{"id":166,"date":"2017-05-19T23:15:11","date_gmt":"2017-05-19T23:15:11","guid":{"rendered":"http:\/\/cephswift.com\/?page_id=166"},"modified":"2017-05-19T23:15:11","modified_gmt":"2017-05-19T23:15:11","slug":"chef-compliance-working-notes","status":"publish","type":"page","link":"https:\/\/cephswift.com\/index.php\/chef-compliance-working-notes\/","title":{"rendered":"Chef Compliance working notes"},"content":{"rendered":"

Example to add \/ register host to chef server and install “chef-client”:<\/p>\n

# knife bootstrap -N <\/p>\n

Working on Workstation host ( WS):<\/p>\n

local host ubuntu1404, chefdk dir
\n\/opt\/chefdk\/bin<\/p>\n

root@WS:\/opt\/chefdk\/bin# pwd
\n\/opt\/chefdk\/bin
\nroot@WS:\/opt\/chefdk\/bin# ls -ltr
\ntotal 4605
\n-rwxr-xr-x 1 root root 532 Feb 2 11:22 rubocop
\n-rwxr-xr-x 1 root root 1725 Feb 2 11:22 pushy-service-manager
\n-rwxr-xr-x 1 root root 1716 Feb 2 11:22 pushy-client
\n-rwxr-xr-x 1 root root 1714 Feb 2 11:22 push-apply
\n-rwxr-xr-x 1 root root 1731 Feb 2 11:22 print_execution_environment
\n-rwxr-xr-x 1 root root 733 Feb 2 11:22 ohai
\n-rwxr-xr-x 1 root root 1601 Feb 2 11:22 knife
\n-rwxr-xr-x 1 root root 633 Feb 2 11:22 kitchen
\n-rwxr-xr-x 1 root root 1612 Feb 2 11:22 inspec
\n-rwxr-xr-x 1 root root 634 Feb 2 11:22 foodcritic
\n-rwxrwxr-x 1 root root 4651450 Feb 2 11:22 delivery
\n-rwxr-xr-x 1 root root 390 Feb 2 11:22 dco
\n-rwxr-xr-x 1 root root 562 Feb 2 11:22 cookstyle
\n-rwxr-xr-x 1 root root 368 Feb 2 11:22 chef-vault
\n-rwxr-xr-x 1 root root 1605 Feb 2 11:22 chef-solo
\n-rwxr-xr-x 1 root root 1606 Feb 2 11:22 chef-shell
\n-rwxr-xr-x 1 root root 1607 Feb 2 11:22 chef-client
\n-rwxr-xr-x 1 root root 1606 Feb 2 11:22 chef-apply
\n-rwxr-xr-x 1 root root 2247 Feb 2 11:22 chef
\n-rwxr-xr-x 1 root root 1371 Feb 2 11:22 berks
\nroot@WS:\/opt\/chefdk\/bin#<\/p>\n

1. I created new org as “inforSec_compliance” on chef_server
\n2. Created new project as “inforSec_test” under org “infoSec_compliance”, then system tell me to run “Pipeline create & test”, <\/p>\n

Create a Pipeline<\/p>\n

This project needs a pipeline! Here’s how to create one.<\/p>\n

If you haven’t already, install the delivery command-line tool. See the Chef Docs for details on how to do that.
\nWith the command-line tool installed, clone this project:
\ndelivery clone infosec_test –ent=Informatica –org=infoSec_compliance –user=jilu –server=$(chef_server_name)<\/p>\n

worked on my local host to setup talk with Chef automate server:<\/p>\n

cd infosec_test
\nCreate a project configuration file:
\ndelivery setup –ent=cephswift –org=infoSec_compliance –user=jilu –server=$(chef_server_name)
\nMake an initial commit. Note we’re excluding the project configuration file:
\necho “# infosec_test” >> README.md
\necho “.delivery\/cli.toml” >> .gitignore
\ngit add README.md .gitignore
\ngit commit -m “Initial commit”
\nRun delivery init, which will create an empty build cookbook for you (with an empty set of phase recipes), add the cookbook to your project, create the new pipeline and submit the project to Delivery for review:
\ndelivery init<\/p>\n

——————————————————————————
\nI got screen output as below:<\/p>\n

root@ws:\/opt\/chefdk# delivery clone infosec_test –ent=cephswift –org=infoSec_compliance –user=jilu –server=$(chef_server_name)
\ncd infosec_testChef Delivery
\nCloning ssh:\/\/jilu@$(chef_server_name):8989\/cephswift\/infoSec_compliance\/infosec_test to infosec_test
\n\\The authenticity of host ‘[$(chef_server_name)]:8989 ([10.1.33.10]:8989)’ can’t be established.
\nRSA key fingerprint is 7f:ee:9a:f1:ff:48:99:2d:c8:9e:13:d3:f7:9e:61:ff.
\nAre you sure you want to continue connecting (yes\/no)?–|\/ Git command failed!
\nSTDOUT:
\nSTDERR: Cloning into ‘infosec_test’…
\nWarning: Permanently added ‘[psvilxautop1.informatica.com]:8989,[10.1.33.10]:8989’ (RSA) to the list of known hosts.
\nConnection closed by 10.1.33.10
\nfatal: Could not read from remote repository.<\/p>\n

Please make sure you have the correct access rights
\nand the repository exists.<\/p>\n

root@ws:\/opt\/chefdk#
\n========================================================<\/p>\n

Delete unused cookbooks:<\/p>\n

root@ws:~\/chef-repo# knife cookbook bulk delete chef-cookbooks
\nAll versions of the following cookbooks will be deleted:<\/p>\n

chef-cookbooks<\/p>\n

Do you really want to delete these cookbooks? (Y\/N) y<\/p>\n

Deleted cookbook chef-cookbooks [0.1.0]
\nroot@ws:~\/chef-repo# knife cookbook bulk delete starter
\nAll versions of the following cookbooks will be deleted:<\/p>\n

starter<\/p>\n

Do you really want to delete these cookbooks? (Y\/N) y<\/p>\n

Deleted cookbook starter [1.0.0]
\nroot@ws:~\/chef-repo#<\/p>\n

=======================================================
\nhttps:\/\/github.com\/chef-cookbooks\/audit\/issues\/204 #### issue fix from worked with chef.io developer, did this fix on QA workstation<\/p>\n

[root@test_03 audit]# berks install
\nResolving cookbook dependencies…
\nFetching ‘audit’ from source at .
\nFetching ‘test_helper’ from source at test\/cookbooks\/test_helper
\nFetching cookbook index from https:\/\/supermarket.chef.io…
\n…..
\nUsing audit (2.4.0) from source at .
\nInstalling compat_resource (12.16.3)
\nInstalling mingw (2.0.0)
\nInstalling build-essential (8.0.0)
\nInstalling ohai (5.0.2)
\nInstalling git (6.0.0)
\nInstalling dmg (3.1.0)
\nInstalling seven_zip (2.0.2)
\nUsing test_helper (0.1.0) from source at test\/cookbooks\/test_helper
\nInstalling windows (3.0.4)
\nInstalling yum-epel (2.1.1)<\/p>\n

[root@test_03 audit]# pwd
\n\/root\/chef-repo\/chef-cookbooks\/audit<\/p>\n

[root@test_03 audit]# cd ..<\/p>\n

[root@test_03 chef-cookbooks]# cd ..<\/p>\n

[root@test_03 chef-repo]# knife cookbook upload audit -o .\/chef-cookbooks
\nUploading audit [2.4.0]
\nERROR: Cookbook audit depends on cookbooks which are not currently
\nERROR: being uploaded and cannot be found on the server.
\nERROR: The missing cookbook(s) are: ‘compat_resource’ version ‘>= 0.0.0’<\/p>\n

[root@ws chef-repo]# ls -l
\ntotal 8
\ndrwxr-xr-x 2 root root 6 Mar 20 12:28 certificates
\ndrwxr-xr-x 3 root root 18 Mar 31 11:59 chef-cookbooks
\ndrwxr-xr-x 2 root root 6 Mar 20 12:28 config
\ndrwxr-xr-x 7 root root 102 Mar 23 16:38 cookbooks
\ndrwxr-xr-x 4 root root 34 Mar 23 15:09 data-bags
\ndrwxr-xr-x 2 root root 6 Mar 20 12:31 environments
\n-rw-r–r– 1 root root 1125 Mar 20 16:33 how_to_use_chef.txt
\n-rw-r–r– 1 root root 2341 Mar 17 14:17 README.md
\ndrwxr-xr-x 2 root root 23 Mar 17 14:17 roles<\/p>\n

[root@ws chef-repo]# cd chef-cookbooks\/audit\/<\/p>\n

\/root\/chef-repo\/chef-cookbooks\/audit<\/p>\n

[root@test_03 audit]# ls -ltr
\ntotal 100
\n-rw-r–r– 1 root root 11357 Mar 31 11:59 LICENSE
\n-rw-r–r– 1 root root 653 Mar 31 11:59 Gemfile
\n-rw-r–r– 1 root root 111 Mar 31 11:59 CONTRIBUTING.md
\n-rw-r–r– 1 root root 29402 Mar 31 11:59 CHANGELOG.md
\n-rw-r–r– 1 root root 153 Mar 31 11:59 Berksfile
\n-rw-r–r– 1 root root 2858 Mar 31 11:59 TROUBLESHOOTING.md
\n-rw-r–r– 1 root root 106 Mar 31 11:59 TESTING.md
\n-rw-r–r– 1 root root 19196 Mar 31 11:59 README.md
\n-rw-r–r– 1 root root 1852 Mar 31 11:59 Rakefile
\n-rw-r–r– 1 root root 1067 Mar 31 11:59 chefignore
\ndrwxr-xr-x 2 root root 23 Mar 31 11:59 attributes
\ndrwxr-xr-x 7 root root 103 Mar 31 11:59 examples
\ndrwxr-xr-x 3 root root 20 Mar 31 11:59 files
\ndrwxr-xr-x 4 root root 49 Mar 31 11:59 spec
\ndrwxr-xr-x 2 root root 33 Mar 31 11:59 resources
\ndrwxr-xr-x 2 root root 55 Mar 31 11:59 recipes
\n-rw-r–r– 1 root root 503 Mar 31 11:59 metadata.rb
\ndrwxr-xr-x 2 root root 87 Mar 31 11:59 libraries
\ndrwxr-xr-x 2 root root 27 Mar 31 11:59 tasks
\ndrwxr-xr-x 5 root root 63 Mar 31 11:59 test
\n-rw——- 1 root root 587 Mar 31 14:13 Berksfile.lock
\n[root@test_03 audit]# cp metadata.rb metadata.rb.orig<\/p>\n

[root@test_03 audit]# ls -ltr
\ntotal 104
\n-rw-r–r– 1 root root 11357 Mar 31 11:59 LICENSE
\n-rw-r–r– 1 root root 653 Mar 31 11:59 Gemfile
\n-rw-r–r– 1 root root 111 Mar 31 11:59 CONTRIBUTING.md
\n-rw-r–r– 1 root root 29402 Mar 31 11:59 CHANGELOG.md
\n-rw-r–r– 1 root root 153 Mar 31 11:59 Berksfile
\n-rw-r–r– 1 root root 2858 Mar 31 11:59 TROUBLESHOOTING.md
\n-rw-r–r– 1 root root 106 Mar 31 11:59 TESTING.md
\n-rw-r–r– 1 root root 19196 Mar 31 11:59 README.md
\n-rw-r–r– 1 root root 1852 Mar 31 11:59 Rakefile
\n-rw-r–r– 1 root root 1067 Mar 31 11:59 chefignore
\ndrwxr-xr-x 2 root root 23 Mar 31 11:59 attributes
\ndrwxr-xr-x 7 root root 103 Mar 31 11:59 examples
\ndrwxr-xr-x 3 root root 20 Mar 31 11:59 files
\ndrwxr-xr-x 4 root root 49 Mar 31 11:59 spec
\ndrwxr-xr-x 2 root root 33 Mar 31 11:59 resources
\ndrwxr-xr-x 2 root root 55 Mar 31 11:59 recipes
\ndrwxr-xr-x 2 root root 87 Mar 31 11:59 libraries
\ndrwxr-xr-x 2 root root 27 Mar 31 11:59 tasks
\ndrwxr-xr-x 5 root root 63 Mar 31 11:59 test
\n-rw——- 1 root root 587 Mar 31 14:13 Berksfile.lock
\n-rw-r–r– 1 root root 503 Mar 31 14:21 metadata.rb.orig
\n-rw-r–r– 1 root root 541 Mar 31 14:23 metadata.rb<\/p>\n

[root@test_03 audit]# berks upload
\nUploaded audit (2.4.0) to: ‘https:\/\/psvlxccas02.informatica.com:443\/organizations\/infosec_qa’
\nUploaded build-essential (8.0.0) to: ‘https:\/\/psvlxccas02.informatica.com:443\/organizations\/infosec_qa’
\nUploaded compat_resource (12.16.3) to: ‘https:\/\/psvlxccas02.informatica.com:443\/organizations\/infosec_qa’
\nUploaded dmg (3.1.0) to: ‘https:\/\/psvlxccas02.informatica.com:443\/organizations\/infosec_qa’
\nUploaded git (6.0.0) to: ‘https:\/\/psvlxccas02.informatica.com:443\/organizations\/infosec_qa’
\nUploaded mingw (2.0.0) to: ‘https:\/\/psvlxccas02.informatica.com:443\/organizations\/infosec_qa’
\nUploaded ohai (5.0.2) to: ‘https:\/\/psvlxccas02.informatica.com:443\/organizations\/infosec_qa’
\nUploaded seven_zip (2.0.2) to: ‘https:\/\/psvlxccas02.informatica.com:443\/organizations\/infosec_qa’
\nUploaded test_helper (0.1.0) to: ‘https:\/\/psvlxccas02.informatica.com:443\/organizations\/infosec_qa’
\nUploaded windows (3.0.4) to: ‘https:\/\/psvlxccas02.informatica.com:443\/organizations\/infosec_qa’
\nUploaded yum-epel (2.1.1) to: ‘https:\/\/psvlxccas02.informatica.com:443\/organizations\/infosec_qa’<\/p>\n

[root@test_03 audit]# knife cookbook list
\napache 0.1.0
\naudit 2.4.0
\nbuild-essential 8.0.0
\ncompat_resource 12.16.3
\ndmg 3.1.0
\ngit 6.0.0
\nmingw 2.0.0
\nmy_test_cookbook 0.1.0
\nnginx 0.1.0
\nohai 5.0.2
\nseven_zip 2.0.2
\ntest_helper 0.1.0
\nwindows 3.0.4
\nyum-epel 2.1.1
\nyum_update 0.1.0
\n[root@psvlxccas03 audit]#<\/p>\n

delete 4 test cookbooks uploaded:<\/p>\n

apache 0.1.0
\nmy_test_cookbook 0.1.0
\nnginx 0.1.0
\nyum_update 0.1.0<\/p>\n

[root@test_03 chef-repo]# knife cookbook delete apache
\nDo you really want to delete apache version 0.1.0? (Y\/N) y
\nDeleted cookbook[apache version 0.1.0]
\n[root@test_03 chef-repo]# knife cookbook delete my_test_cookbook
\nDo you really want to delete my_test_cookbook version 0.1.0? (Y\/N) y
\nDeleted cookbook[my_test_cookbook version 0.1.0]
\n[root@test_03 chef-repo]# knife cookbook delete nginx
\nDo you really want to delete nginx version 0.1.0? (Y\/N) y
\nDeleted cookbook[nginx version 0.1.0]
\n[root@test_03 chef-repo]# knife cookbook delete yum_update
\nDo you really want to delete yum_update version 0.1.0? (Y\/N) y
\nDeleted cookbook[yum_update version 0.1.0]
\n[root@test_03 chef-repo]# knife cookbook list
\naudit 2.4.0
\nbuild-essential 8.0.0
\ncompat_resource 12.16.3
\ndmg 3.1.0
\ngit 6.0.0
\nmingw 2.0.0
\nohai 5.0.2
\nseven_zip 2.0.2
\ntest_helper 0.1.0
\nwindows 3.0.4
\nyum-epel 2.1.1
\n[root@psvlxccas03 chef-repo]#<\/p>\n

===============================================================<\/p>\n

troubleshoot tips for upload cookbooks from “berks install” with “No Berksfile or Berksfile.lock found at ‘\/root\/chef-repo\/chef-cookbooks\/linux-baseline’!”<\/p>\n

fix:<\/p>\n

# gem install berkshelf #### run this to make sure berks is install, or run:
\n# gem update berkshelf #### run this to make sure berks is updated version.<\/p>\n

example:
\nroot@ws5:~\/chef-repo# chef gem install berkshelf
\nSuccessfully installed berkshelf-5.6.4
\n1 gem installed<\/p>\n

[root@test_03 chef-cookbooks]# pwd
\n\/root\/chef-repo\/chef-cookbooks<\/p>\n

# git clone https:\/\/github.com\/chef-cookbooks\/audit
\n # git clone https:\/\/github.com\/dev-sec\/linux-baseline
\n # git clone https:\/\/github.com\/dev-sec\/chef-os-hardening<\/p>\n

[root@ws chef-cookbooks]# ls -ltr
\ntotal 12
\ndrwxr-xr-x 13 root root 4096 Mar 31 14:33 audit
\ndrwxr-xr-x 9 root root 4096 Apr 6 17:07 chef-os-hardening
\ndrwxr-xr-x 9 root root 4096 Apr 7 11:05 linux-baseline
\n[root@ws3 chef-cookbooks]#<\/p>\n

1. go to “\/root\/chef-repo\/chef-cookbooks”, run “chef generate cookbook linux-baseline -b” to add Berksfile to cookbook “linux-baseline”
\n2. cd linux-baseline
\n3. run “berks install”;
\n4. run “berks upload”; ### this will upload the cookbook “linux-baseline” to chef server.
\n5. verify with ” knife cookbook list”, you will be able to see the cookbook is there uploaded onto chef server.<\/p>\n

example:
\n[root@ws chef-cookbooks]# chef generate cookbook chef-os-hardening -b ### to add Berksfile to cookbook “chef-os-hardening “.
\n[root@ws chef-cookbooks]# cd chef-os-hardening ### the next two command “berks install” and “berks upload” must running inside the cookbook
\n[root@ws chef-os-hardening]# berks install
\n[root@ws chef-os-hardening]# berks upload
\n[root@ws chef-os-hardening]# knife cookbook list<\/p>\n

Do the same as above to uplaod cookbook “audit” to chef server.<\/p>\n

example to apply roles and cookbook to node to deploy:<\/p>\n

cd \/root\/chef-repo\/roles<\/p>\n

[root@ws roles]# pwd
\n\/root\/chef-repo\/roles
\nvi base_linux.rb<\/p>\n

[root@ws roles]# cat base_linux.rb
\nname ‘base_linux’
\ndescription ‘A base role to be applied to all linux nodes’
\nrun_list ‘recipe[chef-client::default]’,’recipe[audit::default]’
\ndefault_attributes({
\n ‘audit’ => {
\n ‘collector’ => “chef-server-visibility”,
\n ‘profiles’ => [
\n {
\n ‘name’ => ‘linux-patch-baseline’,
\n ‘git’ => ‘https:\/\/github.com\/dev-sec\/linux-patch-baseline.git’
\n },
\n {
\n ‘name’ => ‘linux-baseline’,
\n ‘git’ => ‘https:\/\/github.com\/dev-sec\/linux-baseline.git’
\n }
\n ]
\n }
\n})<\/p>\n

[root@ws roles]#<\/p>\n

[root@ws chef-cookbooks]# knife node run_list set test_01 ‘role[base_linux]’<\/p>\n

============================================================================================<\/p>\n

deploy cookbook in production test server : test_01<\/p>\n

root@ws:~\/chef-repo\/cookbooks\/chef-os-hardening# knife cookbook list
\naudit 3.0.0
\nchef-client 7.2.1
\nchef-ingredient 1.1.0
\nchef-server 5.2.0
\ncompat_resource 12.16.3
\ncookbooks 0.1.0
\ncron 4.1.0
\nlinux-baseline 0.1.0
\nlogrotate 2.1.0
\nohai 5.0.3
\nos-hardening 2.0.0
\npackagecloud 0.3.0
\nrunit 3.0.5
\nsysctl 0.8.1
\nwindows 3.0.4
\nyum-epel 2.1.1
\nroot@ws:~\/chef-repo\/cookbooks\/chef-os-hardening# cd ..\/..<\/p>\n

root@ws:~\/chef-repo# knife node run_list set test_01 ‘role[base_linux]’<\/p>\n

root@ws:~\/chef-repo# knife node run_list set test_01 ‘recipe[linux-baseline]’
\ntest_01:
\n run_list: recipe[linux-baseline]
\nroot@ws:~\/chef-repo# knife node run_list set test_01 ‘recipe[os-hardening]’
\ntest_01:
\n run_list: recipe[os-hardening]<\/p>\n

root@ws:~\/chef-repo# knife node show test_01
\nNode Name: test_01
\nEnvironment: _default
\nFQDN: test_01.cephswift.com
\nIP: 10.1.37.5
\nRun List: recipe[os-hardening]
\nRoles: base_linux
\nRecipes: chef-client::default, audit::default, chef-client::service, chef-client::systemd_service, audit::inspec
\nPlatform: redhat 7.0
\nTags:
\nroot@ws:~\/chef-repo#<\/p>\n

go to “psvlxccpt01” to run “sudo chef-client” to roles, policies, cookbooks deployed on that host.<\/p>\n

—————————————————————————————————————————————————-<\/p>\n

user add from Cli on chef QA server:<\/p>\n

[root@chef_server ~]#<\/p>\n

[jilu@chef_server ~]$ <\/p>\n

# sudo chef-server-ctl user-create admin <\/p>\n

# chef-server-ctl org-user-add infosec_qa admin<\/p>\n

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@<\/p>\n

Scan_Key — how to<\/p>\n

on host : ( Red Hat 7.0 )<\/p>\n

[root@ws .ssh]# hostname<\/p>\n

# vi \/etc\/ssh\/sshd_config # to have all setings below:<\/p>\n

[root@ws ssh]# grep Authentication \/etc\/ssh\/sshd_config | egrep -v ^#
\nRSAAuthentication yes
\nPubkeyAuthentication yes
\nPasswordAuthentication yes
\nChallengeResponseAuthentication no
\nGSSAPIAuthentication yes<\/p>\n

[root@ws ssh]# grep Root \/etc\/ssh\/sshd_config | egrep -v ^#
\nPermitRootLogin yes<\/p>\n

# service sshd restart ### this restart the sshd service to make the change above to take effective.<\/p>\n

[root@ws .ssh]# pwd
\n\/root\/.ssh<\/p>\n

# ssh-keygen -t dsa -f scan_key -C “scan_key”<\/p>\n

[root@ws .ssh]# ls -ltr
\ntotal 16
\n-rw-r–r– 1 root root 2861 Mar 30 13:24 known_hosts
\n-rw-r–r– 1 root root 598 Apr 13 13:12 scan_key.pub
\n-rw——- 1 root root 668 Apr 13 13:12 scan_key
\n-rw——- 1 root root 1594 Apr 13 16:59 authorized_keys<\/p>\n

# cat scan_key.pub >> authorized_keys #### put the pub key in this file, system will use this file to check if remote user has pub key stored here for anthentication or not.
\n# scp scan_key \/tmp\/
\n# chmod 755 \/tmp\/scan_key<\/p>\n

Go to local host:
\njilu@ws:\/mnt\/c\/Users\/jilu\/.ssh$<\/p>\n

$ scp jilu@ws:\/tmp\/scan_key . #### this is copy the scan private key to remote user at host “jilu@ws” on dir “\/mnt\/c\/Users\/jilu\/.ssh” or ” ~\/.ssh\/” for next step use for ssh login with this key.<\/p>\n

$ ssh -i ~\/.ssh\/scan_key root@ws ### this makes user jilu login to remote server with “scan_key” as “root” user.<\/p>\n

example:<\/p>\n

jilu@ws:\/mnt\/c\/Users\/jilu\/.ssh$ ssh -i ~\/.ssh\/scan_key root@ws
\nLast login: Thu Apr 13 17:09:03 2017 from 10.2.67.43
\n[root@ws ~]#<\/p>\n

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@<\/p>\n

Setup docker test :<\/p>\n

blu@ubuntu-test01:~$ cat setup_chefdk_ubuntu.sh
\n#wget https:\/\/packages.chef.io\/files\/stable\/chefdk\/1.3.43\/ubuntu\/16.04\/chefdk_1.3.43-1_amd64.deb
\n#sudo dpkg -i chefdk_*.deb
\n#chef verify
\n#sleep 5
\necho ‘eval “$(chef shell-init bash)”‘ >> ~\/.bash_profile
\nsource ~\/.bash_profile
\nmkdir ~\/chef-repo\/.chef
\nblu@ubuntu-test01:~$<\/p>\n

blu@ubuntu-test01:~$ cat setup_docker.sh
\nsudo apt-key adv –keyserver hkp:\/\/p80.pool.sks-keyservers.net:80 –recv-keys 58118E89F3A912897C070ADBF76221572C52609D
\nsudo apt-add-repository ‘deb https:\/\/apt.dockerproject.org\/repo ubuntu-xenial main’
\nsudo apt-get update
\napt-cache policy docker-engine
\nsudo apt-get install -y docker-engine
\nsudo systemctl status docker
\n#sudo usermod -aG docker $(whoami)
\n#sudo usermod -aG docker ## example : $ sudo usermod -aG docker blu
\n#docker docker-subcommand –help
\ndocker info
\n#docker run hello-world
\ndocker search ubuntu
\ndocker pull ubuntu
\ndocker run ubuntu
\ndocker images
\n#docker run -it ubuntu
\n# https:\/\/www.digitalocean.com\/community\/tutorials\/how-to-install-and-use-docker-on-ubuntu-16-04
\n# https:\/\/cloud.docker.com\/
\n# https:\/\/docs.docker.com\/engine\/userguide\/<\/p>\n

blu@ubuntu-test01:~$ sudo docker ps
\nCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
\nd8d0fb9aaa99 ubuntu “\/bin\/bash” 18 minutes ago Up 18 minutes networktest<\/p>\n

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@<\/p>\n

kitchen test: ( on RHEL 7.0):<\/p>\n

448 cd git_cookbook\/
\n 449 cat .kitchen.yml
\n 450 berks install
\n 451 kitchen init
\n 452 kitchen create
\n 453 sudo kitchen create
\n 455 kitchen list
\n 457 kitchen login
\n 458 kitchen converge
\n 459 kitchen verify<\/p>\n

[chef@chefTest001 git_cookbook]$ pwd
\n\/export\/home\/chef\/cookbook\/git_cookbook<\/p>\n

[chef@chefTest001 git_cookbook]$ ls -la
\ntotal 36
\ndrwxrwxr-x. 7 chef chef 4096 May 6 02:01 .
\ndrwxrwxr-x. 10 chef chef 4096 May 6 00:21 ..
\n-rw-rw-r–. 1 chef chef 47 May 5 23:50 Berksfile
\n-rw——-. 1 chef chef 89 May 6 02:03 Berksfile.lock
\n-rw-rw-r–. 1 chef chef 1133 May 5 23:50 chefignore
\ndrwxrwxr-x. 3 chef chef 64 May 5 23:50 .delivery
\n-rw-rw-r–. 1 chef chef 185 May 5 23:50 .gitignore
\ndrwxrwxr-x. 3 chef chef 86 May 6 02:01 .kitchen
\n-rw-rw-r–. 1 chef chef 399 May 6 01:59 .kitchen.yml
\n-rw-rw-r–. 1 chef chef 603 May 5 23:50 metadata.rb
\n-rw-rw-r–. 1 chef chef 60 May 5 23:50 README.md
\ndrwxrwxr-x. 2 chef chef 23 May 5 23:50 recipes
\ndrwxrwxr-x. 3 chef chef 38 May 5 23:50 spec
\ndrwxrwxr-x. 3 chef chef 20 May 5 23:50 test<\/p>\n

[chef@chefTest001 git_cookbook]$ cat .kitchen.yml
\n—
\ndriver:
\n name: docker
\n use_sudo: false<\/p>\n

provisioner:
\n name: chef_solo
\n always_update_cookbooks: true<\/p>\n

verifier:
\n name: inspec<\/p>\n

platforms:
\n – name: ‘centos’
\n driver_plugin: docker
\n driver:
\n use_sudo: false
\n image: centos:7
\nsuites:
\n – name: default
\n run_list:
\n – recipe[git_cookbook::default]
\n verifier:
\n inspec_tests:
\n – test\/recipes
\n attributes:
\n[chef@chefTest001 git_cookbook]$<\/p>\n

[chef@chefTest001 git_cookbook]$ sudo kitchen create
\n—–> Starting Kitchen (v1.13.2)
\n—–> Creating
\n Sending build context to Docker daemon 63.49 kB
\n Step 1 : FROM centos:7
\n —> a8493f5f50ff
\n Step 2 : ENV container docker
\n —> Using cache
\n —> cd4f34c2a359
\n Step 3 : RUN yum clean all
\n —> Using cache
\n —> e57827f1b45a
\n Step 4 : RUN yum install -y sudo openssh-server openssh-clients which curl
\n —> Using cache
\n —> 98d0bbc9addc
\n Step 5 : RUN ssh-keygen -t rsa -f \/etc\/ssh\/ssh_host_rsa_key -N ”
\n —> Using cache
\n —> ad964f0e4ec1
\n Step 6 : RUN ssh-keygen -t dsa -f \/etc\/ssh\/ssh_host_dsa_key -N ”
\n —> Using cache
\n —> 1171ee68fc65
\n Step 7 : RUN if ! getent passwd kitchen; then useradd -d \/home\/kitchen -m -s \/bin\/bash -p ‘*’ kitchen; fi
\n —> Using cache
\n —> adf344a1c27e
\n Step 8 : RUN echo “kitchen ALL=(ALL) NOPASSWD: ALL” >> \/etc\/sudoers
\n —> Using cache
\n —> 9366130369e8
\n Step 9 : RUN echo “Defaults !requiretty” >> \/etc\/sudoers
\n —> Using cache
\n —> c84da9dac217
\n Step 10 : RUN mkdir -p \/home\/kitchen\/.ssh
\n —> Using cache
\n —> a93af0df0297
\n Step 11 : RUN chown -R kitchen \/home\/kitchen\/.ssh
\n —> Using cache
\n —> 40d10af1a509
\n Step 12 : RUN chmod 0700 \/home\/kitchen\/.ssh
\n —> Using cache
\n —> f6ca60f49247
\n Step 13 : RUN touch \/home\/kitchen\/.ssh\/authorized_keys
\n —> Using cache
\n —> 786812c8cff7
\n Step 14 : RUN chown kitchen \/home\/kitchen\/.ssh\/authorized_keys
\n —> Using cache
\n —> b4769fcf9c5d
\n Step 15 : RUN chmod 0600 \/home\/kitchen\/.ssh\/authorized_keys
\n —> Using cache
\n —> 34137ca6012b
\n Step 16 : RUN echo ssh-rsa\\ AAAAB3NzaC1yc2EAAAADAQABAAABAQD5OPccUfzFS7QWobVYo4ZcU953IV\\+TMsYby8U1EwDApxktasuFvL5EeZKcIpoa9T7yTrcrc2eoHhLx3dzHZn5KiilZmj7ifI2\\+c7nscNgP68Br15xbCCyRRILa3DNGdbwCvlNWPQST\\+dIOgnhvB2krT8jm8ppB8E\/3tyRCgwvKNWNs9jVOJKWqgQHfanpu4upQKsqbwv04cEOZ5fnivqTG90QvVOaG724czxcrdxkWcZMV6n9ztFwVTxcf11smyjZF0xCqHV9GoIxWhhbSCakn5uc9GnjHdrpeTcCPh9vDOn71TQrmaU8CFpwLK4dgVnvQGxVh1v4147XakGCGmbut\\ kitchen_docker_key >> \/home\/kitchen\/.ssh\/authorized_keys
\n —> Running in 9e5593989577
\n —> f07bfba007d4
\n Removing intermediate container 9e5593989577
\n Successfully built f07bfba007d4
\n 84dd0e5f49a7606b995cd82d3f85cc5932571814f5da5b42355be35dd44b413b
\n 0.0.0.0:32771
\n [SSH] Established
\n Finished creating (0m3.20s).
\n—–> Kitchen is finished. (0m4.26s)
\n[chef@chefTest001 git_cookbook]$ sudo kitchen list
\nInstance Driver Provisioner Verifier Transport Last Action
\ndefault-centos Docker ChefSolo Inspec Ssh Created
\n[chef@chefTest001 git_cookbook]$ kitchen list
\nInstance Driver Provisioner Verifier Transport Last Action
\ndefault-centos Docker ChefSolo Inspec Ssh Created
\n[chef@chefTest001 git_cookbook]$ kitchen ssh
\nCould not find command “ssh”.
\n[chef@chefTest001 git_cookbook]$ kitchen login
\nLast login: Fri May 5 20:31:56 2017 from 172.17.0.1
\n[kitchen@84dd0e5f49a7 ~]$ exit
\nlogout
\nConnection to localhost closed.
\n[chef@chefTest001 git_cookbook]$ kitchen converge
\n—–> Starting Kitchen (v1.13.2)
\n—–> Converging
\n Preparing files for transfer
\n Preparing dna.json
\n Resolving cookbook dependencies with Berkshelf 5.2.0…
\n Removing non-cookbook files before transfer
\n Preparing solo.rb
\n—–> Installing Chef Omnibus (install only if missing)
\n Downloading https:\/\/omnitruck.chef.io\/install.sh to file \/tmp\/install.sh
\n Trying curl…
\n Download complete.
\n el 7 x86_64
\n Getting information for chef stable for el…
\n downloading https:\/\/omnitruck.chef.io\/stable\/chef\/metadata?v=&p=el&pv=7&m=x86_64
\n to file \/tmp\/install.sh.60\/metadata.txt
\n trying curl…
\n sha1 f0eac57e53833d710334839fbe4e9b940d1c43c6
\n sha256 a3cb30fe2eb6e3ce5ea8914635d01562660f4978568fa3303b14336eefdb09ee
\n url https:\/\/packages.chef.io\/files\/stable\/chef\/13.0.118\/el\/7\/chef-13.0.118-1.el7.x86_64.rpm
\n version 13.0.118
\n downloaded metadata file looks valid…
\n downloading https:\/\/packages.chef.io\/files\/stable\/chef\/13.0.118\/el\/7\/chef-13.0.118-1.el7.x86_64.rpm
\n to file \/tmp\/install.sh.60\/chef-13.0.118-1.el7.x86_64.rpm
\n trying curl…
\n Comparing checksum with sha256sum…<\/p>\n

WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING<\/p>\n

You are installing an omnibus package without a version pin. If you are installing
\n on production servers via an automated process this is DANGEROUS and you will
\n be upgraded without warning on new releases, even to new major releases.
\n Letting the version float is only appropriate in desktop, test, development or
\n CI\/CD environments.<\/p>\n

WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING<\/p>\n

Installing chef
\n installing with rpm…
\n warning: \/tmp\/install.sh.60\/chef-13.0.118-1.el7.x86_64.rpm: Header V4 DSA\/SHA1 Signature, key ID 83ef826a: NOKEY
\n Preparing… ################################# [100%]
\n Updating \/ installing…
\n 1:chef-13.0.118-1.el7 ################################# [100%]
\n Thank you for installing Chef!
\n Transferring files to
\n Starting Chef Client, version 13.0.118
\n [2017-05-05T20:34:14+00:00] WARN: Plugin Network: unable to detect ipaddress
\n [2017-05-05T20:34:14+00:00] WARN: Plugin Network: unable to detect ipaddress
\n Creating a new client identity for default-centos using the validator key.
\n resolving cookbooks for run list: [“git_cookbook::default”]
\n Synchronizing Cookbooks:
\n – git_cookbook (0.1.0)
\n Installing Cookbook Gems:
\n Compiling Cookbooks…
\n Converging 1 resources
\n Recipe: git_cookbook::default
\n * log[This is default git recipe] action write<\/p>\n

Running handlers:
\n Running handlers complete
\n Chef Client finished, 1\/1 resources updated in 01 seconds
\n Finished converging (0m28.97s).
\n—–> Kitchen is finished. (0m30.11s)
\n[chef@chefTest001 git_cookbook]$ kitchen verify
\n—–> Starting Kitchen (v1.13.2)
\n—–> Setting up
\n Finished setting up (0m0.00s).
\n—–> Verifying
\n Using `\/export\/home\/chef\/cookbook\/git_cookbook\/test\/recipes\/default` for testing<\/p>\n

Target: ssh:\/\/kitchen@localhost:32771<\/p>\n

User root
\n \u2714 should exist
\n \u25cb This is an example test, replace with your own test.
\n Port 80
\n \u2714 should not be listening
\n \u25cb This is an example test, replace with your own test.<\/p>\n

Test Summary: 2 successful, 0 failures, 2 skipped
\n Finished verifying (0m0.73s).
\n—–> Kitchen is finished. (0m1.90s)<\/p>\n","protected":false},"excerpt":{"rendered":"

Example to add \/ register host to chef server and install “chef-client”: # knife bootstrap -N Working on Workstation host ( WS): local host ubuntu1404, chefdk dir \/opt\/chefdk\/bin root@WS:\/opt\/chefdk\/bin# pwd \/opt\/chefdk\/bin root@WS:\/opt\/chefdk\/bin# ls -ltr total 4605 -rwxr-xr-x 1 root root 532 Feb 2 11:22 rubocop -rwxr-xr-x 1 root root 1725 Feb 2 11:22 pushy-service-manager -rwxr-xr-x […]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":[],"_links":{"self":[{"href":"https:\/\/cephswift.com\/index.php\/wp-json\/wp\/v2\/pages\/166"}],"collection":[{"href":"https:\/\/cephswift.com\/index.php\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/cephswift.com\/index.php\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/cephswift.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cephswift.com\/index.php\/wp-json\/wp\/v2\/comments?post=166"}],"version-history":[{"count":1,"href":"https:\/\/cephswift.com\/index.php\/wp-json\/wp\/v2\/pages\/166\/revisions"}],"predecessor-version":[{"id":167,"href":"https:\/\/cephswift.com\/index.php\/wp-json\/wp\/v2\/pages\/166\/revisions\/167"}],"wp:attachment":[{"href":"https:\/\/cephswift.com\/index.php\/wp-json\/wp\/v2\/media?parent=166"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}