Your SlideShare is downloading. ×
0
Начала DevOps: Opscode Chef
Day 3

Andriy Samilyak
samilyak@gmail.com
skype: samilyaka
Goals
●

New resources: file, cookbook_file

●

Berkshelf

●

DataBags

●

Deployment with Chef

●

Environments
Password protection
We need to close our site by
login/password in order to keep it private
admin/password
Password protection
HTTP Basic Authentication
<Directory <%= node['apache']['docroot_dir'] %>/>
Options Indexes FollowSymL...
htpasswd
We need this contents to be in
node['apache']['dir']/htpasswd
admin:$apr1$ejZO6aAi$9zUZFyNxkX7pHOfqnjs8/0

Copy/p...
Google it!
'chef resource file'
Putting file to server #1
../cookbooks/webserver/recipes/default.rb

file "#{node['apache']['dir']}/htpasswd" do
owner 'ro...
Putting file to server #2
●

'content' attribute is not really scalable – what if
we need 2Kb of text inside?

●

Lets fir...
Putting file to server #2
../cookbooks/webserver/recipes/default.rb
cookbook_file "#{node['apache']['dir']}/htpasswd" do
o...
Welcome Berks-way!
gem install berkshelf
Test it with “berks -v”
---------------------------------------------------------...
Move out community cookbooks
●

Add a line to Berksfile:
cookbook “cookbook” path: cookbooks/webserver

●

berks install ←...
Well done! Lets put it to git
git commit -a -m “Initial commit”
git push origin master
Berks locations
●

site:
cookbook "artifact", site:
"http://cookbooks.opscode.com/api/v1/cookbooks"
cookbook "artifact", s...
Lets do it better now!

https://github.com/Youscribe/htpasswdcookbook
Goal: specify user/pass with cookbook
attributes
Cop...
New cookbook in Berksfile
cookbook "htpasswd", git:
https://github.com/Youscribe/htpasswdcookbook.git
Example:
htpasswd "/etc/apache2/htpasswd" do
user node['webserver']['auth_user']
password node['webserver']['auth_pass']
e...
Htpasswd - review
●

webserver/metadata.rb: add dependency

●

recipes/default.rb: add resource httpasswd

●

attributes/d...
Managing users access

Site

User1/pass
User2/pass
User3/pass

Site Backend

User1/pass
User3/pass

Store Backend

User3/p...
DataBags
●

Reusable data containers

●

JSON

●

Search API
Managing user access - Plan
●

Keep user/pass with granted nodes

●

Find all users for current node

●

Generate htpasswd...
DataBags as files
chef_repo
data_bags
htpasswd
user1.json
user2.json
user3.json
user1.json
{
"id": "user1",
"pass": "password",
"nodes" : ["yournode1", "yournode2"]
}
Data bag CLI
knife data bag create htpasswd
knife data bag from file htpasswd user1.json
knife data bag from file htpasswd...
Search API
search(:htpasswd, "nodes:#{node.name}") do |user|
#add line to file user['pass']
end
Just an example of solution...
file "#{node['apache']['dir']}/htpasswd" do
action :delete
end
search(:htpasswd, "nodes:#{n...
Upcoming SlideShare
Loading in...5
×

Chef training - Day3

576

Published on

Presentation for Day3 training held by SmartMe
http://www.smartme.com.ua/courses/nachala-devops-konfiguriruem-server-s-pomoshchyu-opscode-chef

Published in: Technology, Self Improvement
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
576
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
37
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Chef training - Day3"

  1. 1. Начала DevOps: Opscode Chef Day 3 Andriy Samilyak samilyak@gmail.com skype: samilyaka
  2. 2. Goals ● New resources: file, cookbook_file ● Berkshelf ● DataBags ● Deployment with Chef ● Environments
  3. 3. Password protection We need to close our site by login/password in order to keep it private admin/password
  4. 4. Password protection HTTP Basic Authentication <Directory <%= node['apache']['docroot_dir'] %>/> Options Indexes FollowSymLinks MultiViews AllowOverride None AuthType Basic AuthName "Restricted Files" AuthBasicProvider file AuthUserFile <%= node['apache']['dir'] %>/htpasswd Require valid-user </Directory> Copy/paste from http://goo.gl/6sEYT5
  5. 5. htpasswd We need this contents to be in node['apache']['dir']/htpasswd admin:$apr1$ejZO6aAi$9zUZFyNxkX7pHOfqnjs8/0 Copy/paste from http://goo.gl/6sEYT5
  6. 6. Google it! 'chef resource file'
  7. 7. Putting file to server #1 ../cookbooks/webserver/recipes/default.rb file "#{node['apache']['dir']}/htpasswd" do owner 'root' group node['apache']['root_group'] mode '0644' backup false content "admin: $apr1$ejZO6aAi$9zUZFyNxkX7pHOfqnjs8/0" end
  8. 8. Putting file to server #2 ● 'content' attribute is not really scalable – what if we need 2Kb of text inside? ● Lets first comment out with # content attribute ● create file ../cookbooks/webserver/files/default/htpasswd ● and put root (not admin!) and password hash to it ● Change resource from 'file' to 'cookbook_file'
  9. 9. Putting file to server #2 ../cookbooks/webserver/recipes/default.rb cookbook_file "#{node['apache']['dir']}/htpasswd" do owner 'root' group node['apache']['root_group'] mode '0644' backup false end
  10. 10. Welcome Berks-way! gem install berkshelf Test it with “berks -v” -------------------------------------------------------------On Windows you'll need to add to chefrepo/.berkshelf/config.json: "ssl": { "verify": false }
  11. 11. Move out community cookbooks ● Add a line to Berksfile: cookbook “cookbook” path: cookbooks/webserver ● berks install ← download cookbook to local folder ● berks upload ← upload cookbooks to Chef Server ● remove 'apache2' folder from chef_repo Where is cookbook now anyway?
  12. 12. Well done! Lets put it to git git commit -a -m “Initial commit” git push origin master
  13. 13. Berks locations ● site: cookbook "artifact", site: "http://cookbooks.opscode.com/api/v1/cookbooks" cookbook "artifact", site: :opscode ● git: cookbook "mysql", git: "https://github.com/opscodecookbooks/mysql.git", branch: "foodcritic"
  14. 14. Lets do it better now! https://github.com/Youscribe/htpasswdcookbook Goal: specify user/pass with cookbook attributes Copy/paste from http://goo.gl/6sEYT5
  15. 15. New cookbook in Berksfile cookbook "htpasswd", git: https://github.com/Youscribe/htpasswdcookbook.git
  16. 16. Example: htpasswd "/etc/apache2/htpasswd" do user node['webserver']['auth_user'] password node['webserver']['auth_pass'] end
  17. 17. Htpasswd - review ● webserver/metadata.rb: add dependency ● recipes/default.rb: add resource httpasswd ● attributes/default.rb: add two attributes ● berks update & berks upload
  18. 18. Managing users access Site User1/pass User2/pass User3/pass Site Backend User1/pass User3/pass Store Backend User3/pass
  19. 19. DataBags ● Reusable data containers ● JSON ● Search API
  20. 20. Managing user access - Plan ● Keep user/pass with granted nodes ● Find all users for current node ● Generate htpasswd by adding hash for each user
  21. 21. DataBags as files chef_repo data_bags htpasswd user1.json user2.json user3.json
  22. 22. user1.json { "id": "user1", "pass": "password", "nodes" : ["yournode1", "yournode2"] }
  23. 23. Data bag CLI knife data bag create htpasswd knife data bag from file htpasswd user1.json knife data bag from file htpasswd data_bags/htpasswd/* knife search htpasswd "(id:user1)" knife search htpasswd "(nodes:yournode)"
  24. 24. Search API search(:htpasswd, "nodes:#{node.name}") do |user| #add line to file user['pass'] end
  25. 25. Just an example of solution... file "#{node['apache']['dir']}/htpasswd" do action :delete end search(:htpasswd, "nodes:#{node.name}") do |user| htpasswd "#{node['apache']['dir']}/htpasswd" do user user['id'] password user['pass'] notifies :reload, 'service[apache2]' end end
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×