-
Notifications
You must be signed in to change notification settings - Fork 69
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
0 parents
commit 1243701
Showing
6 changed files
with
785 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,21 @@ | ||
| # [BASIC CHEF FLUENCY BADGE STUDY GUIDE](https://training.chef.io/static/Basic_Chef_Fluency_Badge_Scope.pdf) | ||
|
|
||
| > The topics for this guide are taken directly from [training.chef.io](https://training.chef.io). | ||
| When studying for the [Basic Chef Fluency Badge exam](https://training.chef.io/basic-chef-fluency-badge), I recommend that you go through this guide daily until you are very comfortable going through the material. | ||
|
|
||
| ## The files in this guide are: | ||
| ### Basic Chef Fluency Study Guide | ||
| - This is meant to study the concepts outlined in the [scope PDF](https://training.chef.io/static/Basic_Chef_Fluency_Badge_Scope.pdf) by Chef. | ||
| ### Basic Chef Fluency Kata | ||
| - This is an exercise guide meant for daily use. This guide is most effective for those that are not currently using Chef in their daily practice or are just starting in Chef. It will give you a comfort with Chef enough for navigating the topics of the exam. | ||
| ### Basic Chef Fluency Kata Cheat Sheet | ||
| - This is used in conjunction with the Basic Chef Fluency Kata. If you are uncertain about how to carry out an exercise, then you can consult the cheat sheet. | ||
|
|
||
| ## IMPROVEMENTS? | ||
| Do you see any errors or ways in which this guide can be improved? Please submit a [pull request](https://github.com/anniehedgpeth/basic-chef-fluency-study-guide/pulls) or [issue](https://github.com/anniehedgpeth/basic-chef-fluency-study-guide/issues)! | ||
|
|
||
| ## Other Good Resources | ||
| [Basic Chef Fluency Badge YouTube Playlist](https://www.youtube.com/playlist?list=PL_H2cfWwTC4yeHbXYOCsJOZadHyCLQ55W) | ||
|
|
||
| [Certified Chef Developer Basic Chef Fluency Badge by Linux Academy](https://linuxacademy.com/devops/training/course/name/certified-chef-developer-basic-chef-fluency-badge) |
114 changes: 114 additions & 0 deletions
114
basic-chef-fluency/basic-chef-fluency-kata-cheatsheet.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,114 @@ | ||
| # Basic Chef Fluency Kata CHEAT SHEET | ||
| Please see the associated exercise kata for the Basic Chef Fluency Badge in the [basic-chef-fluency-kata.md](https://github.com/anniehedgpeth/basic-chef-fluency-study-guide/blob/master/basic-chef-fluency-kata.md) file. | ||
|
|
||
| # Create a new repo for today's kata (or just branch the repo) | ||
| - from code/chef/work create a new repo `chef generate repo chefkata<#>` | ||
| - create /code/chef/work/chefkata<#>/.chef and copy the user pem inside the .chef directory | ||
| - generate knife.rb "generate knife config" for that org to put in .chef folder, too | ||
|
|
||
| # Create a new cookbook branch | ||
| - from code/chef/work/chefkata<#>/cookbooks `git clone https://github.com/anniehedgpeth/chefkata.git` | ||
| - from code/chef/work/chefkata<#>/cookbooks/chefkata create a branch, name it, and switch to it `git checkout -b <branch-name>` | ||
|
|
||
| # Add the second cookbook for the runlist | ||
| - add the ubuntu cookbook to that cookbooks directory and make sure it converges `git clone https://github.com/anniehedgpeth/ubuntu-14-hardening.git` | ||
| `berks install` | ||
| `berks upload` | ||
|
|
||
| Any time I change the cookbook, from that cookbook’s directory, I need to: | ||
| - bump the version in `metadata.rb` or it won't upload the new one | ||
| - (you would normally automate that in Jenkins) | ||
| `berks install` | ||
| `berks upload` | ||
|
|
||
| # To bootstrap a new machine: | ||
|
|
||
| `knife bootstrap chefkata<#>.southcentralus.cloudapp.azure.com -N chefkata<#> -r 'recipe[chefkata::default], recipe[ubuntu-14-hardening::default]' --ssh-user annie --sudo` | ||
|
|
||
| `knife bootstrap production<#>.southcentralus.cloudapp.azure.com -N chefkata<#>prod -r 'recipe[chefkata::default], recipe[ubuntu-14-hardening::default]' -E 'prod' --ssh-user annie --sudo` | ||
|
|
||
| # To converge on that node from here on out: | ||
|
|
||
| run `sudo chef-client` in an ssh session | ||
|
|
||
| # To validate with InSpec Profile | ||
| First you have to add your private key to the local ssh (I don't know if it matters which directory you're in.) | ||
| `ssh-add` | ||
| `ssh annie@chefkata<#>.southcentralus.cloudapp.azure.com` | ||
| `inspec exec https://github.com/anniehedgpeth/chefkata_inspec -t ssh:https://annie@chefkata<#>.southcentralus.cloudapp.azure.com` | ||
| `inspec exec https://github.com/anniehedgpeth/chefkata_inspec -t ssh:https://annie@production<#>.southcentralus.cloudapp.azure.com` | ||
|
|
||
| # To add run-list: | ||
|
|
||
| `knife node run_list set chefkata<#> 'recipe[chefkata::default]'` | ||
|
|
||
| # To edit the run-list: | ||
| - `knife node show chefkata<#>` | ||
| - make sure the cookbook is uploaded | ||
| - make sure it has a `Berksfile` | ||
| - `berks install` | ||
| - `berks upload` | ||
| - `knife node run_list add chefkata<#> 'ubuntu-14-hardening'` | ||
|
|
||
| # When adding an organization to manage.chef.io | ||
| - add the org | ||
| - reset user key | ||
| generate knife config from UI | ||
| copy the user key into .chef folder | ||
| create a new org key and download knife.rb | ||
| see if your user needs a new key | ||
| `knife node list` | ||
|
|
||
| # Search | ||
| `knife search node "platform:ubuntu"` | ||
| `knife search node "builder:Annie"` | ||
|
|
||
| # Data bags | ||
| - shared data that your cookbooks can use | ||
| - data_bags directory is in the chef_repo sibling to cookbooks directory | ||
| - each data bag is a folder and each data_bag item is a .json file within that folder | ||
| - the data_bag item is just a .json file of all of settings for that data_bag item | ||
| - must include `{ "id":"<data_bag_item_name>" }` | ||
| - upload data_bag item to chef server so that you can use it in your cookbook | ||
| - first create the bag on the server | ||
| - `knife data bag create website messages.json` | ||
| - run this from the top of the chef repo directory `knife data bag from file BAG_NAME ITEM_NAME.json` | ||
| - `knife data bag from file website messages.json` | ||
| - It's the same command to update the data bag if you edit it | ||
| - Verify that it's there in UI | ||
| - Policy > Data Bags > name | ||
| - Verify that it's there from command line | ||
| - `knife data bag list` | ||
|
|
||
| ## Using data bags in the recipe | ||
| - First we access the data from that item | ||
| `messages = data_bag_item('website', 'messages')` | ||
| - Then we're calling the specific data element from that item | ||
| `message = messages['welcomeMessage']` | ||
| - Then call it in the recipe like `content message` | ||
|
|
||
| ## Using data bags in test kitchen | ||
| So kitchen can't look inside the "real" data bags directory, so you have to set up a dummy data bags directory just for test kitchen. | ||
| - Create cookbooks/thiscookbook/test/integration/data_bags and copy your real data bag directory into that | ||
| - Then edit the .kitchen.yml | ||
|
|
||
| ```yaml | ||
| suites: | ||
| - name: default | ||
| data_bags_path: "test/integration/data_bags" | ||
| ``` | ||
|
|
||
| ## Roles | ||
| Roles function just like data bags in the sense that they're sibling to the cookbooks directory, you have to upload them separately to the chef server, and they have their own attributes. They also have their own run-lists. | ||
| - to upload to chef server | ||
| `knife role from file roles/security.json` | ||
| - to check | ||
| `knife role list` | ||
| - to add the role to the runlist | ||
| `knife node run_list add chefkata<#> 'role[security]'` | ||
|
|
||
| ## Environments | ||
| `knife environment create ENVIRONMENT_NAME -d DESCRIPTION` | ||
| `knife environment from file FILE (options)` | ||
| `knife environment edit ENVIRONMENT_NAME` | ||
| `knife environment show ENVIRONMENT_NAME` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,78 @@ | ||
| # Basic Chef Fluency Kata | ||
| Originally posted in his Github repo, [Michael Hedgpeth](https://github.com/mhedgpeth/chef-by-example/blob/master/basic-chef-fluency.md) came up with this simple exercise that one can follow daily in order to gain proficiency in Chef. | ||
|
|
||
| We recommend that you spend one hour a day, getting as far through the kata as you can. After a while, I expect that you'll be able to get through the entire exercise in less than an hour! | ||
|
|
||
| Here is an example of a [kata repo](https://github.com/anniehedgpeth/chefkata) that follows these exercises. Each branch is a new day's kata. | ||
|
|
||
| ## Resources, Recipes, Cookbooks | ||
| 1. Create a `chef-training` repo on GitHub and clone it locally. | ||
|
|
||
| 1. Create a new branch using today's date in the name to track it. | ||
| 1. Ensure that you have a code editor with Chef Plugins installed. I recommend Visual Studio Code. | ||
| 1. Generate a cookbook into the `chef-training` repo | ||
| 1. Make your cookbook only support Ubuntu. | ||
| 1. Set up test kitchen to run the `default` recipe of your cookbook using Vagrant and VirtualBox. | ||
| 1. Ensure that Nano is installed (in an InSpec test and recipe). Run kitchen converge and verify to ensure this works. | ||
| 1. For the rest of the lab, create a Test Kitchen workflow that uses the `kitchen create`, `kitchen converge`, `kitchen verify` and `kitchen destroy` commands. Also, use `kitchen login` to manually ssh into your Ubuntu machine. | ||
| 1. Create `/var/website` directory. | ||
| 1. Make sure `/var/old-website` directory does not exist. | ||
| 1. Write a file `/var/website/directions.txt` with text "website goes here" in it. | ||
| 1. Write a file `builder.txt` to `/var/website/builder.txt` containing the text "[Your Name] built this" where `[Your Name]` is a cookbook attribute with your actual name. | ||
| 1. Download the Chef logo into `/var/website`: https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcSgQmQ0CYwU3cpFE6gEB82cp6TSIcBJSisax_HVvEfsgYHGBsO8kQ | ||
| 1. When you run test kitchen, `builder.txt` should contain the text `Test Kitchen built this`. | ||
| 1. Run the command `echo ran command > /var/website/command.txt`. | ||
| 1. Don't run the command the second time chef converges (i.e. make it idempotent). | ||
| 1. If the command *does* run, do a `git pull` of the architect repository into `/var/website/architect` (https://github.com/pages-themes/architect). It shouldn't pull the repository every time. | ||
| 1. Refactor your command and pull into a custom resource called `chef_training_website`. | ||
| 1. Make the git repo that you pull an attribute. | ||
| 1. Write a `MyLogger` class with a `Log` method that prepends the message `CHEF TRAINING: ` and outputs that to the STDOUT (using puts). | ||
|
|
||
| ## Chef Server | ||
| Now that we've had some practice with basic cookbook development, let's get connected to a Chef Server. | ||
|
|
||
| 1. Create an Ubuntu virtual machine with VirtualBox. | ||
|
|
||
| 1. Set up an account on manage.chef.io and ensure your keys and knife.rb are available to your `knife` command on your workstation. | ||
| 1. Ensure your `chef-training` cookbook is uploaded to the Chef Server | ||
| 1. Bootstrap your machine running 2 recipes: `chef-training` and the `os-hardening` cookbook. You'll need to ensure the other cookbook is uploaded to the Chef Server as well. | ||
| 1. Run `chef-client` on the machine again, noticing that 0 resources are converged the second time. | ||
|
|
||
| ## Search | ||
| 1. On your workstation, search for all Ubuntu nodes. | ||
|
|
||
| 1. On your workstation, search for all nodes that match the attribute used to create the `builder.txt` file above. | ||
| 1. Create a data bag `website` with item `messages`. Inside of `messages`, have a `welcomeMessage` named `Welcome to Chef Learning!` | ||
| 1. In your `chef-training` cookbook, write a file `/var/website/welcome.txt` with the welcome message from the data bag. | ||
| 1. Push the updated cookbook to the Chef Server and reconverge, ensuring that the file is there on your Ubuntu VM. | ||
| 1. Update the data bag to `Welcome to the BEST Chef Learning EVER!` | ||
| 1. Reconverge and see that the file changed. | ||
|
|
||
| ## Advanced Administration | ||
| 1. Show the node's run list with `knife` and look it up in the UI. | ||
|
|
||
| 1. Create a role named `security` which includes the `os-hardening` cookbook. | ||
| 1. Read over the README of the `os-hardening` cookbook and find some attributes to set. Set those attributes in your `security` role. | ||
| 1. Change the run list on the command line to remove the `os-hardening` cookbook and add the `security` role. | ||
| 1. Reconverge and ensure that the behavior is the same. | ||
| 1. Create a `development` environment that will be assigned to your existing node. It should: | ||
| - Always run the latest `chef-training` cookbook on the chef server | ||
| - Run the `1.4.1` version of `os-hardening` cookbook | ||
| - Have the `builder.txt` saying `Development Built This` | ||
| 1. Assign the `development` environment through the `client.rb` on your virtual machine | ||
| 1. Create another virtual machine that will be your "production" machine | ||
| - Run a specific version of the `chef-training` cookbook | ||
| - The `builder.txt` should say `Production Built This` | ||
| - Assign the `production` environment through the `client.rb` | ||
| - Update your `chef-training` cookbook to change the text of `builder.txt`. After uploading it to the Chef Server notice that only your `development` node was updated, but not your `production` node. | ||
|
|
||
| ## Chef Automate | ||
|
|
||
| For the first badge, you need to understand Automate itself, so this section won't be example driven but more idea driven. | ||
|
|
||
| Watch [this video](https://www.youtube.com/watch?v=ldY7KEOxCkM&index=1&list=PL11cZfNdwNyOPa_kLgCX0wDW3O00Sjydx) to get an overview of Chef Automate. | ||
|
|
||
| Now do this thought experiment: | ||
| * How would you solidify your cookbook deployment workflow? (if you don't know workflow enough, watch [this video](https://www.youtube.com/watch?v=OdoGu31EBU0)) | ||
| * How would you see what happens on your nodes? | ||
| * How would you scan your nodes with inspec profiles? |
Oops, something went wrong.