cookbook 'managed_chef_server', '~> 0.20.0', :supermarket
managed_chef_server (10) Versions 0.20.0 Follow0
Installs and configures a Chef server
cookbook 'managed_chef_server', '~> 0.20.0'
knife supermarket install managed_chef_server
knife supermarket download managed_chef_server
Deploys and configures the Chef Infra Server in a relatively stateless model. The included [policyfiles](policyfiles) provide examples of deployment options and the required attributes. You will need to pass
node['chef-server']['accept_license'] = true
for Chef Server 13 and 14.
Installs the Chef Infra Server in a new deployment, wrapping the Chef-Server cookbook. You will need to use the
managed_organization recipe or provide your own organizations recipe to use the other recipes. If you wish to configure your Chef Infra Server to report to Automate you will need to provide the following attributes like so:
node['mcs']['data_collector']['token'] = '1234ABCD5678efjkkPmBsihvwXI=' node['mcs']['data_collector']['root_url'] = 'https://YOURAUTOMATE/data-collector/v0/' node['mcs']['data_collector']['proxy'] = true node['mcs']['profiles']['root_url'] = 'https://YOURAUTOMATE'
This creates a managed Chef organization and an org-managing admin user through the appropriate [attributes](attributes/default.rb#24).
Restores the Chef Infra Server in a new deployment, including the
default recipe. It looks for the existence of a knife-ec-backup tarball to restore from, configured with the
node['mcs']['restore']['file'] attribute. If you are using the
managed_organization recipe it will restore your
/etc/chef/managed/ORG_NAME/ORG_NAME.keys from the backup.
Upgrades the existing Chef Infra Server to a new version with the package provided. The cookbook follows the Chef Infra Server Standalone Upgrade Documentation and will stop the server for the duration of the upgrade and perform the
chef-server-ctl cleanup at the end. You may provide the appropriate .RPM or .DEB package via the
knife ec backup via cron and puts the backups in the
node['mcs']['backup']['dir']. The default is 2:30am daily, but you may change the cron schedule via the following attributes.
node['mcs']['backup']['cron']['minute'] = '30' node['mcs']['backup']['cron']['hour'] = '2' node['mcs']['backup']['cron']['day'] = '*' node['mcs']['backup']['cron']['month'] = '*' node['mcs']['backup']['cron']['weekday'] = '*'
Schedules the Chef client to run on the Chef Infra Server via cron against a provided policyfile archive. This may be set to use
--local-mode, for when the Chef client has no other Chef Infra Server to contact. See the example [policyfiles/cron.rb](policyfiles/cron.rb) and [kitchen.yml](kitchen.yml) for reference.
node['mcs']['data_bags']['dir'] is compared against the existing data bags on the server and creates and/or updates them as necessary. If the
node['mcs']['data_bags']['prune'] attribute is
true then the data bags and their items are deleted if they exist on the server but do not have the requisite JSON files.
node['mcs']['roles']['dir'] directories and loads whatever content is found into the Chef Infra Server organization. If you want to use the same directory for the roles and environments the recipe can distinguish between JSON files. The cookbooks are expected to be tarballs in a directory, they will all be attempted to load via their
Berksfile or with
knife. For legacy cookbooks with multiple dependencies it may take multiple runs to load everything.
node['mcs']['policyfile']['dir'] and parses any
.lock.json files to determine which policyfile archives to load into the local Chef Infra Server. Policies will be assigned to the group designated by the
node['mcs']['policyfile']['group'] attribute for the Chef Infra Server (
_default is the default). If the policy itself sets the
node['mcs']['policyfile']['group'] attribute, the policy will be assigned to that group.
The [default.rb](attributes/default.rb) attributes file documents available settings and tunings.
Custom resources are used to reduce the complexity of the included recipes.
:create action will instantiate a Chef Infra Server organization with an internal administrator user. The name properties is the
organization. The organization's
password are all optional properties.
This resource schedules backups of the Chef Infra Server via cron-style properties (
weekday). The backups are written to the
directory and their filenames start with the
This resource requires an
archive property specifying the policyfile archive to deploy and use for running via
This resource requires a
tarball property specifying the
knife ec backup tarball to restore from.
This resource runs
knife against the
directory property specifying the source for the cookbook tarballs to keep in sync with the server.
This resource works off of the
directory property specifying the source for the data bags to keep in sync with the server.
:item_prune for managing the data bags available on the server. This custom resource is called from the
All of the Ruby or JSON environment files in the
directory will be loaded onto the Chef Infra Server and updated if they change.
This resource looks for policyfile locks and archives in the
directory specifying the source, only uploading them if they have been updated.
All of the Ruby or JSON role files in the
directory will be loaded onto the Chef Infra Server and updated if they change.
There is a [kitchen.yml](kitchen.yml) that may be used for testing with Vagrant. The [kitchen.vagrant.yml](kitchen.vagrant.yml) may be symlinked as kitchen.local.yml and used with local caches to speed up testing. The following Suites map to separate named run lists in the [Policyfile.rb](Policyfile.rb) that may be repurposed as necessary, with
15* variants for testing with Chef Infra Client 15 and
-12/13/14 indicating Chef Infra Server tests by version. The
test directory will need to be populated with downloaded DEB and RPM installers as necessary.
Testing is primarily on CentOS 7, with
-ubuntu variants added for the
everything tests. Some Chef 15 Infra client and Chef Infra Server 12 (deprecated) tests have been removed to reduce the number of tested combinations.
Tests simple installation and creation of the managed Chef user and organization.
Checks the backup script is in the crontab and backup directories are available. Chef Infra Client 15 and Chef Infra Server 12 removed for efficiency.
Checks the chef-client is in the crontab. Chef Infra Client 15 and Chef Infra Server 12 removed for efficiency.
Adds loading data bags from the included [test](test) directory. It restores from a previous data bag backup to ensure pruning and updating work.
Tests deploying the Chef Infra Server configured to send data to an external Automate deployment.
Adds loading cookbooks, environments and roles from the included [test](test) directory.
Adds loading policyfiles from the included [test](test) directory.
Restores the Chef Infra Server from a backup consisting of the
kitchen verify restore ensures the policyfiles were restored properly.
Installs the Chef Infra Server, loads data bags, loads legacy content, loads policyfiles, and adds backup via cron, then upgrades the installed version of Chef Infra Server. There are upgrades from Chef Infra Server versions 12 to 13 and from 13 to 14.
Installs the Chef Infra Server, loads data bags, loads legacy content, loads policyfiles, adds backup via cron, and upgrades the installation.
License and Authors
- Author: Matt Ray firstname.lastname@example.org
- Copyright 2018-2021, Chef Software, Inc
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
|chef-ingredient ~> 3.3|
|chef-server ~> 5.6|
There are no cookbooks that are contingent upon this one.