Sign In Start Free Trial

Chef Infrastructure Automation Cookbook Second Edition

By : Marschall

3.7 (6)

Chef Infrastructure Automation Cookbook Second Edition

3.7 (6)

By: Marschall

Overview of this book

This book is for system engineers and administrators who have a fundamental understanding of information management systems and infrastructure. It helps if you've already played around with Chef; however, this book covers all the important topics you will need to know. If you don't want to dig through a whole book before you can get started, this book is for you, as it features a set of independent recipes you can try out immediately.

Preface

Preface

What this book covers

What you need for this book

Who this book is for

Sections

Conventions

Reader feedback

Customer support

Free Chapter

1. Chef Infrastructure

1. Chef Infrastructure

Introduction

Using version control

Installing the Chef development kit on your workstation

Using the hosted Chef platform

Managing virtual machines with Vagrant

Creating and using cookbooks

Inspecting files on your Chef server with knife

Defining cookbook dependencies

Managing cookbook dependencies with Berkshelf

Downloading and integrating cookbooks as vendor branches into your Git repository

Using custom knife plugins

Deleting a node from the Chef server

Developing recipes with local mode

Using roles

Using environments

Freezing cookbooks

Running Chef client as a daemon

Using chef-shell

2. Evaluating and Troubleshooting Cookbooks and Chef Runs

2. Evaluating and Troubleshooting Cookbooks and Chef Runs

Introduction

Testing your Chef cookbooks

Flagging problems in your Chef cookbooks

Test-driven development for cookbooks using ChefSpec

Integration testing your Chef cookbooks with Test Kitchen

Showing affected nodes before uploading cookbooks

Overriding a node's run list to execute a single recipe

Using why-run mode to find out what a recipe might do

Debugging Chef client runs

Inspecting the results of your last Chef run

Raising and logging exceptions in recipes

Diff-ing cookbooks with knife

Using community exception and report handlers

Creating custom handlers

3. Chef Language and Style

3. Chef Language and Style

Introduction

Using community Chef style

Using attributes to dynamically configure recipes

Using templates

Mixing plain Ruby with Chef DSL

Installing Ruby gems and using them in recipes

Using libraries

Using definitions

Creating your own Lightweight Resource Providers (LWRP)

Extending community cookbooks by using application wrapper cookbooks

Creating custom Ohai plugins

Creating custom knife plugins

4. Writing Better Cookbooks

4. Writing Better Cookbooks

Introduction

Setting the environment variables

Passing arguments to shell commands

Overriding attributes

Using search to find nodes

Using data bags

Using search to find data bag items

Using encrypted data bag items

Accessing data bag values from external scripts

Getting information about the environment

Writing cross-platform cookbooks

Finding the complete list of operating systems you can use in cookbooks

Making recipes idempotent by using conditional execution

5. Working with Files and Packages

5. Working with Files and Packages

Introduction

Creating configuration files using templates

Using pure Ruby in templates for conditionals and iterations

Installing packages from a third-party repository

Installing software from source

Running a command when a file is updated

Distributing directory trees

Cleaning up old files

Distributing different files based on the target platform

6. Users and Applications

6. Users and Applications

Introduction

Creating users from data bags

Securing the Secure Shell Daemon (SSHD)

Enabling passwordless sudo

Managing NTP

Managing nginx

Creating nginx virtual hosts

Creating MySQL databases and users

Managing WordPress sites

Managing Ruby on Rails applications

Managing Varnish

Managing your local workstation

7. Servers and Cloud Infrastructure

7. Servers and Cloud Infrastructure

Introduction

Creating your infrastructure using Chef Provisioning

Creating cookbooks from a running system with Blueprint

Running the same command on many machines at once

Setting up SNMP for external monitoring services

Deploying a Nagios monitoring server

Building high-availability services using heartbeat

Using HAProxy to load-balance multiple web servers

Using custom bootstrap scripts

Managing firewalls with iptables

Managing fail2ban to ban malicious IP addresses

Managing Amazon EC2 instances

Loading your Chef infrastructure from a file with spiceweasel and knife

Index

Index

Customer Reviews

3.7 (6)

5 star

50%

4 star

16.7%

3 star

0

2 star

16.7%

1 star

16.7%

Managing firewalls with iptables

Securing your servers is very important. One basic way of shutting down quite a few attack vectors is running a firewall on your nodes. The firewall will make sure that only those network connections that hit the services you decide to allow are accepted.

On Ubuntu, iptables is one of the tools available for the job. Let's see how to set it up to make your servers more secure.

Getting ready

Make sure that you have a cookbook called my_cookbook and that the run_list of your node includes my_cookbook, as described in the Creating and using cookbooks recipe in Chapter 1, Chef Infrastructure.

Create your Berksfile in your Chef repository including my_cookbook:

mma@laptop:~/chef-repo $ subl Berksfile

cookbook 'my_cookbook', path: './cookbooks/my_cookbook'

How to do it...

Let's set up iptables so that it blocks all network connections to your node and only accepts connections to the SSH and HTTP ports:

Edit your cookbook's metadata.rb:

mma@laptop:~/chef-repo $ subl cookbooks...

Search

Your notes and bookmarks