Chef Beginner First Cookbook

configuration management

I wanted to play around with Chef locally for testing pulling encrypted variables from data bags.

Prerequisites

  • ChefDK (includes chef-solo)
  • Encryption

Create a Cookbook:

chef generate cookbook "firstcookbook"

Data Bags

Create the encryption key for encrypting data bag items:

openssl rand -base64 512 > ~/.chef/encrypted_data_bag_secret

Create a local data bag:

knife data bag create ssh-private-keys --local-mode --secret-file ~/.chef/encrypted_data_bag_secret

Create an item in the local data bag:

export EDITOR=vi
knife data bag create ssh-private-keys go --local-mode --secret-file ~/.chef/encrypted_data_bag_secret

In vi add json representing the item you want to create:

{
  "id": "go",
  "keys": {
    "auth_tag": "test auth tag",
    "cipher": "test cipher",
    "encrypted_data": "test data"
  }
}

View your new item with:

knife data bag show ssh-private-keys go --local-mode --secret-file ~/.chef/encrypted_data_bag_secret

Recipes

I created a few recipe files under the recipes folder:

./recipes/default.rb

 include_recipe('firstcookbook::hello')
 include_recipe('firstcookbook::getdata')
 execute "echo message" do
   command "echo hello from the default.rb file"
   action :run
 end

./recipes/getdata.rb

single_value = data_bag_item("ssh-private-keys", "go")["keys"]["encrypted_data"]
 execute "echo message" do
   command "echo 'data item says #{single_value}'"
   action :run
 end

./recipes/hello.rb

 message = node.has_key?(:message) ? node[:message] : "Hello World"
 execute "echo message" do
   command "echo 'Hello from hello.rb #{message}'"
   action :run
 end

Run Chef

chef-solo -c solo.rb -j runlist.json --local-mode

Leave a Reply

  • (will not be published)

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>