Example to add / register host to chef server and install “chef-client”:
# knife bootstrap -N
Working on Workstation host ( WS):
local host ubuntu1404, chefdk dir
/opt/chefdk/bin
root@WS:/opt/chefdk/bin# pwd
/opt/chefdk/bin
root@WS:/opt/chefdk/bin# ls -ltr
total 4605
-rwxr-xr-x 1 root root 532 Feb 2 11:22 rubocop
-rwxr-xr-x 1 root root 1725 Feb 2 11:22 pushy-service-manager
-rwxr-xr-x 1 root root 1716 Feb 2 11:22 pushy-client
-rwxr-xr-x 1 root root 1714 Feb 2 11:22 push-apply
-rwxr-xr-x 1 root root 1731 Feb 2 11:22 print_execution_environment
-rwxr-xr-x 1 root root 733 Feb 2 11:22 ohai
-rwxr-xr-x 1 root root 1601 Feb 2 11:22 knife
-rwxr-xr-x 1 root root 633 Feb 2 11:22 kitchen
-rwxr-xr-x 1 root root 1612 Feb 2 11:22 inspec
-rwxr-xr-x 1 root root 634 Feb 2 11:22 foodcritic
-rwxrwxr-x 1 root root 4651450 Feb 2 11:22 delivery
-rwxr-xr-x 1 root root 390 Feb 2 11:22 dco
-rwxr-xr-x 1 root root 562 Feb 2 11:22 cookstyle
-rwxr-xr-x 1 root root 368 Feb 2 11:22 chef-vault
-rwxr-xr-x 1 root root 1605 Feb 2 11:22 chef-solo
-rwxr-xr-x 1 root root 1606 Feb 2 11:22 chef-shell
-rwxr-xr-x 1 root root 1607 Feb 2 11:22 chef-client
-rwxr-xr-x 1 root root 1606 Feb 2 11:22 chef-apply
-rwxr-xr-x 1 root root 2247 Feb 2 11:22 chef
-rwxr-xr-x 1 root root 1371 Feb 2 11:22 berks
root@WS:/opt/chefdk/bin#
1. I created new org as “inforSec_compliance” on chef_server
2. Created new project as “inforSec_test” under org “infoSec_compliance”, then system tell me to run “Pipeline create & test”,
Create a Pipeline
This project needs a pipeline! Here’s how to create one.
If you haven’t already, install the delivery command-line tool. See the Chef Docs for details on how to do that.
With the command-line tool installed, clone this project:
delivery clone infosec_test –ent=Informatica –org=infoSec_compliance –user=jilu –server=$(chef_server_name)
worked on my local host to setup talk with Chef automate server:
cd infosec_test
Create a project configuration file:
delivery setup –ent=cephswift –org=infoSec_compliance –user=jilu –server=$(chef_server_name)
Make an initial commit. Note we’re excluding the project configuration file:
echo “# infosec_test” >> README.md
echo “.delivery/cli.toml” >> .gitignore
git add README.md .gitignore
git commit -m “Initial commit”
Run delivery init, which will create an empty build cookbook for you (with an empty set of phase recipes), add the cookbook to your project, create the new pipeline and submit the project to Delivery for review:
delivery init
——————————————————————————
I got screen output as below:
root@ws:/opt/chefdk# delivery clone infosec_test –ent=cephswift –org=infoSec_compliance –user=jilu –server=$(chef_server_name)
cd infosec_testChef Delivery
Cloning ssh://jilu@$(chef_server_name):8989/cephswift/infoSec_compliance/infosec_test to infosec_test
\The authenticity of host ‘[$(chef_server_name)]:8989 ([10.1.33.10]:8989)’ can’t be established.
RSA key fingerprint is 7f:ee:9a:f1:ff:48:99:2d:c8:9e:13:d3:f7:9e:61:ff.
Are you sure you want to continue connecting (yes/no)?–|/ Git command failed!
STDOUT:
STDERR: Cloning into ‘infosec_test’…
Warning: Permanently added ‘[psvilxautop1.informatica.com]:8989,[10.1.33.10]:8989’ (RSA) to the list of known hosts.
Connection closed by 10.1.33.10
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
root@ws:/opt/chefdk#
========================================================
Delete unused cookbooks:
root@ws:~/chef-repo# knife cookbook bulk delete chef-cookbooks
All versions of the following cookbooks will be deleted:
chef-cookbooks
Do you really want to delete these cookbooks? (Y/N) y
Deleted cookbook chef-cookbooks [0.1.0]
root@ws:~/chef-repo# knife cookbook bulk delete starter
All versions of the following cookbooks will be deleted:
starter
Do you really want to delete these cookbooks? (Y/N) y
Deleted cookbook starter [1.0.0]
root@ws:~/chef-repo#
=======================================================
https://github.com/chef-cookbooks/audit/issues/204 #### issue fix from worked with chef.io developer, did this fix on QA workstation
[root@test_03 audit]# berks install
Resolving cookbook dependencies…
Fetching ‘audit’ from source at .
Fetching ‘test_helper’ from source at test/cookbooks/test_helper
Fetching cookbook index from https://supermarket.chef.io…
…..
Using audit (2.4.0) from source at .
Installing compat_resource (12.16.3)
Installing mingw (2.0.0)
Installing build-essential (8.0.0)
Installing ohai (5.0.2)
Installing git (6.0.0)
Installing dmg (3.1.0)
Installing seven_zip (2.0.2)
Using test_helper (0.1.0) from source at test/cookbooks/test_helper
Installing windows (3.0.4)
Installing yum-epel (2.1.1)
[root@test_03 audit]# pwd
/root/chef-repo/chef-cookbooks/audit
[root@test_03 audit]# cd ..
[root@test_03 chef-cookbooks]# cd ..
[root@test_03 chef-repo]# knife cookbook upload audit -o ./chef-cookbooks
Uploading audit [2.4.0]
ERROR: Cookbook audit depends on cookbooks which are not currently
ERROR: being uploaded and cannot be found on the server.
ERROR: The missing cookbook(s) are: ‘compat_resource’ version ‘>= 0.0.0’
[root@ws chef-repo]# ls -l
total 8
drwxr-xr-x 2 root root 6 Mar 20 12:28 certificates
drwxr-xr-x 3 root root 18 Mar 31 11:59 chef-cookbooks
drwxr-xr-x 2 root root 6 Mar 20 12:28 config
drwxr-xr-x 7 root root 102 Mar 23 16:38 cookbooks
drwxr-xr-x 4 root root 34 Mar 23 15:09 data-bags
drwxr-xr-x 2 root root 6 Mar 20 12:31 environments
-rw-r–r– 1 root root 1125 Mar 20 16:33 how_to_use_chef.txt
-rw-r–r– 1 root root 2341 Mar 17 14:17 README.md
drwxr-xr-x 2 root root 23 Mar 17 14:17 roles
[root@ws chef-repo]# cd chef-cookbooks/audit/
/root/chef-repo/chef-cookbooks/audit
[root@test_03 audit]# ls -ltr
total 100
-rw-r–r– 1 root root 11357 Mar 31 11:59 LICENSE
-rw-r–r– 1 root root 653 Mar 31 11:59 Gemfile
-rw-r–r– 1 root root 111 Mar 31 11:59 CONTRIBUTING.md
-rw-r–r– 1 root root 29402 Mar 31 11:59 CHANGELOG.md
-rw-r–r– 1 root root 153 Mar 31 11:59 Berksfile
-rw-r–r– 1 root root 2858 Mar 31 11:59 TROUBLESHOOTING.md
-rw-r–r– 1 root root 106 Mar 31 11:59 TESTING.md
-rw-r–r– 1 root root 19196 Mar 31 11:59 README.md
-rw-r–r– 1 root root 1852 Mar 31 11:59 Rakefile
-rw-r–r– 1 root root 1067 Mar 31 11:59 chefignore
drwxr-xr-x 2 root root 23 Mar 31 11:59 attributes
drwxr-xr-x 7 root root 103 Mar 31 11:59 examples
drwxr-xr-x 3 root root 20 Mar 31 11:59 files
drwxr-xr-x 4 root root 49 Mar 31 11:59 spec
drwxr-xr-x 2 root root 33 Mar 31 11:59 resources
drwxr-xr-x 2 root root 55 Mar 31 11:59 recipes
-rw-r–r– 1 root root 503 Mar 31 11:59 metadata.rb
drwxr-xr-x 2 root root 87 Mar 31 11:59 libraries
drwxr-xr-x 2 root root 27 Mar 31 11:59 tasks
drwxr-xr-x 5 root root 63 Mar 31 11:59 test
-rw——- 1 root root 587 Mar 31 14:13 Berksfile.lock
[root@test_03 audit]# cp metadata.rb metadata.rb.orig
[root@test_03 audit]# ls -ltr
total 104
-rw-r–r– 1 root root 11357 Mar 31 11:59 LICENSE
-rw-r–r– 1 root root 653 Mar 31 11:59 Gemfile
-rw-r–r– 1 root root 111 Mar 31 11:59 CONTRIBUTING.md
-rw-r–r– 1 root root 29402 Mar 31 11:59 CHANGELOG.md
-rw-r–r– 1 root root 153 Mar 31 11:59 Berksfile
-rw-r–r– 1 root root 2858 Mar 31 11:59 TROUBLESHOOTING.md
-rw-r–r– 1 root root 106 Mar 31 11:59 TESTING.md
-rw-r–r– 1 root root 19196 Mar 31 11:59 README.md
-rw-r–r– 1 root root 1852 Mar 31 11:59 Rakefile
-rw-r–r– 1 root root 1067 Mar 31 11:59 chefignore
drwxr-xr-x 2 root root 23 Mar 31 11:59 attributes
drwxr-xr-x 7 root root 103 Mar 31 11:59 examples
drwxr-xr-x 3 root root 20 Mar 31 11:59 files
drwxr-xr-x 4 root root 49 Mar 31 11:59 spec
drwxr-xr-x 2 root root 33 Mar 31 11:59 resources
drwxr-xr-x 2 root root 55 Mar 31 11:59 recipes
drwxr-xr-x 2 root root 87 Mar 31 11:59 libraries
drwxr-xr-x 2 root root 27 Mar 31 11:59 tasks
drwxr-xr-x 5 root root 63 Mar 31 11:59 test
-rw——- 1 root root 587 Mar 31 14:13 Berksfile.lock
-rw-r–r– 1 root root 503 Mar 31 14:21 metadata.rb.orig
-rw-r–r– 1 root root 541 Mar 31 14:23 metadata.rb
[root@test_03 audit]# berks upload
Uploaded audit (2.4.0) to: ‘https://psvlxccas02.informatica.com:443/organizations/infosec_qa’
Uploaded build-essential (8.0.0) to: ‘https://psvlxccas02.informatica.com:443/organizations/infosec_qa’
Uploaded compat_resource (12.16.3) to: ‘https://psvlxccas02.informatica.com:443/organizations/infosec_qa’
Uploaded dmg (3.1.0) to: ‘https://psvlxccas02.informatica.com:443/organizations/infosec_qa’
Uploaded git (6.0.0) to: ‘https://psvlxccas02.informatica.com:443/organizations/infosec_qa’
Uploaded mingw (2.0.0) to: ‘https://psvlxccas02.informatica.com:443/organizations/infosec_qa’
Uploaded ohai (5.0.2) to: ‘https://psvlxccas02.informatica.com:443/organizations/infosec_qa’
Uploaded seven_zip (2.0.2) to: ‘https://psvlxccas02.informatica.com:443/organizations/infosec_qa’
Uploaded test_helper (0.1.0) to: ‘https://psvlxccas02.informatica.com:443/organizations/infosec_qa’
Uploaded windows (3.0.4) to: ‘https://psvlxccas02.informatica.com:443/organizations/infosec_qa’
Uploaded yum-epel (2.1.1) to: ‘https://psvlxccas02.informatica.com:443/organizations/infosec_qa’
[root@test_03 audit]# knife cookbook list
apache 0.1.0
audit 2.4.0
build-essential 8.0.0
compat_resource 12.16.3
dmg 3.1.0
git 6.0.0
mingw 2.0.0
my_test_cookbook 0.1.0
nginx 0.1.0
ohai 5.0.2
seven_zip 2.0.2
test_helper 0.1.0
windows 3.0.4
yum-epel 2.1.1
yum_update 0.1.0
[root@psvlxccas03 audit]#
delete 4 test cookbooks uploaded:
apache 0.1.0
my_test_cookbook 0.1.0
nginx 0.1.0
yum_update 0.1.0
[root@test_03 chef-repo]# knife cookbook delete apache
Do you really want to delete apache version 0.1.0? (Y/N) y
Deleted cookbook[apache version 0.1.0]
[root@test_03 chef-repo]# knife cookbook delete my_test_cookbook
Do you really want to delete my_test_cookbook version 0.1.0? (Y/N) y
Deleted cookbook[my_test_cookbook version 0.1.0]
[root@test_03 chef-repo]# knife cookbook delete nginx
Do you really want to delete nginx version 0.1.0? (Y/N) y
Deleted cookbook[nginx version 0.1.0]
[root@test_03 chef-repo]# knife cookbook delete yum_update
Do you really want to delete yum_update version 0.1.0? (Y/N) y
Deleted cookbook[yum_update version 0.1.0]
[root@test_03 chef-repo]# knife cookbook list
audit 2.4.0
build-essential 8.0.0
compat_resource 12.16.3
dmg 3.1.0
git 6.0.0
mingw 2.0.0
ohai 5.0.2
seven_zip 2.0.2
test_helper 0.1.0
windows 3.0.4
yum-epel 2.1.1
[root@psvlxccas03 chef-repo]#
===============================================================
troubleshoot tips for upload cookbooks from “berks install” with “No Berksfile or Berksfile.lock found at ‘/root/chef-repo/chef-cookbooks/linux-baseline’!”
fix:
# gem install berkshelf #### run this to make sure berks is install, or run:
# gem update berkshelf #### run this to make sure berks is updated version.
example:
root@ws5:~/chef-repo# chef gem install berkshelf
Successfully installed berkshelf-5.6.4
1 gem installed
[root@test_03 chef-cookbooks]# pwd
/root/chef-repo/chef-cookbooks
# git clone https://github.com/chef-cookbooks/audit
# git clone https://github.com/dev-sec/linux-baseline
# git clone https://github.com/dev-sec/chef-os-hardening
[root@ws chef-cookbooks]# ls -ltr
total 12
drwxr-xr-x 13 root root 4096 Mar 31 14:33 audit
drwxr-xr-x 9 root root 4096 Apr 6 17:07 chef-os-hardening
drwxr-xr-x 9 root root 4096 Apr 7 11:05 linux-baseline
[root@ws3 chef-cookbooks]#
1. go to “/root/chef-repo/chef-cookbooks”, run “chef generate cookbook linux-baseline -b” to add Berksfile to cookbook “linux-baseline”
2. cd linux-baseline
3. run “berks install”;
4. run “berks upload”; ### this will upload the cookbook “linux-baseline” to chef server.
5. verify with ” knife cookbook list”, you will be able to see the cookbook is there uploaded onto chef server.
example:
[root@ws chef-cookbooks]# chef generate cookbook chef-os-hardening -b ### to add Berksfile to cookbook “chef-os-hardening “.
[root@ws chef-cookbooks]# cd chef-os-hardening ### the next two command “berks install” and “berks upload” must running inside the cookbook
[root@ws chef-os-hardening]# berks install
[root@ws chef-os-hardening]# berks upload
[root@ws chef-os-hardening]# knife cookbook list
Do the same as above to uplaod cookbook “audit” to chef server.
example to apply roles and cookbook to node to deploy:
cd /root/chef-repo/roles
[root@ws roles]# pwd
/root/chef-repo/roles
vi base_linux.rb
[root@ws roles]# cat base_linux.rb
name ‘base_linux’
description ‘A base role to be applied to all linux nodes’
run_list ‘recipe[chef-client::default]’,’recipe[audit::default]’
default_attributes({
‘audit’ => {
‘collector’ => “chef-server-visibility”,
‘profiles’ => [
{
‘name’ => ‘linux-patch-baseline’,
‘git’ => ‘https://github.com/dev-sec/linux-patch-baseline.git’
},
{
‘name’ => ‘linux-baseline’,
‘git’ => ‘https://github.com/dev-sec/linux-baseline.git’
}
]
}
})
[root@ws roles]#
[root@ws chef-cookbooks]# knife node run_list set test_01 ‘role[base_linux]’
============================================================================================
deploy cookbook in production test server : test_01
root@ws:~/chef-repo/cookbooks/chef-os-hardening# knife cookbook list
audit 3.0.0
chef-client 7.2.1
chef-ingredient 1.1.0
chef-server 5.2.0
compat_resource 12.16.3
cookbooks 0.1.0
cron 4.1.0
linux-baseline 0.1.0
logrotate 2.1.0
ohai 5.0.3
os-hardening 2.0.0
packagecloud 0.3.0
runit 3.0.5
sysctl 0.8.1
windows 3.0.4
yum-epel 2.1.1
root@ws:~/chef-repo/cookbooks/chef-os-hardening# cd ../..
root@ws:~/chef-repo# knife node run_list set test_01 ‘role[base_linux]’
root@ws:~/chef-repo# knife node run_list set test_01 ‘recipe[linux-baseline]’
test_01:
run_list: recipe[linux-baseline]
root@ws:~/chef-repo# knife node run_list set test_01 ‘recipe[os-hardening]’
test_01:
run_list: recipe[os-hardening]
root@ws:~/chef-repo# knife node show test_01
Node Name: test_01
Environment: _default
FQDN: test_01.cephswift.com
IP: 10.1.37.5
Run List: recipe[os-hardening]
Roles: base_linux
Recipes: chef-client::default, audit::default, chef-client::service, chef-client::systemd_service, audit::inspec
Platform: redhat 7.0
Tags:
root@ws:~/chef-repo#
go to “psvlxccpt01” to run “sudo chef-client” to roles, policies, cookbooks deployed on that host.
—————————————————————————————————————————————————-
user add from Cli on chef QA server:
[root@chef_server ~]#
[jilu@chef_server ~]$
# sudo chef-server-ctl user-create admin
# chef-server-ctl org-user-add infosec_qa admin
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Scan_Key — how to
on host : ( Red Hat 7.0 )
[root@ws .ssh]# hostname
# vi /etc/ssh/sshd_config # to have all setings below:
[root@ws ssh]# grep Authentication /etc/ssh/sshd_config | egrep -v ^#
RSAAuthentication yes
PubkeyAuthentication yes
PasswordAuthentication yes
ChallengeResponseAuthentication no
GSSAPIAuthentication yes
[root@ws ssh]# grep Root /etc/ssh/sshd_config | egrep -v ^#
PermitRootLogin yes
# service sshd restart ### this restart the sshd service to make the change above to take effective.
[root@ws .ssh]# pwd
/root/.ssh
# ssh-keygen -t dsa -f scan_key -C “scan_key”
[root@ws .ssh]# ls -ltr
total 16
-rw-r–r– 1 root root 2861 Mar 30 13:24 known_hosts
-rw-r–r– 1 root root 598 Apr 13 13:12 scan_key.pub
-rw——- 1 root root 668 Apr 13 13:12 scan_key
-rw——- 1 root root 1594 Apr 13 16:59 authorized_keys
# cat scan_key.pub >> authorized_keys #### put the pub key in this file, system will use this file to check if remote user has pub key stored here for anthentication or not.
# scp scan_key /tmp/
# chmod 755 /tmp/scan_key
Go to local host:
jilu@ws:/mnt/c/Users/jilu/.ssh$
$ scp jilu@ws:/tmp/scan_key . #### this is copy the scan private key to remote user at host “jilu@ws” on dir “/mnt/c/Users/jilu/.ssh” or ” ~/.ssh/” for next step use for ssh login with this key.
$ ssh -i ~/.ssh/scan_key root@ws ### this makes user jilu login to remote server with “scan_key” as “root” user.
example:
jilu@ws:/mnt/c/Users/jilu/.ssh$ ssh -i ~/.ssh/scan_key root@ws
Last login: Thu Apr 13 17:09:03 2017 from 10.2.67.43
[root@ws ~]#
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Setup docker test :
blu@ubuntu-test01:~$ cat setup_chefdk_ubuntu.sh
#wget https://packages.chef.io/files/stable/chefdk/1.3.43/ubuntu/16.04/chefdk_1.3.43-1_amd64.deb
#sudo dpkg -i chefdk_*.deb
#chef verify
#sleep 5
echo ‘eval “$(chef shell-init bash)”‘ >> ~/.bash_profile
source ~/.bash_profile
mkdir ~/chef-repo/.chef
blu@ubuntu-test01:~$
blu@ubuntu-test01:~$ cat setup_docker.sh
sudo apt-key adv –keyserver hkp://p80.pool.sks-keyservers.net:80 –recv-keys 58118E89F3A912897C070ADBF76221572C52609D
sudo apt-add-repository ‘deb https://apt.dockerproject.org/repo ubuntu-xenial main’
sudo apt-get update
apt-cache policy docker-engine
sudo apt-get install -y docker-engine
sudo systemctl status docker
#sudo usermod -aG docker $(whoami)
#sudo usermod -aG docker
#docker docker-subcommand –help
docker info
#docker run hello-world
docker search ubuntu
docker pull ubuntu
docker run ubuntu
docker images
#docker run -it ubuntu
# https://www.digitalocean.com/community/tutorials/how-to-install-and-use-docker-on-ubuntu-16-04
# https://cloud.docker.com/
# https://docs.docker.com/engine/userguide/
blu@ubuntu-test01:~$ sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d8d0fb9aaa99 ubuntu “/bin/bash” 18 minutes ago Up 18 minutes networktest
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
kitchen test: ( on RHEL 7.0):
448 cd git_cookbook/
449 cat .kitchen.yml
450 berks install
451 kitchen init
452 kitchen create
453 sudo kitchen create
455 kitchen list
457 kitchen login
458 kitchen converge
459 kitchen verify
[chef@chefTest001 git_cookbook]$ pwd
/export/home/chef/cookbook/git_cookbook
[chef@chefTest001 git_cookbook]$ ls -la
total 36
drwxrwxr-x. 7 chef chef 4096 May 6 02:01 .
drwxrwxr-x. 10 chef chef 4096 May 6 00:21 ..
-rw-rw-r–. 1 chef chef 47 May 5 23:50 Berksfile
-rw——-. 1 chef chef 89 May 6 02:03 Berksfile.lock
-rw-rw-r–. 1 chef chef 1133 May 5 23:50 chefignore
drwxrwxr-x. 3 chef chef 64 May 5 23:50 .delivery
-rw-rw-r–. 1 chef chef 185 May 5 23:50 .gitignore
drwxrwxr-x. 3 chef chef 86 May 6 02:01 .kitchen
-rw-rw-r–. 1 chef chef 399 May 6 01:59 .kitchen.yml
-rw-rw-r–. 1 chef chef 603 May 5 23:50 metadata.rb
-rw-rw-r–. 1 chef chef 60 May 5 23:50 README.md
drwxrwxr-x. 2 chef chef 23 May 5 23:50 recipes
drwxrwxr-x. 3 chef chef 38 May 5 23:50 spec
drwxrwxr-x. 3 chef chef 20 May 5 23:50 test
[chef@chefTest001 git_cookbook]$ cat .kitchen.yml
—
driver:
name: docker
use_sudo: false
provisioner:
name: chef_solo
always_update_cookbooks: true
verifier:
name: inspec
platforms:
– name: ‘centos’
driver_plugin: docker
driver:
use_sudo: false
image: centos:7
suites:
– name: default
run_list:
– recipe[git_cookbook::default]
verifier:
inspec_tests:
– test/recipes
attributes:
[chef@chefTest001 git_cookbook]$
[chef@chefTest001 git_cookbook]$ sudo kitchen create
—–> Starting Kitchen (v1.13.2)
—–> Creating
Sending build context to Docker daemon 63.49 kB
Step 1 : FROM centos:7
—> a8493f5f50ff
Step 2 : ENV container docker
—> Using cache
—> cd4f34c2a359
Step 3 : RUN yum clean all
—> Using cache
—> e57827f1b45a
Step 4 : RUN yum install -y sudo openssh-server openssh-clients which curl
—> Using cache
—> 98d0bbc9addc
Step 5 : RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ”
—> Using cache
—> ad964f0e4ec1
Step 6 : RUN ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ”
—> Using cache
—> 1171ee68fc65
Step 7 : RUN if ! getent passwd kitchen; then useradd -d /home/kitchen -m -s /bin/bash -p ‘*’ kitchen; fi
—> Using cache
—> adf344a1c27e
Step 8 : RUN echo “kitchen ALL=(ALL) NOPASSWD: ALL” >> /etc/sudoers
—> Using cache
—> 9366130369e8
Step 9 : RUN echo “Defaults !requiretty” >> /etc/sudoers
—> Using cache
—> c84da9dac217
Step 10 : RUN mkdir -p /home/kitchen/.ssh
—> Using cache
—> a93af0df0297
Step 11 : RUN chown -R kitchen /home/kitchen/.ssh
—> Using cache
—> 40d10af1a509
Step 12 : RUN chmod 0700 /home/kitchen/.ssh
—> Using cache
—> f6ca60f49247
Step 13 : RUN touch /home/kitchen/.ssh/authorized_keys
—> Using cache
—> 786812c8cff7
Step 14 : RUN chown kitchen /home/kitchen/.ssh/authorized_keys
—> Using cache
—> b4769fcf9c5d
Step 15 : RUN chmod 0600 /home/kitchen/.ssh/authorized_keys
—> Using cache
—> 34137ca6012b
Step 16 : RUN echo ssh-rsa\ AAAAB3NzaC1yc2EAAAADAQABAAABAQD5OPccUfzFS7QWobVYo4ZcU953IV\+TMsYby8U1EwDApxktasuFvL5EeZKcIpoa9T7yTrcrc2eoHhLx3dzHZn5KiilZmj7ifI2\+c7nscNgP68Br15xbCCyRRILa3DNGdbwCvlNWPQST\+dIOgnhvB2krT8jm8ppB8E/3tyRCgwvKNWNs9jVOJKWqgQHfanpu4upQKsqbwv04cEOZ5fnivqTG90QvVOaG724czxcrdxkWcZMV6n9ztFwVTxcf11smyjZF0xCqHV9GoIxWhhbSCakn5uc9GnjHdrpeTcCPh9vDOn71TQrmaU8CFpwLK4dgVnvQGxVh1v4147XakGCGmbut\ kitchen_docker_key >> /home/kitchen/.ssh/authorized_keys
—> Running in 9e5593989577
—> f07bfba007d4
Removing intermediate container 9e5593989577
Successfully built f07bfba007d4
84dd0e5f49a7606b995cd82d3f85cc5932571814f5da5b42355be35dd44b413b
0.0.0.0:32771
[SSH] Established
Finished creating
—–> Kitchen is finished. (0m4.26s)
[chef@chefTest001 git_cookbook]$ sudo kitchen list
Instance Driver Provisioner Verifier Transport Last Action
default-centos Docker ChefSolo Inspec Ssh Created
[chef@chefTest001 git_cookbook]$ kitchen list
Instance Driver Provisioner Verifier Transport Last Action
default-centos Docker ChefSolo Inspec Ssh Created
[chef@chefTest001 git_cookbook]$ kitchen ssh
Could not find command “ssh”.
[chef@chefTest001 git_cookbook]$ kitchen login
Last login: Fri May 5 20:31:56 2017 from 172.17.0.1
[kitchen@84dd0e5f49a7 ~]$ exit
logout
Connection to localhost closed.
[chef@chefTest001 git_cookbook]$ kitchen converge
—–> Starting Kitchen (v1.13.2)
—–> Converging
Preparing files for transfer
Preparing dna.json
Resolving cookbook dependencies with Berkshelf 5.2.0…
Removing non-cookbook files before transfer
Preparing solo.rb
—–> Installing Chef Omnibus (install only if missing)
Downloading https://omnitruck.chef.io/install.sh to file /tmp/install.sh
Trying curl…
Download complete.
el 7 x86_64
Getting information for chef stable for el…
downloading https://omnitruck.chef.io/stable/chef/metadata?v=&p=el&pv=7&m=x86_64
to file /tmp/install.sh.60/metadata.txt
trying curl…
sha1 f0eac57e53833d710334839fbe4e9b940d1c43c6
sha256 a3cb30fe2eb6e3ce5ea8914635d01562660f4978568fa3303b14336eefdb09ee
url https://packages.chef.io/files/stable/chef/13.0.118/el/7/chef-13.0.118-1.el7.x86_64.rpm
version 13.0.118
downloaded metadata file looks valid…
downloading https://packages.chef.io/files/stable/chef/13.0.118/el/7/chef-13.0.118-1.el7.x86_64.rpm
to file /tmp/install.sh.60/chef-13.0.118-1.el7.x86_64.rpm
trying curl…
Comparing checksum with sha256sum…
WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
You are installing an omnibus package without a version pin. If you are installing
on production servers via an automated process this is DANGEROUS and you will
be upgraded without warning on new releases, even to new major releases.
Letting the version float is only appropriate in desktop, test, development or
CI/CD environments.
WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
Installing chef
installing with rpm…
warning: /tmp/install.sh.60/chef-13.0.118-1.el7.x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID 83ef826a: NOKEY
Preparing… ################################# [100%]
Updating / installing…
1:chef-13.0.118-1.el7 ################################# [100%]
Thank you for installing Chef!
Transferring files to
Starting Chef Client, version 13.0.118
[2017-05-05T20:34:14+00:00] WARN: Plugin Network: unable to detect ipaddress
[2017-05-05T20:34:14+00:00] WARN: Plugin Network: unable to detect ipaddress
Creating a new client identity for default-centos using the validator key.
resolving cookbooks for run list: [“git_cookbook::default”]
Synchronizing Cookbooks:
– git_cookbook (0.1.0)
Installing Cookbook Gems:
Compiling Cookbooks…
Converging 1 resources
Recipe: git_cookbook::default
* log[This is default git recipe] action write
Running handlers:
Running handlers complete
Chef Client finished, 1/1 resources updated in 01 seconds
Finished converging
—–> Kitchen is finished. (0m30.11s)
[chef@chefTest001 git_cookbook]$ kitchen verify
—–> Starting Kitchen (v1.13.2)
—–> Setting up
Finished setting up
—–> Verifying
Using `/export/home/chef/cookbook/git_cookbook/test/recipes/default` for testing
Target: ssh://kitchen@localhost:32771
User root
✔ should exist
○ This is an example test, replace with your own test.
Port 80
✔ should not be listening
○ This is an example test, replace with your own test.
Test Summary: 2 successful, 0 failures, 2 skipped
Finished verifying
—–> Kitchen is finished. (0m1.90s)