia Best Places to Work Roadshow | OpenTable
Glassdoor
 
PDF
Daily Newsletter: 16th December, 2010
Fullerton Securities
 
PDF
Chef training - Day1
Andriy Samilyak
 
PPTX
How effective is the combination of your main
xxcloflo13xx
 
PPT
производство биомелиоранта
kulibin
 
PPTX
Nuevas tecnologías de la
Michelle
 
PPT
Customer service communities
Enterprise Hive
 
PPT
EVALUATION QUESTION: 05
1234personal4321
 
PDF
Communitymanager
Mizarvega
 
PPTX
Wykładzina vol. 14 Teatr Narodowy Opera Narodowa
Wykładzina - spotkania profesjonalistów komunikacji
 
Osaaminen uuden yrityksen johtajan näkökulmasta
Marko Taipale
 
Powerful Ways To End Emails and Blog Posts
Steve Williams
 
Proxecto 6º o medio no que vivimos
David Paz
 
NLP meetup 2016.10.05 - Szekeres Péter: Neticle
Zoltan Varju
 
Presentation1
Scaff-Plan Pty Ltd
 
Универсальный энергосберегающий режущий аппарат
kulibin
 
קורס מגיק למפתחים
Noam_Shalem
 
Some Notes On "Inclusion" - Pat Kane for Creative Scotland
www.patkane.global
 
Ux paper prototyping
Grace Ng
 
Philadelphia Best Places to Work Roadshow | OpenTable
Glassdoor
 
Daily Newsletter: 16th December, 2010
Fullerton Securities
 
Chef training - Day1
Andriy Samilyak
 
How effective is the combination of your main
xxcloflo13xx
 
производство биомелиоранта
kulibin
 
Nuevas tecnologías de la
Michelle
 
Customer service communities
Enterprise Hive
 
EVALUATION QUESTION: 05
1234personal4321
 
Communitymanager
Mizarvega
 
Wykładzina vol. 14 Teatr Narodowy Opera Narodowa
Wykładzina - spotkania profesjonalistów komunikacji
 
Ad

Similar to Chef training - Day3 (20)

PDF
IT Automation with Chef
Anuchit Chalothorn
 
PDF
Chef - Administration for programmers
mrsabo
 
PDF
Chef Fundamentals Training Series Module 6: Roles, Environments, Community Co...
Chef Software, Inc.
 
PDF
Chef
Will Sterling
 
PPTX
London Community Summit 2016 - Fresh New Chef Stuff
Chef
 
PPTX
Chef introduction
FENG Zhichao
 
PDF
Node setup, resource, and recipes - Fundamentals Webinar Series Part 2
Chef
 
PDF
Introduction to Cooking with Chef
John Osborne
 
PDF
MadridDevops September 2014: "From chef09 to chef11, one approach to devops"
Antonio Peña
 
PPTX
Chef advance
Ramesh Sencha
 
PPTX
Chef advance
Ramesh Sencha
 
KEY
Chef 0.8, Knife and Amazon EC2
Robert Berger
 
PDF
Introduction to Chef - April 22 2015
Jennifer Davis
 
PDF
Cooking Perl with Chef: Real World Tutorial with Jitterbug
David Golden
 
PDF
Cloud Automation with Opscode Chef
Sri Ram
 
PDF
Chef conf-2014
Jamie Winsor
 
PDF
The Berkshelf Way
Chef Software, Inc.
 
PPTX
Chef + AWS + CodeIgniter
ciconf
 
PPTX
Kickstarter - Chef Opswork
Hamza Waqas
 
PPTX
Chef Jumpstart
Kimball Johnson
 
IT Automation with Chef
Anuchit Chalothorn
 
Chef - Administration for programmers
mrsabo
 
Chef Fundamentals Training Series Module 6: Roles, Environments, Community Co...
Chef Software, Inc.
 
Chef
Will Sterling
 
London Community Summit 2016 - Fresh New Chef Stuff
Chef
 
Chef introduction
FENG Zhichao
 
Node setup, resource, and recipes - Fundamentals Webinar Series Part 2
Chef
 
Introduction to Cooking with Chef
John Osborne
 
MadridDevops September 2014: "From chef09 to chef11, one approach to devops"
Antonio Peña
 
Chef advance
Ramesh Sencha
 
Chef advance
Ramesh Sencha
 
Chef 0.8, Knife and Amazon EC2
Robert Berger
 
Introduction to Chef - April 22 2015
Jennifer Davis
 
Cooking Perl with Chef: Real World Tutorial with Jitterbug
David Golden
 
Cloud Automation with Opscode Chef
Sri Ram
 
Chef conf-2014
Jamie Winsor
 
The Berkshelf Way
Chef Software, Inc.
 
Chef + AWS + CodeIgniter
ciconf
 
Kickstarter - Chef Opswork
Hamza Waqas
 
Chef Jumpstart
Kimball Johnson
 

More from Andriy Samilyak (12)

PPTX
Kaizen Magento Support - 2
Andriy Samilyak
 
ODP
Kaizen Magento support
Andriy Samilyak
 
PDF
Amazon Cognito + Lambda + S3 + IAM
Andriy Samilyak
 
PPTX
MageClinic: Affiliative program
Andriy Samilyak
 
PPTX
Magento - choosing Order Management SaaS
Andriy Samilyak
 
PPTX
TOCAT Introduction (English)
Andriy Samilyak
 
PPTX
TOCAT Introduction
Andriy Samilyak
 
ODP
Как мы играли в DevOps и как получился Magento Autoscale
Andriy Samilyak
 
ODP
Magento autoscaling
Andriy Samilyak
 
ODP
DevOps in realtime
Andriy Samilyak
 
ODP
Synthetic web performance testing with Selenium
Andriy Samilyak
 
ODP
DevOps в реальном времени
Andriy Samilyak
 
Kaizen Magento Support - 2
Andriy Samilyak
 
Kaizen Magento support
Andriy Samilyak
 
Amazon Cognito + Lambda + S3 + IAM
Andriy Samilyak
 
MageClinic: Affiliative program
Andriy Samilyak
 
Magento - choosing Order Management SaaS
Andriy Samilyak
 
TOCAT Introduction (English)
Andriy Samilyak
 
TOCAT Introduction
Andriy Samilyak
 
Как мы играли в DevOps и как получился Magento Autoscale
Andriy Samilyak
 
Magento autoscaling
Andriy Samilyak
 
DevOps in realtime
Andriy Samilyak
 
Synthetic web performance testing with Selenium
Andriy Samilyak
 
DevOps в реальном времени
Andriy Samilyak
 

Recently uploaded (20)

PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PDF
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
PDF
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PPTX
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PDF
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
Modernizing your data center with Dell and AMD
Principled Technologies
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
Teaching material agriculture food technology
LiaRayya
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
A Presentation on Artificial Intelligence
memembruh336
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
Cloud computing and distributed systems.
kkkkkhan
 
Modernizing your data center with Dell and AMD
Principled Technologies
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 

Chef training - Day3

  • 1. Начала DevOps: Opscode Chef Day 3 Andriy Samilyak samilyak@gmail.com skype: samilyaka
  • 2. Goals ● New resources: file, cookbook_file ● Berkshelf ● DataBags ● Deployment with Chef ● Environments
  • 3. Password protection We need to close our site by login/password in order to keep it private admin/password
  • 4. Password protection HTTP Basic Authentication <Directory <%= node['apache']['docroot_dir'] %>/> Options Indexes FollowSymLinks MultiViews AllowOverride None AuthType Basic AuthName "Restricted Files" AuthBasicProvider file AuthUserFile <%= node['apache']['dir'] %>/htpasswd Require valid-user </Directory> Copy/paste from http://goo.gl/6sEYT5
  • 5. htpasswd We need this contents to be in node['apache']['dir']/htpasswd admin:$apr1$ejZO6aAi$9zUZFyNxkX7pHOfqnjs8/0 Copy/paste from http://goo.gl/6sEYT5
  • 7. Putting file to server #1 ../cookbooks/webserver/recipes/default.rb file "#{node['apache']['dir']}/htpasswd" do owner 'root' group node['apache']['root_group'] mode '0644' backup false content "admin: $apr1$ejZO6aAi$9zUZFyNxkX7pHOfqnjs8/0" end
  • 8. Putting file to server #2 ● 'content' attribute is not really scalable – what if we need 2Kb of text inside? ● Lets first comment out with # content attribute ● create file ../cookbooks/webserver/files/default/htpasswd ● and put root (not admin!) and password hash to it ● Change resource from 'file' to 'cookbook_file'
  • 9. Putting file to server #2 ../cookbooks/webserver/recipes/default.rb cookbook_file "#{node['apache']['dir']}/htpasswd" do owner 'root' group node['apache']['root_group'] mode '0644' backup false end
  • 10. Welcome Berks-way! gem install berkshelf Test it with “berks -v” -------------------------------------------------------------On Windows you'll need to add to chefrepo/.berkshelf/config.json: "ssl": { "verify": false }
  • 11. Move out community cookbooks ● Add a line to Berksfile: cookbook “cookbook” path: cookbooks/webserver ● berks install ← download cookbook to local folder ● berks upload ← upload cookbooks to Chef Server ● remove 'apache2' folder from chef_repo Where is cookbook now anyway?
  • 12. Well done! Lets put it to git git commit -a -m “Initial commit” git push origin master
  • 13. Berks locations ● site: cookbook "artifact", site: "http://cookbooks.opscode.com/api/v1/cookbooks" cookbook "artifact", site: :opscode ● git: cookbook "mysql", git: "https://github.com/opscodecookbooks/mysql.git", branch: "foodcritic"
  • 14. Lets do it better now! https://github.com/Youscribe/htpasswdcookbook Goal: specify user/pass with cookbook attributes Copy/paste from http://goo.gl/6sEYT5
  • 15. New cookbook in Berksfile cookbook "htpasswd", git: https://github.com/Youscribe/htpasswdcookbook.git
  • 16. Example: htpasswd "/etc/apache2/htpasswd" do user node['webserver']['auth_user'] password node['webserver']['auth_pass'] end
  • 17. Htpasswd - review ● webserver/metadata.rb: add dependency ● recipes/default.rb: add resource httpasswd ● attributes/default.rb: add two attributes ● berks update & berks upload
  • 18. Managing users access Site User1/pass User2/pass User3/pass Site Backend User1/pass User3/pass Store Backend User3/pass
  • 20. Managing user access - Plan ● Keep user/pass with granted nodes ● Find all users for current node ● Generate htpasswd by adding hash for each user
  • 23. Data bag CLI knife data bag create htpasswd knife data bag from file htpasswd user1.json knife data bag from file htpasswd data_bags/htpasswd/* knife search htpasswd "(id:user1)" knife search htpasswd "(nodes:yournode)"
  • 24. Search API search(:htpasswd, "nodes:#{node.name}") do |user| #add line to file user['pass'] end
  • 25. Just an example of solution... file "#{node['apache']['dir']}/htpasswd" do action :delete end search(:htpasswd, "nodes:#{node.name}") do |user| htpasswd "#{node['apache']['dir']}/htpasswd" do user user['id'] password user['pass'] notifies :reload, 'service[apache2]' end end