Friday, January 31, 2014

Adding multiple users with chef(bash and template,cookbook_file)-public key added

Forward
* This article  shows how to add multiple users by using chef recipe. I used 'template' and cookbook_file in this example.
  This post assumes that readers are already installed and configured chef-server and clients.
  In terms of security, this article may not be excellent. So, do use carefully. If you are in the situation that the security is the real issue, use the "data bag encryption" for public or private key. 

1. Create cookbook 

root@knife2:/home/young/chef-repo# knife cookbook create user add


2. Making templates/user.txt.erb

root@knife2:/home/young/chef-repo# vi cookbooks/useradd/templates/default/user.txt.erb 
user1:users_group
user2:users_group
user3:users_group
user4:users_group

3. Create authorized_keys file.
I used vi to paster public key. Could use scp or other method.
root@knife2:/home/young/chef-repo# vi cookbooks/useradd/templates/default/authorized_keys
blablabla……..^^

4. Lastly, I made recipes/default.rb 
root@knife2:/home/young/chef-repo# vi cookbooks/useradd/recipes/default.rb 



#
# Cookbook Name:: useradd
# Recipe:: default
#
# Copyright 2014, My Future Company
#
# All rights reserved - Do Not Redistribute
#
# Author ohyoungjooung@gmail.com


template '/root/users' do
    source 'user.txt.erb'
end

cookbook_file "/root/authorized_keys" do
    source "authorized_keys"
    mode 0600
end

bash 'useradding' do
    user "root"
    cwd "/root"
    code <<-EOH 
    check(){
     if [[ $?=="0" ]]
     then
      echo "$1 is successful"
     else 
      echo "failed to achive mission"
      exit 1 
     fi
    }
    groupadd users_group
    for i in $(cat users)
    do
    USER=`echo $i | cut -d':' -f1`
    GROUP=`echo $i | cut -d':' -f2`
    #RUN COMMAND OF useradd
    useradd $USER -g $GROUP -m
    check "$USER useradd"
    mkdir /home/$USER/.ssh
    check "$USER mkdir"
    cp authorized_keys /home/$USER/.ssh/
    check "$USER authcp"
    chmod 0700 /home/$USER/.ssh
    chown -R $USER /home/$USER/.ssh
    chmod 0600 /home/$USER/.ssh/authorized_keys
    done
    rm -f /root/users
    rm -f /root/authorized_keys
    EOH

end

5. Uploading useradd recipe and test

root@knife2:/home/young/chef-repo# knife cookbook upload useradd
Uploading useradd        [0.1.0]
Uploaded 1 cookbook

# On node of chef-clint1
root@chef-client1:~# chef-client -o useradd

  * bash[useradding] action run[2014-01-30T11:35:55+09:00] INFO: Processing bash[useradding] action run (useradd::default line 14)
[2014-01-30T11:35:55+09:00] INFO: bash[useradding] ran successfully

    - execute "bash"  "/tmp/chef-script20140130-8091-1449qkb"

[2014-01-30T11:35:55+09:00] INFO: Chef Run complete in 0.277210052 seconds
[2014-01-30T11:35:55+09:00] INFO: Running report handlers
[2014-01-30T11:35:55+09:00] INFO: Report handlers complete
Chef Client finished, 2 resources updated

root@chef-client1:~# cat /etc/passwd | grep user
user1:x:1003:1004::/home/user1:/bin/sh
user2:x:1004:1004::/home/user2:/bin/sh
user3:x:1005:1004::/home/user3:/bin/sh
user4:x:1006:1004::/home/user4:/bin/sh
root@chef-client1:~# 


6. Using knife bootstrap on chef-client2 server. If you already ssh setting like private an public key password authentication won't be necessary.

root@knife2:/home/young/chef-repo# knife bootstrap chef-client2 -r 'recipe[useradd]' -x young --sudo
Bootstrapping Chef on chef-client2
Failed to authenticate young - trying password auth
Enter your password: 
chef-client2 Starting Chef Client, version 11.8.2
chef-client2 resolving cookbooks for run list: ["useradd"]
chef-client2 Synchronizing Cookbooks:
chef-client2   - useradd
chef-client2 Compiling Cookbooks...
chef-client2 Converging 2 resources
chef-client2 Recipe: useradd::default
chef-client2   * template[/tmp/users] action create
chef-client2     - create new file /tmp/users
chef-client2     - update content in file /tmp/users from none to ebcaf0
chef-client2         --- /tmp/users 2014-01-30 11:43:59.452210250 +0900
chef-client2         +++ /tmp/chef-rendered-template20140130-11865-15ixyap 2014-01-30 11:43:59.452210250 +0900
chef-client2         @@ -1 +1,6 @@
chef-client2         +user1:users_group
chef-client2         +user2:users_group
chef-client2         +user3:users_group
chef-client2         +user4:users_group
chef-client2         +
chef-client2 
chef-client2   * bash[useradding] action run
chef-client2     - execute "bash"  "/tmp/chef-script20140130-11865-30nl8s"
chef-client2 
chef-client2 Chef Client finished, 2 resources updated


 *Conclusion
This recipe is not sufficient because it does not include password. 
But it maybe useful for sysadmins to add many users for multiple servers in no time.

https://github.com/ohyoungjooung2/useradd
Posted by at No comments:

Thursday, January 30, 2014

Using include in recipes/default.rb(continues from former article)

In below article, I used role to install java and tomcat together.

http://wnapdlf.blogspot.kr/2014/01/using-role-to-install-tomcat-recipe.html

We can install java and tomcat using attributes/default.rb also

1.First
root@knife2:/home/young/chef-repo# vi cookbooks/java/attributes/default.rb
default["java"]["java_home"] = "/usr/local/java"

2. Second
Comment out  on line include_recipe "java"
root@knife2:/home/young/chef-repo# vi cookbooks/tomcat/recipes/default.rb 

# required for the secure_password method from the openssl cookbook
::Chef::Recipe.send(:include, Opscode::OpenSSL::Password)

include_recipe "java"


3. Change JAVA_HOME 
root@knife2:/home/young/chef-repo# vi cookbooks/tomcat/templates/default/default_tomcat6.erb 
# The home directory of the Java development kit (JDK). You need at least
# JDK version 1.5. If JAVA_HOME is not set, some common directories for
# OpenJDK, the Sun JDK, and various J2SE 1.5 versions are tried.
JAVA_HOME=<%= node["java"]["java_home"] %>

4. Upload recipe

root@knife2:/home/young/chef-repo# knife cookbook upload java tomcat
Uploading java           [0.1.0]
Uploading tomcat         [0.15.2]
Uploaded 2 cookbooks.
root@knife2:/home/young/chef-repo# 


5. Now let's test.

root@chef-client1:~# rm -rf /usr/local/java; apt-get -y purge tomcat6

root@chef-client1:~# chef-client -o tomcat

Omitting..blah blah blah
2014-01-30T03:22:16+09:00] INFO: service[tomcat] restarted

    - restart service service[tomcat]

[2014-01-30T03:22:16+09:00] INFO: Chef Run complete in 32.761104063 seconds
[2014-01-30T03:22:16+09:00] INFO: Running report handlers
[2014-01-30T03:22:16+09:00] INFO: Report handlers complete
Chef Client finished, 6 resources updated


root@chef-client1:~# /usr/local/java/bin/java -version
java version "1.7.0_51"
Java(TM) SE Runtime Environment (build 1.7.0_51-b13)
Java HotSpot(TM) 64-Bit Server VM (build 24.51-b03, mixed mode)
root@chef-client1:~# 

root@chef-client1:~# ps -ef | grep tomcat
tomcat6  10865     1  1 03:44 ?        00:00:04 /usr/local/java/bin/java -Djava.util.logging.config.file=/var/lib/tomcat6/conf/logging.properties -Xmx128M -Djava.awt.headless=true -XX:+UseConcMarkSweepGC -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djava.endorsed.dirs=/usr/share/tomcat6/lib/endorsed -classpath /usr/share/tomcat6/bin/bootstrap.jar -Dcatalina.base=/var/libtomcat6 -Dcatalina.home=/usr/share/tomcat6 -Djava.io.tmpdir=/tmp/tomcat6-tmp org.apache.catalina.startup.Bootstrap start
root     10901  8275  0 03:49 pts/2    00:00:00 grep --color=auto tomcat
root@chef-client1:~# 


6. Conclusion
I could install java and tomcat without new role.
First, edit attributes/default.rb of java recipe.
Second, just use the tomcat recipe from community site as it is.

Thanks for reading. Any comments or recommendation is welcome.



Posted by at No comments:

Wednesday, January 29, 2014

Using role to install tomcat recipe with java

*Before starting this installation, we should download openssl recipe from http://community.opscode.com/cookbooks/openssl because of dependency.

 Upload it with "knife cookbook upload openssl' in cookbook directory.
ex)
root@knife2:/home/young/chef-repo# ls cookbooks/openssl/
CHANGELOG.md  CONTRIBUTING  libraries  LICENSE  metadata.json  metadata.rb  README.md  recipes
root@knife2:/home/young/chef-repo# knife cookbook upload openssl
Uploading openssl        [1.0.2]
Uploaded 1 cookbook.


 # First Download community cookbook tomcat recipe.

root@knife2:/home/young/chef-repo/cookbooks# wget http://community.opscode.com/cookbooks/tomcat/versions/0_15_2/downloads

2014-01-28 05:10:19 (66.0 KB/s) - `downloads' saved [12250/12250]

root@knife2:/home/young/chef-repo/cookbooks# mv downloads tomcat
root@knife2:/home/young/chef-repo/cookbooks# tar xvzf tomcat 




#Edit key tool path in attributes/default.rb to /usr/local/java/bin/keytool
#I'm using ubuntu server, so change like bellows. Just "keytool part" 
when "debian","ubuntu"
  default["tomcat"]["user"] = "tomcat#{node["tomcat"]["base_version"]}"
  default["tomcat"]["group"] = "tomcat#{node["tomcat"]["base_version"]}"
  default["tomcat"]["home"] = "/usr/share/tomcat#{node["tomcat"]["base_version"]}"
  default["tomcat"]["base"] = "/var/lib/tomcat#{node["tomcat"]["base_version"]}"
  default["tomcat"]["config_dir"] = "/etc/tomcat#{node["tomcat"]["base_version"]}"
  default["tomcat"]["log_dir"] = "/var/log/tomcat#{node["tomcat"]["base_version"]}"
  default["tomcat"]["tmp_dir"] = "/tmp/tomcat#{node["tomcat"]["base_version"]}-tmp"
  default["tomcat"]["work_dir"] = "/var/cache/tomcat#{node["tomcat"]["base_version"]}"
  default["tomcat"]["context_dir"] = "#{node["tomcat"]["config_dir"]}/Catalina/localhost"
  default["tomcat"]["webapp_dir"] = "/var/lib/tomcat#{node["tomcat"]["base_version"]}/webapps"
  default["tomcat"]["keytool"] = "/usr/local/java/bin/keytool"
  default["tomcat"]["lib_dir"] = "#{node["tomcat"]["home"]}/lib"
  default["tomcat"]["endorsed_dir"] = "#{node["tomcat"]["lib_dir"]}/endorsed"

# To use role, comment the line that is "include_recipe java

 #
# Cookbook Name:: tomcat
# Recipe:: default
#
# Copyright 2010, Opscode, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#

# required for the secure_password method from the openssl cookbook
::Chef::Recipe.send(:include, Opscode::OpenSSL::Password)

#Below line
#include_recipe "java"


 #Change JAVA_HOME TO JAVA_HOME=<%= "/usr/local/java" %>
root@knife2:/home/young/chef-repo# vi cookbooks/tomcat/templates/default/default_tomcat6.erb 

# The home directory of the Java development kit (JDK). You need at least
# JDK version 1.5. If JAVA_HOME is not set, some common directories for
# OpenJDK, the Sun JDK, and various J2SE 1.5 versions are tried.
JAVA_HOME=<%= "/usr/local/java" %>

root@knife2:/home/young/chef-repo# vi cookbooks/tomcat/templates/default/
default_tomcat6.erb     manifest.xml.erb        sysconfig_tomcat6.erb   
logging.properties.erb  server.xml.erb          tomcat-users.xml.erb    
root@knife2:/home/young/chef-repo# vi cookbooks/tomcat/templates/default/default_tomcat6.erb 
root@knife2:/home/young/chef-repo# vi cookbooks/tomcat/attributes/default.rb 
root@knife2:/home/young/chef-repo# cd ..
root@knife2:/home/young# cd -
/home/young/chef-repo

# Let's upload tomcat recipe
root@knife2:/home/young/chef-repo# knife cookbook upload tomcat
Uploading tomcat         [0.15.2]
Uploaded 1 cookbook.
root@knife2:/home/young/chef-repo# 

# With drag and drop, make the role name java_tomcat
# Do not care phpapp part that is just I practice some recipe.






# To monitor the process of recipe role install, I modified the log_level from ":auto" to ":debug"
# There are three? levels, which is auto,info,debug.

root@chef-client2:~# cat /etc/chef/client.rb
log_level        :debug
log_location     STDOUT
chef_server_url  "https://chef-server:443"
validation_client_name "chef-validator"
# Using default node name (fqdn)

# Run role chef-client command.

root@chef-client2:/usr/local/java# chef-client -f -o 'role[java_tomcat]'

# You can check with "ps -ef | grep tomcat" command whether tomcat is installed correctly.

root@chef-client2:~# ps -ef | grep tomcat
tomcat6   6644     1 17 21:51 ?        00:00:03 /usr/local/java/bin/java -Djava.util.logging.config.file=/var/lib/tomcat6/conf/logging.properties -Xmx128M -Djava.awt.headless=true -XX:+UseConcMarkSweepGC -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djava.endorsed.dirs=/usr/share/tomcat6/lib/endorsed -classpath /usr/share/tomcat6/bin/bootstrap.jar -Dcatalina.base=/var/libtomcat6 -Dcatalina.home=/usr/share/tomcat6 -Djava.io.tmpdir=/tmp/tomcat6-tmp org.apache.catalina.startup.Bootstrap start
root      6666  2436  0 21:51 pts/2    00:00:00 grep --color=auto tomcat
root@chef-client2:~#




Posted by at No comments:

Monday, January 27, 2014

Java download without authentication and java chef recipe by bash

1. Downloading oracle java
root@knife2:/home/young/chef-repo# wget --no-cookies --no-check-certificate --header "Cookie: gpw_e24=http%3A%2F%2Fwww.oracle.com" http://download.oracle.com/otn-pub/java/jdk/7u51-b13/jdk-7u51-linux-x64.tar.gz


# Very simple recipe that needs local web server. I used apache2
#default.rb

#

#
# Cookbook Name:: java
# Recipe:: default
# Author:: ohyoungjooung@gmail.com
# Copyright 2014, My Future Company
#
# All rights reserved - Do Not Redistribute
#
bash "install_java" do
     user "root"
     cwd "/tmp"
     code <<-EOH
      rm -rf /tmp/jdk*
      echo $?
      apt-get -y autoremove
      rm -f /usr/bin/java
      apt-get -y install wget
      # From local network apache webserver
      wget http://192.168.56.105/jdk-7u51-linux-x64.tar.gz
      if [[ $? != "0" ]]
      then
         echo "wget java file failed"
         exit 1
      fi
      tar xvzf jdk-7u51-linux-x64.tar.gz
      #backup old java
      if [[ -d /usr/local/java ]]
      then
        /bin/rm -rf /usr/local/java
      fi
 
      mv jdk1.7.0_51 /usr/local/java
      `grep /usr/local/java/bin /etc/profile`
      if [[ $? != "0" ]]
      then
      echo 'export PATH=/usr/local/java/bin:$PATH' >> /etc/profile
      echo 'export JAVA_HOME=/usr/local/java' >> /etc/profile
      fi
      /bin/rm -f jdk*
     EOH
end
~                                                                                                                                  
~                                        


Read more »
Posted by at No comments:

Saturday, January 25, 2014

My first simple recipe that installs amazing nginx web server using bootstrapping. [ubuntu 12.04 or 12.10 server based]

root@knife2:/home/young/chef-repo# knife cookbook create nginx
** Creating cookbook nginx
** Creating README for cookbook: nginx
** Creating CHANGELOG for cookbook: nginx
** Creating metadata for cookbook: nginx
root@knife2:/home/young/chef-repo# 


#Instead of FQDN, I used hosts file.

#Here chef-server's IP is 192.168.56.3. To prevent route error(http.rb)
"ERROR: Errno::EHOSTUNREACH: No route to host - connect(2)"

edit like bellows. 192.168.56.3 is chef-server and then modify the knife.rb's chef-server url

root@knife2:/home/young/chef-repo# cat /etc/hosts
127.0.0.1 localhost
127.0.1.1 ubuntu1204-3
127.0.1.1 apache2-1        
192.168.56.105 knife2
192.168.56.3 chef-server

#knife.rb's server_url

root@knife2:/home/young/chef-repo/cookbooks# cat ../.chef/knife.rb
log_level                :debug
log_location             STDOUT
node_name                'young'
client_key               '/home/young/chef-repo/.chef/young.pem'
validation_client_name   'chef-validator'
validation_key           '/etc/chef-server/chef-validator.pem'
chef_server_url          'https://chef-server:443'
syntax_check_cache_path  '/home/young/chef-repo/.chef/syntax_check_cache'
cookbook_path ["./cookbooks"]

#uploading recipes
root@knife2:/home/young/chef-repo# knife cookbook upload nginx
Uploading nginx          [0.1.0]
Uploaded 1 cookbook.
root@knife2:/home/young/chef-repo#




#Bootstrapping Process
root@knife2:/home/young/chef-repo# knife bootstrap chef-client1 --sudo -x young -P mypassword
Bootstrapping Chef on chef-client1
ERROR: Errno::ENOENT: No such file or directory - /etc/chef-server/chef-validator.pem
root@knife2:/home/young/chef-repo# ls /etc/chef/
root@knife2:/home/young/chef-repo# mkdir /etc/chef-server
root@knife2:/home/young/chef-repo# cp .chef/chef-validator.pem /etc/chef-server/
root@knife2:/home/young/chef-repo# knife bootstrap 192.168.56.104 --sudo -x young -P password
Bootstrapping Chef on 192.168.56.104
192.168.56.104 --2014-01-26 14:39:52--  https://www.opscode.com/chef/install.sh
192.168.56.104 Resolving www.opscode.com (www.opscode.com)... 184.106.28.90
192.168.56.104 Connecting to www.opscode.com (www.opscode.com)|184.106.28.90|:443... connected.
192.168.56.104 HTTP request sent, awaiting response... 200 OK
192.168.56.104 Length: 14101 (14K) [application/x-sh]
192.168.56.104 Saving to: `STDOUT'
192.168.56.104

192.168.56.104 Chef Client finished, 0 resources updated



root@chef-client1:~# which chef-client
/usr/bin/chef-client
root@chef-client1:~# stat /usr/bin/chef-client 
  File: `/usr/bin/chef-client' -> `/opt/chef/bin/chef-client'
  Size: 25         Blocks: 0          IO Block: 4096   symbolic link
Device: fc00h/64512d Inode: 262550      Links: 1
Access: (0777/lrwxrwxrwx)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2014-01-26 14:40:39.510961635 +0900
Modify: 2014-01-26 14:40:39.426961639 +0900
Change: 2014-01-26 14:40:39.426961639 +0900
 Birth: -




root@chef-client1:~# chef-client -o nginx
Starting Chef Client, version 11.8.2
[2014-01-26T14:49:27+09:00] WARN: Run List override has been provided.
[2014-01-26T14:49:27+09:00] WARN: Original Run List: [recipe[nginx]]
[2014-01-26T14:49:27+09:00] WARN: Overridden Run List: [recipe[nginx]]
resolving cookbooks for run list: ["nginx"]
Synchronizing Cookbooks:
  - nginx
Compiling Cookbooks...
Converging 1 resources
Recipe: nginx::default
  * bash[install_nginx] action run
    - execute "bash"  "/tmp/chef-script20140126-4475-tsf31c"

Chef Client finished, 1 resources updated
root@chef-client1:~# ps -ef | grep nginx
root      4657     1  0 14:49 ?        00:00:00 nginx: master process /usr/sbin/nginx
www-data  4658  4657  0 14:49 ?        00:00:00 nginx: worker process
www-data  4659  4657  0 14:49 ?        00:00:00 nginx: worker process
www-data  4660  4657  0 14:49 ?        00:00:00 nginx: worker process
www-data  4661  4657  0 14:49 ?        00:00:00 nginx: worker process
root      4663  2039  0 14:49 pts/0    00:00:00 grep --color=auto nginx
root@chef-client1:~#
Posted by at No comments:

Open Source Chef installation and configuration[ubuntu 12.04 or 12.10 base]

#Chef is automation tool for sys admin or developer to use deploy configuration settings or application easily and effectively. It consists of Chef-server,workstation(knife) and nodes.
From workstation, you can use knife tool to make recipes. Then using recipes you can distribute settings and other things to a lot of nodes almost at the same time.

1.Installing chef server




root@chef-server:/home/young# wget https://opscode-omnibus-packages.s3.amazonaws.com/ubuntu/12.04/x86_64/chef-server_11.0.10-1.ubuntu.12.04_amd64.deb




root@chef-server:/home/young# dpkg -i chef-server_11.0.10-1.ubuntu.12.04_amd64.deb 
Selecting previously unselected package chef-server.
(Reading database ... 168983 files and directories currently installed.)
Unpacking chef-server (from chef-server_11.0.10-1.ubuntu.12.04_amd64.deb) ...




root@chef-server:/home/young# chef-server-ctl reconfigure


#Making workstation
root@knife:/home/young# curl -L https://www.opscode.com/chef/install.sh | sudo bash
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 14101  100 14101    0     0  13711      0  0:00:01  0:00:01 --:--:-- 19290
Downloading Chef  for ubuntu...
downloading https://www.opscode.com/chef/metadata?v=&prerelease=false&p=ubuntu&pv=12.04&m=x86_64
  to file /tmp/install.sh.7422/metadata.txt
trying wget...
url https://opscode-omnibus-packages.s3.amazonaws.com/ubuntu/12.04/x86_64/chef_11.8.2-1.ubuntu.12.04_amd64.deb
md5 3d3b3662830a44eeec71aadc098a4018
sha256 a5b00a24e68e29a01c7ab9de5cdaf0cc9fd1c889599ad9af70293e5b4de8615c
downloaded metadata file looks valid...
downloading https://opscode-omnibus-packages.s3.amazonaws.com/ubuntu/12.04/x86_64/chef_11.8.2-1.ubuntu.12.04_amd64.deb
  to file /tmp/install.sh.7422/chef__amd64.deb
trying wget...
Checksum compare with sha256sum succeeded.
Installing Chef 
installing with dpkg...
Selecting previously unselected package chef.
(Reading database ... 144584 files and directories currently installed.)
Unpacking chef (from .../chef__amd64.deb) ...
Setting up chef (11.8.2-1.ubuntu.12.04) ...
Thank you for installing Chef!
root@knife:/home/young# chef-client -v
Chef: 11.8.2
root@knife:/home/young# 


# Confirm installation of git 
root@knife:/home/young# which git
/usr/bin/git
root@knife:/home/young# 

#If cannot find git, then install git by "apt-get -y install git" =ubuntu



root@knife2:/home/young# git clone git://github.com/opscode/chef-repo.git
Cloning into 'chef-repo'...
remote: Reusing existing pack: 223, done.
remote: Total 223 (delta 0), reused 0 (delta 0)
Receiving objects: 100% (223/223), 46.09 KiB, done.
Resolving deltas: 100% (56/56), done.
root@knife:/home/young# ls chef-repo/
certificates  chefignore  config  cookbooks  data_bags  environments  LICENSE  Rakefile  README.md  roles
root@knife2:/home/young# ls -lrt chef-repo/
total 48
drwxr-xr-x 2 root root  4096 Jan 21 23:48 roles
-rw-r--r-- 1 root root  3510 Jan 21 23:48 README.md
-rw-r--r-- 1 root root  2169 Jan 21 23:48 Rakefile
-rw-r--r-- 1 root root 10850 Jan 21 23:48 LICENSE
drwxr-xr-x 2 root root  4096 Jan 21 23:48 environments
drwxr-xr-x 2 root root  4096 Jan 21 23:48 data_bags
drwxr-xr-x 2 root root  4096 Jan 21 23:48 cookbooks
drwxr-xr-x 2 root root  4096 Jan 21 23:48 config
-rw-r--r-- 1 root root   156 Jan 21 23:48 chefignore
drwxr-xr-x 2 root root  4096 Jan 21 23:48 certificates
root@knife2:/home/young# 




# Chef node install chef-client

young@node1:~$ curl -L https://www.opscode.com/chef/install.sh | sudo bash

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 14101  100 14101    0     0   8390      0  0:00:01  0:00:01 --:--:-- 12680
Downloading Chef  for ubuntu...
downloading https://www.opscode.com/chef/metadata?v=&prerelease=false&p=ubuntu&pv=12.04&m=x86_64
  to file /tmp/install.sh.2666/metadata.txt
trying wget...
url https://opscode-omnibus-packages.s3.amazonaws.com/ubuntu/12.04/x86_64/chef_11.8.2-1.ubuntu.12.04_amd64.deb
md5 3d3b3662830a44eeec71aadc098a4018
sha256 a5b00a24e68e29a01c7ab9de5cdaf0cc9fd1c889599ad9af70293e5b4de8615c
downloaded metadata file looks valid...
downloading https://opscode-omnibus-packages.s3.amazonaws.com/ubuntu/12.04/x86_64/chef_11.8.2-1.ubuntu.12.04_amd64.deb
  to file /tmp/install.sh.2666/chef__amd64.deb
trying wget...
Checksum compare with sha256sum succeeded.
Installing Chef 
installing with dpkg...
Selecting previously unselected package chef.
(Reading database ... 87885 files and directories currently installed.)
Unpacking chef (from .../chef__amd64.deb) ...
Setting up chef (11.8.2-1.ubuntu.12.04) ...
Thank you for installing Chef!
young@node1:~$ 
young@node1:~$ chef-client -v
Chef: 11.8.2




root@knife2:/home/young/chef-repo/.chef# knife configure --initial
WARNING: No knife configuration file found
Where should I put the config file? [/root/.chef/knife.rb] /home/young/chef-repo/.chef/knife.rb
Please enter the chef server URL: [https://knife2:443] https://192.168.56.3:443
Please enter a name for the new user: [young] 
Please enter the existing admin name: [admin] 
Please enter the location of the existing admin's private key: [/etc/chef-server/admin.pem] 
Please enter the validation clientname: [chef-validator] 
Please enter the location of the validation key: [/etc/chef-server/chef-validator.pem] 
Please enter the path to a chef repository (or leave blank): 
Creating initial API user...
Please enter a password for the new user: 
ERROR: Your private key could not be loaded from /etc/chef-server/admin.pem
Check your configuration file and ensure that your private key is readable
root@knife2:/home/young/chef-repo/.chef# ls
knife.rb
root@knife2:/home/young/chef-repo/.chef# 




root@knife2:/home/young/chef-repo/.chef# ls
knife.rb
root@knife2:/home/young/chef-repo/.chef# cat knife.rb 
log_level                :info
log_location             STDOUT
node_name                'young'
client_key               '/home/young/chef-repo/.chef/young.pem'
validation_client_name   'chef-validator'
validation_key           '/etc/chef-server/chef-validator.pem'
chef_server_url          'https://192.168.56.3:443'
syntax_check_cache_path  '/home/young/chef-repo/.chef/syntax_check_cache'
root@knife2:/home/young/chef-repo/.chef# stat knife.rb 




oot@knife2:/home/young/chef-repo/.chef# telnet 192.168.56.3 443
Trying 192.168.56.3...
Connected to 192.168.56.3.
Escape character is '^]'.








* When reinstall chef-server , should backup /etc/chef-server directory, if not, then chef-server-ctl cleanse then chef-server-ctl reconfigure again


*Below
Create new User



*Below
Copy private key


In Knife workstation make young.pem and paste above key to it.

root@knife2:/home/young/chef-repo/.chef# vi young.pem



root@knife2:/home/young/chef-repo/.chef# ls
knife.rb  young.pem
root@knife2:/home/young/chef-repo/.chef# 


# scp chef-validator.pem to workstaion(knife server)
root@chef-server:/etc/chef-server# scp chef-validator.pem young@192.168.56.105:/home/young/
The authenticity of host '192.168.56.105 (192.168.56.105)' can't be established.
ECDSA key fingerprint is 2e:9f:2a:8e:6f:3b:17:50:c8:2a:8c:aa:e7:f9:ba:19.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.56.105' (ECDSA) to the list of known hosts.
young@192.168.56.105's password:
chef-validator.pem                                                                                                            100% 1679     1.6KB/s   00:00  
root@chef-server:/etc/chef-server#


#And then cp to .chef folder.


root@knife2:/home/young/chef-repo/.chef# cat knife.rb
log_level                :info
log_location             STDOUT
node_name                'young'
client_key               '/home/young/chef-repo/.chef/young.pem'
validation_client_name   'chef-validator'
validation_key           '/etc/chef-server/chef-validator.pem'
chef_server_url          'https://192.168.56.3:443'
syntax_check_cache_path  '/home/young/chef-repo/.chef/syntax_check_cache'
root@knife2:/home/young/chef-repo/.chef# ls
chef-validator.pem  knife.rb  young.pem
root@knife2:/home/young/chef-repo/.chef#

#RUBY TO $PATH
root@knife2:/home/young/chef-repo/.chef# tail -1 ~/.bashrc 
export PATH="/opt/chef/embedded/bin:$PATH"
root@knife2:/home/young/chef-repo/.chef# echo $PATH
/opt/chef/embedded/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
root@knife2:/home/young/chef-repo/.chef# 



root@knife2:/home/young/chef-repo/.chef# knife client list
ERROR: You authenticated successfully to https://192.168.56.3:443 as young but you are not authorized for this action
Response:  You are not allowed to take this action.

# To allow above "knife client list", change young user to admin group.


root@knife2:/home/young/chef-repo/.chef# knife client list
chef-validator
chef-webui
root@knife2:/home/young/chef-repo/.chef# 


#Add the cookbook_path to knife.rb
root@knife2:/home/young/chef-repo/cookbooks# tail ../.chef/knife.rb 
log_level                :info
log_location             STDOUT
node_name                'young'
client_key               '/home/young/chef-repo/.chef/young.pem'
validation_client_name   'chef-validator'
validation_key           '/etc/chef-server/chef-validator.pem'
chef_server_url          'https://192.168.56.3:443'
syntax_check_cache_path  '/home/young/chef-repo/.chef/syntax_check_cache'
cookbook_path ["./cookbooks"]


Posted by at No comments:

Monday, January 13, 2014

find and mvtogether example


localhost:~ young$ find . -name "*.mp4" -print0 | xargs -0 -n1 -I '{}' mv -v '{}' /Volumes/Untitled\ 2/
./03.mp4 -> /Volumes/Untitled 2/03.mp4
./[ MP4 - 홈랜드(Homeland) - 시즌2 - 01화~12화(완) ]/Homeland.S02E01.HDTV.x264-EVOLVE.mp4 -> /Volumes/Untitled 2/Homeland.S02E01.HDTV.x264-EVOLVE.mp4
./[ MP4 - 홈랜드(Homeland) - 시즌2 - 01화~12화(완) ]/Homeland.S02E02.HDTV.x264-EVOLVE.mp4 -> /Volumes/Untitled 2/Homeland.S02E02.HDTV.x264-EVOLVE.mp4
./[ MP4 - 홈랜드(Homeland) - 시즌2 - 01화~12화(완) ]/Homeland.S02E03.PROPER.HDTV.x264-EVOLVE.mp4 -> /Volumes/Untitled 2/Homeland.S02E03.PROPER.HDTV.x264-EVOLVE.mp4
./[ MP4 - 홈랜드(Homeland) - 시즌2 - 01화~12화(완) ]/Homeland.S02E04.HDTV.x264-ASAP.mp4 -> /Volumes/Untitled 2/Homeland.S02E04.HDTV.x264-ASAP.mp4 
Posted by at No comments:

awk summing


localhost:ruby young$ cat data.csv
"Date","ISBN","Price"
" 2013- 04- 12" ," 978- 1- 9343561- 0- 4" ,39.45
" 2013- 04- 13" ," 978- 1- 9343561- 6- 6" ,45.67
" 2013- 04- 14" ," 978- 1- 9343560- 7- 4" ,36.95
localhost:ruby young$


localhost:ruby young$ cat data.csv | tail -3 | awk -F"," '{print sum += $3}' | tail -1
122.07

Posted by at No comments:
Subscribe to: Posts (Atom)