Pages

Tuesday, September 18, 2018

Containers with out Docker

Containers are not new but what made people go for Docker?. Though we have  many container technologies people preferred docker for one reason. Docker made great leaps in simplification of containers. It is always hard implementing the containers in a organisation before docker.

Is Docker the only container technology?. Can we create a container without docker?. This article talks about the how we can create containers with out docker

Docker is not a container technology, if is a company that promotes creating of containers in a simplest way. They have their own library called “libcontainer” that helps in creating the containers. Below are few other tools that helps in creating containers with out docker.

RunC - RunC is a command line tool for spawning and running containers according to the OCI specification. This is a docker container format and runtime that is being donated to the Oci.

How to use RunC to run Containers?
1. Download the runC library based on the platform from here using,
wget https://github.com/opencontainers/runc/releases/download/v1.0.0-rc5/runc.amd64

2. Create a directory structure
mkdir runC
cd runC
mkdir test-container
cd test-container

3. Download a busybox docker container image and export the image to the rootfs filesystem like,  docker export $(docker create busybox) | tar -C rootfs -xvf -

Now we will see a directory by the name rootfs with multiple files and directories inside

4. Run the runC spec command from the download library using,
[root@manja17-I13330 test-container]# /root/runc/runc.amd64 spec
[root@manja17-I13330 test-container]# ll
total 4
-rw-r--r--  1 root root 2614 Jul 26 07:27 config.json
drwxr-xr-x 12 root root  137 Jul 26 07:09 rootfs

A spec file is created by the name config.json. Check the file to see the configurations details for the image.

[root@manja17-I13330 test-container]# cat config.json
{
        "ociVersion": "1.0.0",
        "process": {
                "terminal": true,
                "user": {
                        "uid": 0,
                        "gid": 0
                },
                "args": [
                        "sh"
                ],
                "env": [
                        "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
                        "TERM=xterm"
                ],
                "cwd": "/",
                "capabilities": {
                        "bounding": [
                                "CAP_AUDIT_WRITE",
                                "CAP_KILL",
                                "CAP_NET_BIND_SERVICE"
                        ],
                        "effective": [
                                "CAP_AUDIT_WRITE",
                                "CAP_KILL",
                                "CAP_NET_BIND_SERVICE"
                        ],
                       *********
If you check the config.json, we can see what this container does and how it will run etc.Run the container using the runC command as,
[root@manja17-I13330 test-container]# /root/runc/runc.amd64 run container1
/ # ps ux
PID   USER     TIME  COMMAND
    1 root      0:00 sh
    6 root      0:00 ps ux
/ # exit

Run the container background using,
[root@manja17-I13330 test-container]# /root/runc/runc.amd64 run container1 &
[root@manja17-I13330 test-container]# /root/runc/runc.amd64 list
We will see the containers running listed

All commands that we run is based on the Container ID. lets run some more commands as
[root@manja17-I13330 runc]# ./runc.amd64 ps container1
UID        PID     PPID   C STIME TTY          TIME    CMD
root     21033 21025  0 00:20 ?         00:00:00 sh

[root@manja17-I13330 runc]# ./runc.amd64 exec container1 free
                total          used           free        shared    buffers     cached
Mem:       8175444    8013024     162420          0       2776    5760124
-/+ buffers/cache:     2250124     5925320
Swap:       0             0                 0

Podman - Podman is a tool designed for managing pods and containers without requiring a container daemon.  Unlike Docker , we will not be having any Container Runtime over here. Podman takes care of creating containers, managing etc.

Podman CLI is based on Docker Cli. This is intended to be user friendly interface and is capable of providing summaries of containers, images etc.

Podman manages pods as well as Containers outside of Pod. So when said podman does not have a Container Runtime , how can we build images , start containers etc.

Podman creates the containerised processes and makes the necessary changes on the disk itself. This is based on the library called “container/images” for pulling images from registry. The same library is used to manage images on the disk even 

Installing podman is quite easy. Just enable the epel-release repo on the centos and run the “yum install godman.x86_64” or you can download the repo from here.

Podman Cli is based on the Docker Cli. So the podman commands will be pretty much similar to the docker commands.  

[root@rkt-machine vagrant]# podman run -d --name testing docker.io/jagadesh1982/testing-service
Trying to pull docker.io/jagadesh1982/testing-service...Getting image source signatures
*********
Copying config sha256:60c1b93cd9f4920aba848d5d457a5f9d24bd1bc4afd0cb4bbcf510a9528c43d2
 9.06 KB / 9.06 KB [========================================================] 0s
Writing manifest to image destination
Storing signatures
bb7893663146fad1f0c344b1b6670e56e08cf428cbe97088f511f9adc771805f

Check the Running Container using “podman ps”,

If we check with docker command as “docker ps” , we will not be able to see any running containers since the containers started by podman are subprocess of the podman process.

Gather the Container details - to get the container details like Ip address etc, podman provides us with a inspect command which is similar to docker. We can use that using “podman inspect <container ID> 

List Images - Podman Provides us with same commands as docker to list the images as below,
[root@rkt-machine vagrant]# podman images
REPOSITORY                                                   TAG      IMAGE ID.           CREATED        SIZE
docker.io/jagadesh1982/testing-service   latest   60c1b93cd9f4   4 months ago   705MB

Run the Container in Foreground - Similar to Docker, podman provides us with a way to run a container in a foreground way using,

[root@rkt-machine vagrant]# podman run -it --name testingService docker.io/jagadesh1982/testing-service /bin/bash
root@7972e841af05:/usr/src/app# hostname -I
10.88.0.4 
root@7972e841af05:/usr/src/app# exit
exit

Systemd-nspawn - systems-spawn is a system tool to run containers like a virtual machine. The isolation environments created by nspawn are called machines and are managed by the tool called “machinectl”. This is the same tool that will interface with the nspawn machines and also containers created by rkt, docker etc.

Install the minimal packages necessary for starting the container using,
[root@rkt-machine install]# sudo yum -y --nogpg --releasever=7 --installroot=/srv/mycontainer   install systemd passwd yum vim-minimal

Start our container using
[root@rkt-machine install]# sudo systemd-nspawn -D /srv/mycontainer
Spawning container mycontainer on /srv/mycontainer.
Press ^] three times within 1s to kill container.
-bash-4.2# hostname -I
-bash: hostname: command not found
-bash-4.2# ls         
-bash-4.2# pwd
/root
-bash-4.2# exit
logout
Container mycontainer exited successfully.

List the container using,
[root@rkt-machine install]# machinectl 
MACHINE     CLASS     SERVICE
mycontainer container nspawn 

1 machines listed.

Rkt - Another container technology that is gaining up along with docker is Rocket. A CoreOS Container Runtime built as docker is no locker according to the open standards.   Docker runs with a daemon that manages all components. If the process disappears the containers disappear. Rkt tries to solve these problems.

Download and install the latest rkt rpm using
Wget https://github.com/rkt/rkt/releases/download/v1.30.0/rkt-1.30.0-1.x86_64.rpm

Yum install rkt*

[root@manja17-I13330 ~]# rkt fetch --insecure-options=image docker://jagadesh1982/testing-service
Downloading sha256:74eaa8be722 [=============================] 43.3 MB / 43.3 MB
Downloading sha256:f2b6b4884fc [=============================] 52.6 MB / 52.6 MB
Downloading sha256:bb0bcc8d7f6 [=============================] 14.8 MB / 14.8 MB
Downloading sha256:727d0f4e04b [=============================]     133 B / 133 B
Downloading sha256:4fb899b4df2 [=============================] 19.3 MB / 19.3 MB
Downloading sha256:da74659b918 [=============================] 4.33 MB / 4.33 MB
Downloading sha256:2d6e98fe404 [=============================]   131 MB / 131 MB
Downloading sha256:414666f7554 [=============================] 3.17 MB / 3.17 MB
Downloading sha256:ace2d3087f5 [=============================] 1.78 MB / 1.78 MB
Downloading sha256:17c4133ca61 [=============================]     667 B / 667 B
Downloading sha256:9940cbd4fb3 [=============================]     206 B / 206 B
Downloading sha256:b6477608bbd [=============================]     864 B / 864 B
Downloading sha256:fb20ef6fe17 [=============================] 1.35 MB / 1.35 MB
sha512-d5628ec41849f9c65c8be020921c61a8

Check for the downloaded images using,
[root@manja17-I13330 ~]# rkt image list
ID                                            NAME                                
sha512-d5628ec41849     registry-1.docker.io/jagadesh1982/testing-service:latest

Run a Container as,
[root@manja17-I13330 ~]# 
rkt run sha512-d5628ec41849
In the another command line, check the list of containers running using
[root@manja17-I13330 ~]# rkt list | grep testing-service3e42fb73        testing-service registry-1.docker.io/jagadesh1982/testing-service:latest        running 3 minutes ago   3 minutes ago default:ip4=172.16.28.6
Access the application using ,
[root@manja17-I13330 ~]# curl 172.16.28.6:9876/info{"host": "172.16.28.6:9876", "version": "0.5.0", "from": "172.16.28.1"}
Enter into the Container using,

[root@manja17-I13330 ~]# rkt enter 3e42fb73 /bin/bash
root@rkt-3e42fb73-ef08-4876-b996-759c7849aa99:/# ls
bin  boot  dev  etc  home  lib  lib64  media  mnt  opt  proc  root  run  sbin  srv  sys  testing_service.py  tmp  usr  var
root@rkt-3e42fb73-ef08-4876-b996-759c7849aa99:/# exit
Exit

CRI-O - Kubernetes is an orchestration engine that uses a container run time to run a container or a Pod. So kubernetes was built on top of docker as the container runtime. Soon as CoreOS announced the rkt container runtime, kubernetes was asked to support it. So finally kubernetes ended up supporting both container runtime.

The problem here is docker was growing in a faster pace. In order to upgrade our existing kubernetes cluster runtime with newer versions, it is always complex. More over the runtime now are enhancing by adding more features like swarm etc which are not necessary to kubernetes. 

The Container Runtime Interface ( CRI ) was introduced to solve these problems.The idea is to build a container runtime that will decouple the kubernetes kubelet service ( which is responsible for sending requests to container runtime on a machine to start a container ) from the container run time.

The CRI-O was started to create a minimal maintainable runtime dedicated for kubernetes. CRI-O is an implementation of Kubernetes CRI that allows kubernetes to use any OCI-compliant runtime as container runtime for creating and running pods. The Runtime will be part of the kubernetes library it self so that we don’t need to install a separate runtime like docker or rkt for starting containers.

CRI-O supports OCI container images and can pull from any compliant container registry. It is a lightweight alternative to using Docker as the runtime for Kubernetes.

Read More

Friday, September 14, 2018

Working with Chef-Solo

Chef-solo is a command that executes chef-client in a way that does not require the chef-server communication. That is when ever we have written a cookbook we usually upload them first to the chef-server, then use the chef-client command to execute. The chef-client download any changes ( cookbook also ) to the chef-node and then use them to perform any changes.

What if we want to run our cookbooks locally rather then downloading from chef-server. This is where chef-solo comes into use. Chef-solo uses chef-client “chef local mode” to run the cookbooks. While running cookbooks with chef-solo, the authentication, authorization etc functionalities will not be available to the chef-client.

How to use the chef-solo
Chef-solo requires 2 files to be available in order to run cookbooks ,
Solo.rb – File tells chef about the location of the cookbooks, roles and data bags
Node.json – file sets the run list and any node specific attributes if necessary

Lets create the files in chef-repo ,

[root@chefdk chef-repo]# cat solo.rb
current_dir       = File.expand_path(File.dirname(__FILE__))
file_cache_path   "#{current_dir}"
cookbook_path     "#{current_dir}/cookbooks"
role_path         "#{current_dir}/roles"
data_bag_path     "#{current_dir}/data_bags"
# chef-solo

[root@chefdk chef-repo]# cat node.json
{
    "run_list": [ "recipe[simple]" ]
}

From the above code , we can see the solo.rb talks about the location of cookbooks, roles and databags. The node.json file talks about the cookbooks that we want to execute locally.

Now upload the code to the git repository with all the chef-repo. Now from the chef-client node ( machine where we want to run the chef-client ) clone the git repo. From inside the chef-repo, we will run the chef-solo command as  below.

[root@chefclient chef-repo]# sudo chef-solo -c solo.rb -j node.json
[2018-09-07T04:36:13-04:00] INFO: Forking chef instance to converge...
Starting Chef Client, version 12.22.5
[2018-09-07T04:36:13-04:00] INFO: *** Chef 12.22.5 ***
[2018-09-07T04:36:13-04:00] INFO: Platform: x86_64-linux
[2018-09-07T04:36:13-04:00] INFO: Chef-client pid: 16351
[2018-09-07T04:36:13-04:00] INFO: The plugin path /etc/chef/ohai/plugins does not exist. Skipping...
[2018-09-07T04:36:16-04:00] INFO: HTTP Request Returned 404 Not Found: Object not found: chefzero://localhost:8889/nodes/chefclient.nova.com
[2018-09-07T04:36:16-04:00] INFO: Setting the run_list to ["recipe[simple]"] from CLI options
[2018-09-07T04:36:16-04:00] INFO: Run List is [recipe[simple]]
[2018-09-07T04:36:16-04:00] INFO: Run List expands to [simple]
[2018-09-07T04:36:16-04:00] INFO: Starting Chef Run for chefclient.nova.com
[2018-09-07T04:36:16-04:00] INFO: Running start handlers
[2018-09-07T04:36:16-04:00] INFO: Start handlers complete.
[2018-09-07T04:36:16-04:00] INFO: HTTP Request Returned 404 Not Found: Object not found:
resolving cookbooks for run list: ["simple"]
[2018-09-07T04:36:16-04:00] INFO: Loading cookbooks [simple@0.1.0]
[2018-09-07T04:36:16-04:00] INFO: Removing cookbooks/README.md from the cache; its cookbook is no longer needed on this client.
[2018-09-07T04:36:16-04:00] INFO: Removing cookbooks/example/README.md from the cache; its cookbook is no longer needed on this client.
[2018-09-07T04:36:16-04:00] INFO: Removing cookbooks/example/attributes/default.rb from the cache; its cookbook is no longer needed on this client.
[2018-09-07T04:36:16-04:00] INFO: Removing cookbooks/example/metadata.rb from the cache; its cookbook is no longer needed on this client.
[2018-09-07T04:36:16-04:00] INFO: Removing cookbooks/example/recipes/default.rb from the cache; its cookbook is no longer needed on this client.
[2018-09-07T04:36:16-04:00] INFO: Removing cookbooks/httpd/Berksfile from the cache; its cookbook is no longer needed on this client.
[2018-09-07T04:36:16-04:00] INFO: Removing cookbooks/httpd/README.md from the cache; its cookbook is no longer needed on this client.
[2018-09-07T04:36:16-04:00] INFO: Removing cookbooks/httpd/chefignore from the cache; its cookbook is no longer needed on this client.
[2018-09-07T04:36:16-04:00] INFO: Removing cookbooks/httpd/files/index.html from the cache; its cookbook is no longer needed on this client.
[2018-09-07T04:36:16-04:00] INFO: Removing cookbooks/httpd/metadata.rb from the cache; its cookbook is no longer needed on this client.
[2018-09-07T04:36:16-04:00] INFO: Removing cookbooks/httpd/recipes/default.rb from the cache; its cookbook is no longer needed on this client.
[2018-09-07T04:36:16-04:00] INFO: Removing cookbooks/httpd/spec/spec_helper.rb from the cache; its cookbook is no longer needed on this client.
[2018-09-07T04:36:16-04:00] INFO: Removing cookbooks/httpd/spec/unit/recipes/default_spec.rb from the cache; its cookbook is no longer needed on this client.
[2018-09-07T04:36:16-04:00] INFO: Removing cookbooks/httpd/test/recipes/default_test.rb from the cache; its cookbook is no longer needed on this client.
[2018-09-07T04:36:16-04:00] INFO: Removing cookbooks/nginx/CHANGELOG.md from the cache; its cookbook is no longer needed on this client.
[2018-09-07T04:36:16-04:00] INFO: Removing cookbooks/nginx/README.md from the cache; its cookbook is no longer needed on this client.
[2018-09-07T04:36:16-04:00] INFO: Removing cookbooks/nginx/metadata.rb from the cache; its cookbook is no longer needed on this client.
[2018-09-07T04:36:16-04:00] INFO: Removing cookbooks/nginx/recipes/default.rb from the cache; its cookbook is no longer needed on this client.
[2018-09-07T04:36:16-04:00] INFO: Removing cookbooks/httpd/.gitignore from the cache; its cookbook is no longer needed on this client.
[2018-09-07T04:36:16-04:00] INFO: Removing cookbooks/httpd/.kitchen.yml from the cache; its cookbook is no longer needed on this client.
[2018-09-07T04:36:16-04:00] INFO: Removing cookbooks/simple/spec/spec_helper.rb from the cache; its is no longer in the cookbook manifest.
[2018-09-07T04:36:16-04:00] INFO: Removing cookbooks/simple/spec/unit/recipes/default_spec.rb from the cache; its is no longer in the cookbook manifest.
[2018-09-07T04:36:16-04:00] INFO: Removing cookbooks/simple/test/recipes/default_test.rb from the cache; its is no longer in the cookbook manifest.
Synchronizing Cookbooks:
  - simple (0.1.0)
Installing Cookbook Gems:
Compiling Cookbooks...
[2018-09-07T04:36:16-04:00] INFO: HTTP Request Returned 404 Not Found: Object not found:
Converging 1 resources
Recipe: simple::default
  * file[/tmp/x.txt] action create[2018-09-07T04:36:16-04:00] INFO: Processing file[/tmp/x.txt] action create (simple::default line 7)
 (up to date)
[2018-09-07T04:36:16-04:00] INFO: Chef Run complete in 0.265017699 seconds
[2018-09-07T04:36:16-04:00] INFO: Removing cookbooks/simple/Berksfile from the cache; it is no longer needed by chef-client.
[2018-09-07T04:36:16-04:00] INFO: Removing cookbooks/simple/.gitignore from the cache; it is no longer needed by chef-client.
[2018-09-07T04:36:16-04:00] INFO: Removing cookbooks/simple/.kitchen.yml from the cache; it is no longer needed by chef-client.

Running handlers:
[2018-09-07T04:36:16-04:00] INFO: Running report handlers
Running handlers complete
[2018-09-07T04:36:16-04:00] INFO: Report handlers complete

Chef Client finished, 0/1 resources updated in 03 seconds
Read More

Friday, September 7, 2018

Understanding Chef Roles

Lets say that we want to have a couple of cookbooks to be executed on the nodes. In a normal case we can write those cookbooks , upload them to the chef-server. Roles in Chef are way to execute multiple cookbooks at one time on the chef-nodes.

Using Roles , we can logically group machines. Lets say we have a group of machines that run web servers and we want to run some cookbooks on machines that run web servers . in this case we will create a role and set all the cookbooks that need to run on that role ( on those specific set of machines running web servers ). Lastly we will define the machine with that role. In this article we will see an example of using roles,

Create a role using in the ~chef-repo/cookbooks/roles
[root@chefdk roles]# knife role from file web_servers.rb
Updated Role web_servers

Now edit the role as,
[root@chefdk roles]# knife role edit web_servers
This will take you to the web_servers file opened in a vi editor. Edit the content as below,
{
  "name": "web_servers",
  "description": "This role contains nodes, which act as web servers",
  "json_class": "Chef::Role",
  "default_attributes": {
    "ntp": {
      "ntpdate": {
        "disable": true
      }
    }
  },
  "override_attributes": {

  },
  "chef_type": "role",
  "run_list": [
    "recipe[httpd]"
  ],
  "env_run_lists": {

  }
}

In the above snippet of code, I added the line "recipe[httpd]" in the run_list. What iam trying to tell is that nodes which are assigned with the role web_servers, execute this cookbook or receipe httpd. Iam editing the role to define that cookbooks that need to be executed.Edit the Node by adding the role, run the command, knife node edit firstnode

This will open the node in an editor. Make changes as shown in the below content,

{
  "name": "firstnode",
  "chef_environment": "_default",
  "normal": {
    "tags": [

    ]
  },
  "policy_name": null,
  "policy_group": null,
  "run_list": [
  "role[web_servers]"
 ]
}

In the above snippet, I have added the line “role[web_servers]”. Save it.
Once this is done , we attached a role called “web_servers” to the node firstnode. Previously we added the cookbooks that need to run as a part of role. Now lets go to the chef-node and execute the command as,

[root@chefclient ~]# chef-client
[2018-09-04T04:55:04-04:00] INFO: Forking chef instance to converge...
Starting Chef Client, version 12.22.5
[2018-09-04T04:55:04-04:00] INFO: *** Chef 12.22.5 ***
[2018-09-04T04:55:04-04:00] INFO: Platform: x86_64-linux
[2018-09-04T04:55:04-04:00] INFO: Chef-client pid: 23804
[2018-09-04T04:55:04-04:00] INFO: The plugin path /etc/chef/ohai/plugins does not exist. Skipping...
[2018-09-04T04:55:07-04:00] INFO: Run List is [role[web_servers]]
[2018-09-04T04:55:07-04:00] INFO: Run List expands to [httpd]
[2018-09-04T04:55:07-04:00] INFO: Starting Chef Run for firstnode
[2018-09-04T04:55:07-04:00] INFO: Running start handlers
[2018-09-04T04:55:07-04:00] INFO: Start handlers complete.
[2018-09-04T04:55:07-04:00] INFO: HTTP Request Returned 404 Not Found:
[2018-09-04T04:55:07-04:00] INFO: HTTP Request Returned 404 Not Found:
[2018-09-04T04:55:07-04:00] INFO: Error while reporting run start to Data Collector. URL: https://chefserver.nova.com/organizations/nova/data-collector Exception: 404 -- 404 "Not Found"  (This is normal if you do not have Chef Automate)
resolving cookbooks for run list: ["httpd"]
[2018-09-04T04:55:08-04:00] INFO: Loading cookbooks [httpd@0.1.0]
Synchronizing Cookbooks:
  - httpd (0.1.0)
Installing Cookbook Gems:
Compiling Cookbooks...
[2018-09-04T04:55:08-04:00] INFO: HTTP Request Returned 404 Not Found:
Converging 3 resources
Recipe: httpd::default
  * yum_package[httpd] action install[2018-09-04T04:55:08-04:00] INFO: Processing yum_package[httpd] action install (httpd::default line 7)
 (up to date)
  * service[httpd] action enable[2018-09-04T04:55:09-04:00] INFO: Processing service[httpd] action enable (httpd::default line 11)
 (up to date)
  * service[httpd] action start[2018-09-04T04:55:10-04:00] INFO: Processing service[httpd] action start (httpd::default line 11)
 (up to date)
  * cookbook_file[/var/www/html/index.html] action create[2018-09-04T04:55:10-04:00] INFO: Processing cookbook_file[/var/www/html/index.html] action create (httpd::default line 15)
 (up to date)
[2018-09-04T04:55:10-04:00] INFO: Chef Run complete in 2.486547636 seconds

Running handlers:
[2018-09-04T04:55:10-04:00] INFO: Running report handlers
Running handlers complete
[2018-09-04T04:55:10-04:00] INFO: Report handlers complete
Chef Client finished, 0/4 resources updated in 06 seconds

We can see from the output that the chef-client has ran the cookbooks that are defined in the role.
Read More

Understanding Chef Cookbooks

Once that we configure the chef server , let write a simple cookbook and see how it is executed. Run the commands in color to create a sample cookbook

[root@manja17-I14020 .chef]# cd ~/chef-repo/cookbooks/
[root@manja17-I14020 cookbooks]# chef generate cookbook httpd
Generating cookbook httpd
- Ensuring correct cookbook file content
- Ensuring delivery configuration
- Ensuring correct delivery build cookbook content

Your cookbook is ready. Type `cd httpd` to enter it.

There are several commands you can run to get started locally developing and testing your cookbook.
Type `delivery local --help` to see a full list.

Why not start by writing a test? Tests for the default recipe are stored at:

test/recipes/default_test.rb

If you'd prefer to dive right in, the default recipe can be found at:

recipes/default.rb

[root@manja17-I14020 cookbooks]# cd httpd/
[root@manja17-I14020 httpd]# ll
total 16
-rw-r--r--. 1 root root   47 Sep  3 05:47 Berksfile
-rw-r--r--. 1 root root 1133 Sep  3 05:47 chefignore
-rw-r--r--. 1 root root  568 Sep  3 05:47 metadata.rb
-rw-r--r--. 1 root root   53 Sep  3 05:47 README.md
drwxr-xr-x. 2 root root   24 Sep  3 05:47 recipes
drwxr-xr-x. 3 root root   40 Sep  3 05:47 spec
drwxr-xr-x. 3 root root   21 Sep  3 05:47 test

Add the code to the default.rb file

Go to "~/chef-repo/cookbooks/httpd/recipes" and add the below content as,
[root@chefdk recipes]# cat default.rb
#
# Cookbook Name:: httpd
# Recipe:: default
#
# Copyright (c) 2018 The Authors, All Rights Reserved.

package 'httpd' do
  action :install
end

service 'httpd' do
  action [ :enable, :start ]
end

cookbook_file "/var/www/html/index.html" do
  source "index.html"
  mode "0644"
end

Also create a file “index.html” in the httpd/files location. This will the same file that we will copy to the chef-nodes for httpd server. This is the home page for the httpd server.

Once that we have written the code, upload the cookbook to the chef server using,
[root@manja17-I14020 recipes]# knife cookbook upload httpd
Uploading httpd        [0.1.0]
Uploaded 1 cookbook.

Check the available  cookbooks in server using,
[root@manja17-I14020 recipes]# knife cookbook list
httpd   0.1.0

Now add the cookbook to the run_list using,
[root@manja17-I14020 recipes]# knife node run_list add firstnode httpd
firstnode:
  run_list: recipe[httpd]

Run lists define what cookbooks a node will use. The run list is an ordered list of all cookbooks and recipes that the chef-client needs to pull from the Chef server to run on a node. Run lists are also used to define roles, which are used to define patterns and attributes across nodes.

Run the Cook Book Manually on the chef-node using,
 [root@manja17-I14022 ~]# chef-client -r recipe[httpd]
[2018-09-03T06:19:54-04:00] INFO: Forking chef instance to converge...
Starting Chef Client, version 12.22.5
[2018-09-03T06:19:54-04:00] INFO: *** Chef 12.22.5 ***
[2018-09-03T06:19:54-04:00] INFO: Platform: x86_64-linux
[2018-09-03T06:19:54-04:00] INFO: Chef-client pid: 29567
[2018-09-03T06:19:54-04:00] INFO: The plugin path /etc/chef/ohai/plugins does not exist. Skipping...
[2018-09-03T06:19:57-04:00] INFO: Setting the run_list to [#<Chef::RunList::RunListItem:0x0000000001d9ac50 @version=nil, @type=:recipe, @name="httpd">] from CLI options
[2018-09-03T06:19:57-04:00] INFO: Run List is [recipe[httpd]]
[2018-09-03T06:19:57-04:00] INFO: Run List expands to [httpd]
[2018-09-03T06:19:57-04:00] INFO: Starting Chef Run for firstnode
[2018-09-03T06:19:57-04:00] INFO: Running start handlers
[2018-09-03T06:19:57-04:00] INFO: Start handlers complete.
[2018-09-03T06:19:57-04:00] INFO: HTTP Request Returned 404 Not Found:
[2018-09-03T06:19:57-04:00] INFO: HTTP Request Returned 404 Not Found:
[2018-09-03T06:19:57-04:00] INFO: Error while reporting run start to Data Collector. URL: https://chefserver.nova.com/organizations/nova/data-collector Exception: 404 -- 404 "Not Found"  (This is normal if you do not have Chef Automate)
resolving cookbooks for run list: ["httpd"]
[2018-09-03T06:19:57-04:00] INFO: Loading cookbooks [httpd@0.1.0]
Synchronizing Cookbooks:
[2018-09-03T06:19:57-04:00] INFO: Storing updated cookbooks/httpd/files/index.html in the cache.
  - httpd (0.1.0)
Installing Cookbook Gems:
Compiling Cookbooks...
[2018-09-03T06:19:57-04:00] INFO: HTTP Request Returned 404 Not Found:
Converging 3 resources
Recipe: httpd::default
  * yum_package[httpd] action install[2018-09-03T06:19:57-04:00] INFO: Processing yum_package[httpd] action install (httpd::default line 7)
 (up to date)
  * service[httpd] action enable[2018-09-03T06:19:59-04:00] INFO: Processing service[httpd] action enable (httpd::default line 11)
 (up to date)
  * service[httpd] action start[2018-09-03T06:19:59-04:00] INFO: Processing service[httpd] action start (httpd::default line 11)
 (up to date)
  * cookbook_file[/var/www/html/index.html] action create[2018-09-03T06:19:59-04:00] INFO: Processing cookbook_file[/var/www/html/index.html] action create (httpd::default line 15)
[2018-09-03T06:19:59-04:00] INFO: cookbook_file[/var/www/html/index.html] created file /var/www/html/index.html

    - create new file /var/www/html/index.html[2018-09-03T06:19:59-04:00] INFO: cookbook_file[/var/www/html/index.html] updated file contents /var/www/html/index.html

    - update content in file /var/www/html/index.html from none to e3b0c4
    (no diff)[2018-09-03T06:19:59-04:00] INFO: cookbook_file[/var/www/html/index.html] mode changed to 644

    - change mode from '' to '0644'
    - restore selinux security context
[2018-09-03T06:20:00-04:00] INFO: Chef Run complete in 2.342676017 seconds

Running handlers:
[2018-09-03T06:20:00-04:00] INFO: Running report handlers
Running handlers complete
[2018-09-03T06:20:00-04:00] INFO: Report handlers complete
Chef Client finished, 1/4 resources updated in 05 seconds


This is how we will be writing a simple cookbook and automate them on the chef-nodes.
Read More

Configuring a Chef Environment - Chef Nodes

Now that we configure chef-server and chef-workstation, lets see what needs to be done on the chef-node side.

[root@manja17-I14020 .chef]# knife bootstrap chefclient.nova.com -x root -P redhat -N firstnode --sudo
Node firstnode exists, overwrite it? (Y/N) y
Client firstnode exists, overwrite it? (Y/N) y
Creating new client for firstnode
Creating new node for firstnode
Connecting to chefclient.nova.com
chefclient.nova.com -----> Installing Chef Omnibus (-v 12)
chefclient.nova.com downloading https://omnitruck-direct.chef.io/chef/install.sh
chefclient.nova.com   to file /tmp/install.sh.24962/install.sh
chefclient.nova.com trying wget...
chefclient.nova.com el 7 x86_64
chefclient.nova.com Getting information for chef stable 12 for el...
chefclient.nova.com downloading https://omnitruck-direct.chef.io/stable/chef/metadata?v=12&p=el&pv=7&m=x86_64
chefclient.nova.com   to file /tmp/install.sh.24967/metadata.txt
chefclient.nova.com trying wget...
chefclient.nova.com sha1        949d2c42c0852d564874fde4cb1428a5f52e294b
chefclient.nova.com sha256      9ed78527ff7d85b846a491d240305150a760e57416feb5232e80c2923946863e
chefclient.nova.com url https://packages.chef.io/files/stable/chef/12.22.5/el/7/chef-12.22.5-1.el7.x86_64.rpm
chefclient.nova.com version     12.22.5
chefclient.nova.com downloaded metadata file looks valid...
chefclient.nova.com downloading https://packages.chef.io/files/stable/chef/12.22.5/el/7/chef-12.22.5-1.el7.x86_64.rpm
chefclient.nova.com   to file /tmp/install.sh.24967/chef-12.22.5-1.el7.x86_64.rpm
chefclient.nova.com trying wget...
chefclient.nova.com Comparing checksum with sha256sum...
chefclient.nova.com Installing chef 12
chefclient.nova.com installing with rpm...
chefclient.nova.com warning: /tmp/install.sh.24967/chef-12.22.5-1.el7.x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID 83ef826a: NOKEY
chefclient.nova.com Preparing...                          ################################# [100%]
chefclient.nova.com Updating / installing...
chefclient.nova.com    1:chef-12.22.5-1.el7               ################################# [100%]
chefclient.nova.com Thank you for installing Chef!
chefclient.nova.com Starting the first Chef Client run...
chefclient.nova.com [2018-09-03T05:43:28-04:00] INFO: Forking chef instance to converge...
chefclient.nova.com Starting Chef Client, version 12.22.5
chefclient.nova.com [2018-09-03T05:43:28-04:00] INFO: *** Chef 12.22.5 ***
chefclient.nova.com [2018-09-03T05:43:28-04:00] INFO: Platform: x86_64-linux
chefclient.nova.com [2018-09-03T05:43:28-04:00] INFO: Chef-client pid: 25057
chefclient.nova.com [2018-09-03T05:43:28-04:00] INFO: The plugin path /etc/chef/ohai/plugins does not exist. Skipping...
chefclient.nova.com [2018-09-03T05:43:33-04:00] INFO: Setting the run_list to [] from CLI options
chefclient.nova.com [2018-09-03T05:43:33-04:00] INFO: Run List is []
chefclient.nova.com [2018-09-03T05:43:33-04:00] INFO: Run List expands to []
chefclient.nova.com [2018-09-03T05:43:33-04:00] INFO: Starting Chef Run for firstnode
chefclient.nova.com [2018-09-03T05:43:33-04:00] INFO: Running start handlers
chefclient.nova.com [2018-09-03T05:43:33-04:00] INFO: Start handlers complete.
chefclient.nova.com [2018-09-03T05:43:33-04:00] INFO: HTTP Request Returned 404 Not Found:
chefclient.nova.com [2018-09-03T05:43:33-04:00] INFO: HTTP Request Returned 404 Not Found:
chefclient.nova.com [2018-09-03T05:43:33-04:00] INFO: Error while reporting run start to Data Collector. URL: https://chefserver.nova.com/organizations/nova/data-collector Exception: 404 -- 404 "Not Found"  (This is normal if you do not have Chef Automate)
chefclient.nova.com resolving cookbooks for run list: []
chefclient.nova.com [2018-09-03T05:43:33-04:00] INFO: Loading cookbooks []
chefclient.nova.com Synchronizing Cookbooks:
chefclient.nova.com Installing Cookbook Gems:
chefclient.nova.com Compiling Cookbooks...
chefclient.nova.com [2018-09-03T05:43:33-04:00] WARN: Node firstnode has an empty run list.
chefclient.nova.com [2018-09-03T05:43:33-04:00] INFO: HTTP Request Returned 404 Not Found:
chefclient.nova.com Converging 0 resources
chefclient.nova.com [2018-09-03T05:43:33-04:00] INFO: Chef Run complete in 0.276968064 seconds
chefclient.nova.com
chefclient.nova.com Running handlers:
chefclient.nova.com [2018-09-03T05:43:33-04:00] INFO: Running report handlers
chefclient.nova.com Running handlers complete
chefclient.nova.com [2018-09-03T05:43:33-04:00] INFO: Report handlers complete
chefclient.nova.com Chef Client finished, 0/0 resources updated in 04 seconds

root is the username, redhat is the password and firstnode is the name of the node that we are giving to that macine in chef.

Run the below command to make sure the nodes are configured,
[root@manja17-I14020 .chef]# knife node list
firstnode

[root@manja17-I14020 .chef]# knife client show firstnode
admin:     false
chef_type: client
name:      firstnode

validator: false





Read More