7. Servers and Cloud Infrastructure | Chef Infrastructure Automation Cookbook Second Edition

Sign In Start Free Trial

Book Overview & Buying
Table Of Contents
Feedback & Rating

Chef Infrastructure Automation Cookbook Second Edition

By : Marschall

3.7 (6)

Chef Infrastructure Automation Cookbook Second Edition

3.7 (6)

By: Marschall

Overview of this book

This book is for system engineers and administrators who have a fundamental understanding of information management systems and infrastructure. It helps if you've already played around with Chef; however, this book covers all the important topics you will need to know. If you don't want to dig through a whole book before you can get started, this book is for you, as it features a set of independent recipes you can try out immediately.

Preface

Preface

What this book covers

What you need for this book

Who this book is for

Sections

Conventions

Reader feedback

Customer support

Free Chapter

1. Chef Infrastructure

1. Chef Infrastructure

Introduction

Using version control

Installing the Chef development kit on your workstation

Using the hosted Chef platform

Managing virtual machines with Vagrant

Creating and using cookbooks

Inspecting files on your Chef server with knife

Defining cookbook dependencies

Managing cookbook dependencies with Berkshelf

Downloading and integrating cookbooks as vendor branches into your Git repository

Using custom knife plugins

Deleting a node from the Chef server

Developing recipes with local mode

Using roles

Using environments

Freezing cookbooks

Running Chef client as a daemon

Using chef-shell

2. Evaluating and Troubleshooting Cookbooks and Chef Runs

2. Evaluating and Troubleshooting Cookbooks and Chef Runs

Introduction

Testing your Chef cookbooks

Flagging problems in your Chef cookbooks

Test-driven development for cookbooks using ChefSpec

Integration testing your Chef cookbooks with Test Kitchen

Showing affected nodes before uploading cookbooks

Overriding a node's run list to execute a single recipe

Using why-run mode to find out what a recipe might do

Debugging Chef client runs

Inspecting the results of your last Chef run

Raising and logging exceptions in recipes

Diff-ing cookbooks with knife

Using community exception and report handlers

Creating custom handlers

3. Chef Language and Style

3. Chef Language and Style

Introduction

Using community Chef style

Using attributes to dynamically configure recipes

Using templates

Mixing plain Ruby with Chef DSL

Installing Ruby gems and using them in recipes

Using libraries

Using definitions

Creating your own Lightweight Resource Providers (LWRP)

Extending community cookbooks by using application wrapper cookbooks

Creating custom Ohai plugins

Creating custom knife plugins

4. Writing Better Cookbooks

4. Writing Better Cookbooks

Introduction

Setting the environment variables

Passing arguments to shell commands

Overriding attributes

Using search to find nodes

Using data bags

Using search to find data bag items

Using encrypted data bag items

Accessing data bag values from external scripts

Getting information about the environment

Writing cross-platform cookbooks

Finding the complete list of operating systems you can use in cookbooks

Making recipes idempotent by using conditional execution

5. Working with Files and Packages

5. Working with Files and Packages

Introduction

Creating configuration files using templates

Using pure Ruby in templates for conditionals and iterations

Installing packages from a third-party repository

Installing software from source

Running a command when a file is updated

Distributing directory trees

Cleaning up old files

Distributing different files based on the target platform

6. Users and Applications

6. Users and Applications

Introduction

Creating users from data bags

Securing the Secure Shell Daemon (SSHD)

Enabling passwordless sudo

Managing NTP

Managing nginx

Creating nginx virtual hosts

Creating MySQL databases and users

Managing WordPress sites

Managing Ruby on Rails applications

Managing Varnish

Managing your local workstation

7. Servers and Cloud Infrastructure

7. Servers and Cloud Infrastructure

Introduction

Creating your infrastructure using Chef Provisioning

Creating cookbooks from a running system with Blueprint

Running the same command on many machines at once

Setting up SNMP for external monitoring services

Deploying a Nagios monitoring server

Building high-availability services using heartbeat

Using HAProxy to load-balance multiple web servers

Using custom bootstrap scripts

Managing firewalls with iptables

Managing fail2ban to ban malicious IP addresses

Managing Amazon EC2 instances

Loading your Chef infrastructure from a file with spiceweasel and knife

Index

Index

Customer Reviews

3.7 (6)

5 star

50%

4 star

16.7%

3 star

0

2 star

16.7%

1 star

16.7%

Managing fail2ban to ban malicious IP addresses

Brute-force attacks against any of your password protected services, such as SSH, and break-in attempts against your web server happen frequently for every public-facing system.

The fail2ban tool monitors your log files and acts as soon as it discovers malicious behavior in the way you told it to. One common use case is blocking malicious IP addresses by establishing firewall rules on the fly using iptables.

In this section, we'll take a look at how to set up a basic protection for by SSH using fail2ban and iptables.

Getting ready

Make sure that you have a cookbook named my_cookbook and that the run_list of your node includes my_cookbook, as described in the Creating and using cookbooks recipe in Chapter 1, Chef Infrastructure.

Make sure that you have created the ssh.erb template for your iptables rule as described in the Managing firewalls with iptables recipe in this chapter.

Create your Berksfile in your Chef repository including my_cookbook:

...

Search

Your notes and bookmarks