• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Chef training - Day3
 

Chef training - Day3

on

  • 354 views

Presentation for Day3 training held by SmartMe

Presentation for Day3 training held by SmartMe
http://www.smartme.com.ua/courses/nachala-devops-konfiguriruem-server-s-pomoshchyu-opscode-chef

Statistics

Views

Total Views
354
Views on SlideShare
353
Embed Views
1

Actions

Likes
0
Downloads
13
Comments
0

1 Embed 1

https://www.linkedin.com 1

Accessibility

Upload Details

Uploaded via as OpenOffice

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Chef training - Day3 Chef training - Day3 Presentation Transcript

    • Начала DevOps: Opscode Chef Day 3 Andriy Samilyak samilyak@gmail.com skype: samilyaka
    • Goals ● New resources: file, cookbook_file ● Berkshelf ● DataBags ● Deployment with Chef ● Environments
    • Password protection We need to close our site by login/password in order to keep it private admin/password
    • Password protection HTTP Basic Authentication <Directory <%= node['apache']['docroot_dir'] %>/> Options Indexes FollowSymLinks MultiViews AllowOverride None AuthType Basic AuthName "Restricted Files" AuthBasicProvider file AuthUserFile <%= node['apache']['dir'] %>/htpasswd Require valid-user </Directory> Copy/paste from http://goo.gl/6sEYT5
    • htpasswd We need this contents to be in node['apache']['dir']/htpasswd admin:$apr1$ejZO6aAi$9zUZFyNxkX7pHOfqnjs8/0 Copy/paste from http://goo.gl/6sEYT5
    • Google it! 'chef resource file'
    • Putting file to server #1 ../cookbooks/webserver/recipes/default.rb file "#{node['apache']['dir']}/htpasswd" do owner 'root' group node['apache']['root_group'] mode '0644' backup false content "admin: $apr1$ejZO6aAi$9zUZFyNxkX7pHOfqnjs8/0" end
    • Putting file to server #2 ● 'content' attribute is not really scalable – what if we need 2Kb of text inside? ● Lets first comment out with # content attribute ● create file ../cookbooks/webserver/files/default/htpasswd ● and put root (not admin!) and password hash to it ● Change resource from 'file' to 'cookbook_file'
    • Putting file to server #2 ../cookbooks/webserver/recipes/default.rb cookbook_file "#{node['apache']['dir']}/htpasswd" do owner 'root' group node['apache']['root_group'] mode '0644' backup false end
    • Welcome Berks-way! gem install berkshelf Test it with “berks -v” -------------------------------------------------------------On Windows you'll need to add to chefrepo/.berkshelf/config.json: "ssl": { "verify": false }
    • Move out community cookbooks ● Add a line to Berksfile: cookbook “cookbook” path: cookbooks/webserver ● berks install ← download cookbook to local folder ● berks upload ← upload cookbooks to Chef Server ● remove 'apache2' folder from chef_repo Where is cookbook now anyway?
    • Well done! Lets put it to git git commit -a -m “Initial commit” git push origin master
    • Berks locations ● site: cookbook "artifact", site: "http://cookbooks.opscode.com/api/v1/cookbooks" cookbook "artifact", site: :opscode ● git: cookbook "mysql", git: "https://github.com/opscodecookbooks/mysql.git", branch: "foodcritic"
    • Lets do it better now! https://github.com/Youscribe/htpasswdcookbook Goal: specify user/pass with cookbook attributes Copy/paste from http://goo.gl/6sEYT5
    • New cookbook in Berksfile cookbook "htpasswd", git: https://github.com/Youscribe/htpasswdcookbook.git
    • Example: htpasswd "/etc/apache2/htpasswd" do user node['webserver']['auth_user'] password node['webserver']['auth_pass'] end
    • Htpasswd - review ● webserver/metadata.rb: add dependency ● recipes/default.rb: add resource httpasswd ● attributes/default.rb: add two attributes ● berks update & berks upload
    • Managing users access Site User1/pass User2/pass User3/pass Site Backend User1/pass User3/pass Store Backend User3/pass
    • DataBags ● Reusable data containers ● JSON ● Search API
    • Managing user access - Plan ● Keep user/pass with granted nodes ● Find all users for current node ● Generate htpasswd by adding hash for each user
    • DataBags as files chef_repo data_bags htpasswd user1.json user2.json user3.json
    • user1.json { "id": "user1", "pass": "password", "nodes" : ["yournode1", "yournode2"] }
    • Data bag CLI knife data bag create htpasswd knife data bag from file htpasswd user1.json knife data bag from file htpasswd data_bags/htpasswd/* knife search htpasswd "(id:user1)" knife search htpasswd "(nodes:yournode)"
    • Search API search(:htpasswd, "nodes:#{node.name}") do |user| #add line to file user['pass'] end
    • Just an example of solution... file "#{node['apache']['dir']}/htpasswd" do action :delete end search(:htpasswd, "nodes:#{node.name}") do |user| htpasswd "#{node['apache']['dir']}/htpasswd" do user user['id'] password user['pass'] notifies :reload, 'service[apache2]' end end