This article will cover the basics of installing a Chef Cookbook to perform an automated infrastructure task, in this case managing users with the Chef Cookbook users. This article builds off the article “How to install Chef Configuration Management Server Workstation and Node”.
*These steps are completed on your Chef Workstation
Add some basic information to your knife.rb file
vim ~/chef-repo/.chef/knife.rb cookbook_path ["./"] cookbook_copyright "copyright-entity" cookbook_license "apachev2" cookbook_email "your-email@host.com" |
Install the Berkshelf Ruby Gem
gem install berkshelf |
Configure your cookbook info into a Berksfile
cookbook 'user_mg', path: './cookbooks/user_mg' |
Create a cookbook user_mg
knife cookbook create user_mg |
Create a users data bag
knife data bag create users cd ~/chef-repo/ mkdir data_bags/users |
Create your user info in your users data bag (You can more then one user by repeating this step)
*see documentation for users cookbook for more options
vim ~/chef-repo/data_bags/users/some-user.json { "id": "some-user", "ssh_keys": [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQ-user-pubkey" ], "groups": [ "devops" ], "shell": "\/bin\/bash" } |
Add a depends entry and other metadata for your user_mg cookbook
vim ~/chef-repo/cookbooks/user_mg/metadata.rb name 'user_mg' maintainer 'maintainer-name' maintainer_email 'your-email@host.com' license 'Apache 2.0' description 'Installs/Configures user_mg' long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) version '0.1.1' depends "users" |
Create a recipe for your user_mg cookbook in the default.rb
*see documentation for users cookbook for more options
vim ~/chef-repo/cookbooks/user_mg/recipes/default.rb include_recipe "users" users_manage "devops" do action [ :remove, :create ] end |
Check your changes into git
git add ~/chef-repo/cookbooks/* git add ~/chef-repo/data_bags/* git commit -m'Added users cookbook and databag' |
Include your users data bag file some-user.json (*Run this for each user if more then one)
knife data bag from file users some-user.json |
Use Berkshelf to install and upload your changes
berks install
berks upload |
Add your cookbook recipes to your node
knife node run_list add your-node.com users
knife node run_list add your-node.com user_mg |
*If you need to remove a cookbook recipe ever you can run
knife node run_list remove your-node.com recipe[users] |
*If you change data bag data run this
knife data bag from file users some-user.json |
*If you need to delete a item in the data bag run this
knife data bag delete users some-user |
*If you update the recipe update your Cookbook Version
vim ~/chef-repo/cookbooks/user_mg/metadata.rb |
Hope this helps you get an idea on how to implement a Chef Cookbook!
I had some trouble using the ‘ssh_keys’ attribute when using the users cookbook…
When my user.json did NOT include a ‘gid’ attribute, I was getting an error:
template[/home/giorgos/.ssh/authorized_keys] (/tmp/vagrant-chef-3/chef-solo-1/cookbooks/users/providers/manage.rb line 121) had an error: Chef::Exceptions::GroupIDNotFound: cannot determine group id for ‘giorgos’, does the group exist on this system?
(https://github.com/opscode-cookbooks/users/blob/master/providers/manage.rb#L121)
The template resource was not able to find the group id…
So, I tried including a ‘gid’ attribute, only this time:
==> default: Chef::Exceptions::User
==> default: ———————-
==> default: user[giorgos] (/tmp/vagrant-chef-3/chef-solo-1/cookbooks/users/providers/manage.rb line 94) had an error: Chef::Exceptions::User: Couldn’t lookup integer GID for group name 7000
…leaving me no choice but to change the source code:
This is all on an OpenSUSE 13.1 VM, so it probably works on other OS, but I thought I might save someone else some time if they come across this post…