Knife::Server
An Opscode Chef knife plugin to manage Chef Servers. Bootstrap a new Chef Server on Amazon's EC2 or a standalone server. Backup and restore your Chef Server or Hosted Chef's node, role, data bag, and environment JSON data.
Usage
Follow the installation instructions, then you are ready to create your very own Chef Server running Ubuntu on Amazon's EC2 service:
$ knife server bootstrap ec2 --ssh-user ubuntu \
--node-name chefapalooza.example.comOr maybe you want to try out a Chef Server using Vagrant?
$ cat <<VAGRANTFILE > Vagrantfile
Vagrant::Config.run do |config|
config.vm.box = "precise64"
config.vm.box_url = "http://files.vagrantup.com/precise64.box"
config.vm.network :hostonly, "192.168.33.11"
config.vm.customize ["modifyvm", :id, "--memory", 2048]
end
VAGRANTFILE
$ vagrant up
$ knife server bootstrap standalone --ssh-user vagrant \
--node-name chefapalooza.example.com --host 192.168.33.11Taking a backup of all node, role, data bag, and environment data is also a snap:
$ knife server backupRestoring all that data isn't too hard either:
$ knife server restoreLet's say you have all your roles, environments, and data bags in a Git repository (remember, Infrastructure as Code) and you want to build a new Chef Server. Try this:
$ knife server backup nodes --backup-dir /tmp/old_server
$ knife server bootstrap ec2 --ssh-user ubuntu \
--node-name chef.example.com
$ knife server restore nodes --backup-dir /tmp/old_serverNow fire up your cookbooks, roles, environments, and data bags. Good to go! Well except for old client keys on your nodes, but this is being looked into.
See below for more details.
Installation
Add this line to your application's Gemfile:
gem 'knife-server'And then execute:
$ bundleOr install it yourself as:
$ gem install knife-serverNext, you must set up a knife.rb configuration so that the shipped Knife subcommands know where to place and modify key files, backup directories, etc.
knife.rb Setup
When creating a Chef Server the validation key and admin client key will be installed on your workstation. Therefore, several knife configuration options are required (descriptions courtesy of the Chef docs site):
node_name: User or client identity (i.e., name) to use for authenticating requests to the Chef Server.client_key: Private key file to authenticate to the Chef server. Corresponds to the -k or --key optionvalidation_key: Specifies the private key file to use when bootstrapping new hosts. See knife-client(1) for more information about the validation client.
It is important to note that the knife server bootstrap subcommands will
need write access to the client_key and validation_key files as well as
write access the their directories in order to create backup files. This means
that if you do not explicitly set client_key and validation_key, the
knife server bootstrap subcommands will attempt to write to
"/etc/chef/client.pem" and "/etc/chef/validation.pem." respectively.
For example, you could add lines similar to the following in your user's
~/.chef/knife.rb or your project's .chef/knife.rb file (assuming you
have a directory "$HOME/.chef.d" created with mkdir -p $HOME/.chef.d):
node_name "gramsay"
client_key "#{ENV['HOME']}/.chef.d/gramsay.pem"
validation_key "#{ENV['HOME']}/.chef.d/chef-validator.pem"Most options can be passed to the knife subcommands explicitly but this
quickly becomes tiring, repetitive, and error-prone. A better solution is to
add some of the common configuration to your ~/.chef/knife.rb or your
projects .chef/knife.rb file like so:
knife[:aws_access_key_id] = "MY_KEY"
knife[:aws_secret_access_key] = "MY_SECRET"
knife[:region] = "us-west-2"
knife[:availability_zone] = "us-west-2a"
knife[:flavor] = "t1.micro"Better yet, why not try a more generic knife.rb file from the chef-bootstrap-repo project?
Subcommands
knife server bootstrap (Common Options)
These subcommands will install and configure an Open Source Chef Server on several different clouds/environments. The high level step taken are as follows:
- Provision or use a node and install the Chef Server software fronted by an Apache2 instance handling SSL for the API port (TCP/443) and the WebUI web application (TCP/444).
- Fetch the validation key from the server and install it onto the
workstation issuing the knife subcommand. The validation key will be
installed at the path defined in the knife
validation_keyvariable. If a key already exists at that path a backup copy will be made in the same directory. - Create an initial admin client key called
rootin the root user's account on the server which can be used for local administration of the Chef Server. - Create an admin client key with the name defined in the knife
node_nameconfiguration variable and install it onto the workstation issuing the knife subcommand. The client key will be installed at the path defined in the knifeclient_keyconfiguration variable. If a key already exists at that path a backup copy will be made in the same directory.
Note knife server bootstrap can not be invoked directly; a subcommand
must be selected which determines the provisioning strategy.
Common Configuration
--node-name NAME (-N)
The name of your new Chef Server. The hostname of the system will be set to this value and the self signed SSL certificate will use this value as its CN. Ideally this will correspond to the A or CNAME DNS record.
This option is required.
--platform PLATFORM (-P)
The platform type that will be bootstrapped. By convention a bootstrap
template of chef-server-#{platform}.erb will be searched for in the
template lookup locations (gems, .chef directory, etc.).
The default value is "debian" which support Debian and Ubuntu platforms.
--ssh-user USER (-x)
The SSH username used when bootstrapping the Chef Server node. Note that the
some Amazon Machine Images (AMIs) such as the official Canonical Ubuntu images
use non-root SSH users ("ubuntu" for Ubuntu AMIs).
The default value is "root".
--ssh-port PORT (-p)
The SSH port used when bootstrapping the Chef Server node.
The default value is "22".
--identity-file IDENTITY_FILE (-i)
The SSH identity file used for authentication.
--prerelease
Installs a pre-release Chef gem rather than a stable release version.
--bootstrap-version VERSION
The version of Chef to install.
--template-file TEMPLATE
The full path to location of template to use.
--distro DISTRO (-d)
Bootstraps the Chef Server using a particular bootstrap template.
The default is "chef-server-#{platform}".
--webui-password PASSWORD
The initial password for the WebUI admin account.
The default value is "chefchef".
--amqp-password PASSWORD
The initial password for AMQP.
The default value is "chefchef".
knife server bootstrap ec2
Provisions an EC2 instance on the Amazon Web Services (AWS) cloud and sets up an Open Source Chef Server as described above. In addition, the following steps are taken initially:
- Create and configure an EC2 Security Group called "infrastructure" for the Chef Server instance. TCP ports 22, 443, and 444 are permitted inbound for SSH, the API endpoint, and the WebUI web application respectively.
- An EC2 instance will be provisioned using configuration and/or defaults present using the knife-ec2 plugin.
Configuration
--aws-access-key-id KEY (-A)
Your AWS access key ID.
This option is required.
--aws-secret-access-key SECRET (-K)
Your AWS API secret access key.
This option is required.
--region REGION
The desired AWS region, such as "us-east-1" or "us-west-2".
The default value is "us-east-1" but is strongly encouraged to be set
explicitly.
--ssh-key KEY (-S)
The AWS SSH key id.
--flavor FLAVOR (-f)
The flavor of EC2 instance (m1.small, m1.medium, etc).
The default value is "m1.small".
--image IMAGE (-I)
The AMI for the EC2 instance.
--availability-zone ZONE (-Z)
The availability zone for the EC2 instance.
The default value is "us-east-1b".
--groups X,Y,Z (-G)
The security groups for this EC2 instance.
The default value is "infrastructure".
--tags T=V[,T=V,...] (-T)
The tags for this EC2 instance.
The resulting set will include:
"Node=#{config[:chef_node_name]}""Role=chef_server"
--ebs-size SIZE
The size of the EBS volume in GB, for EBS-backed instances.
--ebs-no-delete-on-term
Do not delete EBS volumn on instance termination.
knife server bootstrap standalone
Provisions a standalone server that is reachable on the network and sets up an Open Source Chef Server as described above. You are responsible for providing the server so it could be a physical machine, Vagrant VM with host-only or bridged networking, or a cloud server instance with a known IP address or host name.
Configuration
--host FQDN_OR_IP (-H)
Host name or IP address of the host to bootstrap.
This option is required.
--ssh-password PASSWORD (-P)
The SSH password used when bootstrapping the Chef Server node. If no password is provided but an SSH key-based authentication fails, then you will be prompted interactively for a password. In other words, if your server requires password authentication you can skip this option and type it in after the plugin starts.
knife server backup
Pulls Chef data primitives from a Chef Server as JSON for backup. Backups can be taken of:
- nodes
- roles
- environments
- data bags
A big thanks to Steven Danna and Joshua Timberman for the BackupExport knife plugin which was the inspiration for this implementation.
Configuration
COMPONENT[ COMPONENT ...]
The following component types are valid:
nodesrolesenvironmentsdata_bags(note the underscore character)
When no component types are specified, all will be selected for backup. This is equivalent to invoking:
$ knife server backup nodes roles environments data_bags--backup-dir DIR (-D)
The directory to host backup files. A sub-directory for each data primitive
type will be created. For example if the backup-dir was /backups/chef
then all all node JSON representations would be written to
/backups/chef/nodes and data bag JSON representations would be written to
/backups/chef/data_bags.
The default uses the :file_backup_path configuration option, the
:chef_server_url and the current time to construct a unique directory
(within a second). For example, if the time was "2012-04-01 08:47:11 UTC", and
given the following configuration (in knife.rb):
file_backup_path = "/var/chef/backups"
chef_server_url = "https://api.opscode.com/organizations/coolinc"then a backup directory of
/var/chef/backups/api.opscode.com_20120401T084711-0000 would be created.
knife server restore
Restores Chef data primitives from JSON backups to a Chef Server. You can restore some or all of:
- nodes
- roles
- environments
- data bags
A big thanks to Steven Danna and Joshua Timberman for the BackupRestore knife plugin which was the inspiration for this implementation.
Configuration
COMPONENT[ COMPONENT ...]
The following component types are valid:
nodesrolesenvironmentsdata_bags(note the underscore character)
When no component types are specified, all will be selected for restore. This is equivalent to invoking:
$ knife server restore nodes roles environments data_bags \
--backup-dir /my/backup/dir--backup-dir DIR (-D)
The directory to containing backup JSON files. A sub-directory for each data
primitive type is expected (the knife server backup subcommand provides
this format).
This option is required.
Roadmap
- Support for other platforms (alternative bootstrap templates)
- Support for Rackspace provisioning (use knife-rackspace gem)
- knife server backup backed by s3 (fog api)
- knife server restore from s3 archive (fog api)
Development
- Source hosted at GitHub
- Report issues/questions/feature requests on GitHub Issues
Pull requests are very welcome! Make sure your patches are well tested. Ideally create a topic branch for every separate change you make. For example:
- Fork the repo
- Create your feature branch (
git checkout -b my-new-feature) - Commit your changes (
git commit -am 'Added some feature') - Push to the branch (
git push origin my-new-feature) - Create new Pull Request
Authors
Created and maintained by Fletcher Nichol ([email protected])
License
Apache License, Version 2.0 (see LICENSE)
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent