chef runit example
When working with the runit cookbook, you may define a service like this:
runit_service "your_name" do
env({"HOME" => "some value")
check true
end
and then you’d have to create the following template files:
1 | sv-your_name-run.erb |
1
sv-your_name-log-run.erb
. In the 1
sv-your_name-run
template you’d have something
like this:
#!/bin/sh
exec 2>&1
exec chpst -e env echo $(date) >> log.txt
of course, it’s kind of dumb to just echo date, and have that ran as a service, but, hey, it’s just an example. Basically, runit will make sure that the service will be restarted if it goes down. So, in the case above, you will get a new line in log.txt about once a second.
Notice that in the runit_service I’m setting the env attribute. This has the effect of
passing environment variables to runit, which will be creted in the env folder. That’s why
the
1 | -e env |
The second template, I usually put it like this:
#!/bin/sh
exec svlogd -tt ./main
and this will have the effect of sending the logs to
1 | /etc/service/your_name/log/main/current |
1
check true
, which allows us to write a script to check if our
service is running. It’s template file will be 1
sv-ruby-your_name-check.erb
. You can put anything
you want in it, as long as you exit with a 0 code. For example, to check that a ruby
script was running as a service, I did something like this:
#!/bin/bash
exec &> /dev/null
exec ps aux | grep -v grep | grep -i ruby
If the check script writes output to stdout, it causes a write error. That’s why I’m redirecting to /dev/null.
To start/stop/restart/view logs:
sudo sv start your_name
sudo sv stop your_name
sudo sv restart your_name
cat /etc/service/your_name/log/main/current
libv8 and ruby racer issues on el capitan
Found solution for bundling problems here:
brew tap homebrew/versions
brew install v8-315
gem install libv8 -v '3.16.14.13' -- --with-system-v8
gem install therubyracer -- --with-v8-dir=/usr/local/opt/v8-315
bundle install
fixing hibernation on ubuntu 16.04
After updating to 16.04, hibernation wasn’t working anymore. Found the fix here:
$ cd /tmp
$ wget \
kernel.ubuntu.com/~kernel-ppa/mainline/v4.4.8-wily/linux-headers-4.4.8-040408_4.4.8-040408.201604200335_all.deb \
kernel.ubuntu.com/~kernel-ppa/mainline/v4.4.8-wily/linux-headers-4.4.8-040408-generic_4.4.8-040408.201604200335_amd64.deb \
kernel.ubuntu.com/~kernel-ppa/mainline/v4.4.8-wily/linux-image-4.4.8-040408-generic_4.4.8-040408.201604200335_amd64.deb
$ sudo dpkg -i linux-headers-4.4*.deb linux-image-4.4*.deb
Reboot, and then it should work again.
random examples of working with knife zero
This is the config I’ve used with knife zero:
current_dir = File.dirname(__FILE__)
chef_zero.enabled true
local_mode true
log_level :info
log_location STDOUT
node_name "local"
client_key "#{current_dir}/local.pem"
chef_server_url "http://127.0.0.1:9901"
cache_type 'BasicFile'
cache_options( :path => "#{ENV['HOME']}/.chef/checksums" )
cookbook_path [
File.join(current_dir, '..', 'cookbooks'),
File.join(current_dir, '..', 'site-cookbooks'),
File.join(current_dir, '..', 'berks-cookbooks')
]
- configure a kitchen.yml file with a private network ( I will assume 192.168.33.15 is the IP ):
kitchen create
- bootstrap it with
:1
knife zero
knife zero bootstrap 192.168.33.15 --ssh-user vagrant --sudo
- this will ask you for your password, then proceed with the installation of chef
- after the command is done, you should have a new entry in the nodes folder
iterating over the contents of a data bag
data_bag("users").each do |user_name|
user_data = data_bag_item("users", user_name)
log "found #{user_data.id}"
end
or, using search:
search("users","*:*").each do |user|
log "found #{user.id}"
end
simple chef-zero setup
Simple Chef-Zero setup
- create folder
1
my-chef
1
cd my-chef
1
mkdir .chef
1
ssh-keygen -f local.pem -P ""
1
ssh-keygen -f validation.pem -P ""
- add this to knife.rb:
current_folder = File.dirname(__FILE__)
chef_repo = File.join(current_folder, "..")
chef_server_url "http://127.0.0.1:9901"
node_name "local"
client_key File.join(current_folder, "local.pem")
cookbook_path "#{chef_repo}/cookbooks"
cache_type "BasicFile"
cache_options :path => "#{chef_repo}/checksums"
- make sure to start chef-zero on port 9901:
chef-zero --port 9901
- make a folder
at the same level as .chef1
nodes
- add some data in
1
nodes/lenode.json
{
"name": "lenode",
"chef_type": "node",
"json_class": "Chef::Node",
"chef_environment": "_default",
"run_list": [
"recipe[whatever]",
],
...
}
- cd to same level as nodes folder
- upload them:
knife upload nodes
on configuring chef-server locally
After reading this article, not all the steps applied in my case. I’ve pasted the steps I had to take on my system, to get chef-dk 0.11.0-1_amd64.deb to work on the listed CentOs.
Steps to configure chef-server locally
- use this kitchen file:
---
driver:
name: vagrant
provisioner:
name: chef_zero
# Uncomment the following verifier to leverage Inspec instead of Busser (the
# default verifier)
# verifier:
# name: inspec
platforms:
- name: centos65
driver:
network:
- ["private_network", {ip: "192.168.33.7"}]
box: learningchef/centos65
box_url: learningchef/centos65
suites:
- name: default
run_list:
- recipe[chef-server::default]
attributes:
- with this recipe:
#
# Cookbook Name:: chef-server
# Recipe:: default
#
# Copyright (c) 2016 The Authors, All Rights Reserved.
default['chef-server']['url'] = 'https://opscode-omnibus-packages.s3.amazonaws.com/el/6/x86_64/chef-server-11.1.4-1.el6.x86_64.rpm'
package_url = node['chef-server']['url']
package_name = ::File.basename(package_url)
package_local_path = "#{Chef::Config[:file_cache_path]}/#{package_name}"
# omnibus_package is remote (i.e., a URL) let's download it
rpm_package package_name do
source package_local_path
end
package package_local_path
# reconfigure the installation
execute 'chef-server-ctl reconfigure'
- do a kitchen converge
- open https://192.168.33.7 in your browser
- login as admin/p@assw0rd1
- change password
- create user geo with whatever password, make him an admin
- on the screen there will be a private key shown, copy that and save it locally to a file named geo.pem
- in chef-repo create a .chef folder
- copy geo.pem there
- we need to copy the chef-validator from the host scp root@192.168.33.7:/etc/chef-server/chef-validator.pem .
- add a new entry to /etc/hosts with the following content:
192.168.33.7 default-centos65
- in .chef, create a file called knife.rb with the following content:
current_dir = File.dirname(__FILE__)
log_level :info
log_location STDOUT
node_name "geo"
client_key "#{current_dir}/geo.pem"
validation_client_name "chef-validator"
validation_key "#{current_dir}/chef-validator.pem"
chef_server_url "https://default-centos65:443"
cache_type "BasicFile"
cache_options( :path => "#{ENV['HOME']}/.chef/checksums" )
cookbook_path ["#{current_dir}/../cookbooks"]
- the content of .chef should be:
.chef/ geo.pem knife.rb chef-validator.pem
- test that server is accessible:
$ knife client list chef-validator chef-webui
Potential problems you may encounter
- I encountered this initially, when running knife client list
➜ chef-repo git:(master) ✗ knife client list ERROR: SSL Validation failure connecting to host: default-centos65.vagrantup.com - hostname "default-centos65.vagrantup.com" does not match the server certificate ERROR: SSL Error connecting to https://default-centos65.vagrantup.com/clients, retry 1/5 ERROR: SSL Validation failure connecting to host: default-centos65.vagrantup.com - hostname "default-centos65.vagrantup.com" does not match the server certificate
- fix for it was to run knife ssl check, where I saw the following:
➜ chef-repo git:(master) ✗ knife ssl check Connecting to host default-centos65.vagrantup.com:443 ERROR: The SSL cert is signed by a trusted authority but is not valid for the given hostname ERROR: You are attempting to connect to: 'default-centos65.vagrantup.com' ERROR: The server's certificate belongs to 'default-centos65'
- then, I just changed the entry from default-centos65.vagrantup.com to default-centos65 in /etc/hosts
- also, I went in knife.rb and I changed chef_server_url from:
chef_server_url "https://default-centos65.vagrantup.com:443"
to
chef_server_url "https://default-centos65:443"
- next, run another knife ssl check, and you should see this output:
➜ chef-repo git:(master) ✗ knife ssl check Connecting to host default-centos65:443 Successfully verified certificates from `default-centos65'