Chef Zero Cheatsheet

From Bonus Bits
Jump to: navigation, search

Description

This article describes some information about the default layout of Chef Client inside a Test Kitchen virtual machine whether it's local or in the cloud. Such as how to manually run Chef client with a specific log level for debugging.


Run Chef Client

After standing up virtual machine with Kitchen

sudo -E /opt/chef/bin/chef-client --local-mode --config /tmp/kitchen/client.rb --log_level auto --force-formatter --no-color --json-attributes /tmp/kitchen/dna.json --chef-zero-port 8889
sudo -E /opt/chef/bin/chef-client --local-mode --config /tmp/kitchen/client.rb --log_level info --force-formatter --no-color --json-attributes /tmp/kitchen/dna.json --chef-zero-port 8889
sudo -E /opt/chef/bin/chef-client --local-mode --config /tmp/kitchen/client.rb --log_level debug --force-formatter --json-attributes /tmp/kitchen/dna.json --chef-zero-port 8889


File Locations

  • client.rb
    /tmp/kitchen/client.rb
  • cache
    /tmp/kitchen/cache
  • cookbook path
    /tmp/kitchen/cookbooks
    /tmp/kitchen/site-cookbooks
  • data bag path
    /tmp/kitchen/data_bags
  • environment path
    /tmp/kitchen/environments
  • node path
    /tmp/kitchen/nodes
  • role path
    /tmp/kitchen/roles
  • encrypted data bag secret path
    /tmp/kitchen/encrypted_data_bag_secret
  • chef server url
    http://127.0.0.1:8889


Data Bag Manipulation

Remember a Data Bag is just a folder and the Data Bag Item is the actual JSON file. Using Chef Zero to update a data bag item that will be committed to Github and then used in the real Chef environment is one way to manipulate data bags easily and securely.

  • Show encrypted data bag contents uploaded to Chef Zero by Kitchen
    knife data bag show <data bag name> <data bag item name> --local-mode -c /tmp/kitchen/client.rb --secret-file /tmp/kitchen/encrypted_data_bag_secret
    
  • Decrypt data bag item and write to JSON file
    knife data bag show <data bag name> <data bag item name> --local-mode -c /tmp/kitchen/client.rb --secret-file /tmp/kitchen/encrypted_data_bag_secret -Fj >> ~/mydatabag_item.json
    
  • Encrypt data bag item from JSON file
    knife data bag from file <data bag name> </path/to/mydatabagitem.json> --local-mode -c /tmp/kitchen/client.rb --secret-file /tmp/kitchen/encrypted_data_bag_secret
    
  • Export encrypted data bag item from Chef Zero (such as, after updating and encrypting it so you can grab and commit to Github)
    knife data bag show <data bag name> <data bag item name> --local-mode -c /tmp/kitchen/client.rb -Fj >> ~/mydatabag_item.json