Thanks for coming back for part 2 of my Chef Guide with Digital Ocean. In this part I will take you through setting up Chef with the Digital Ocean Gem and Bootstrapping your First VM. As a little bonus I will show you how to create a very simple cookbook to manage SSH Keys on your bootstrapped VM. If you have not already Done so remember to check out Part 1
The Digital Ocean Plugin
Setting Up the Plugin!
So now we have our chef server we should maybe put it to the test and bootstrap a new VM. To do this you will need to get the Digital Ocean plugin for knife.
[you@desktop ~] # chef exec gem install kife-digital_ocean
This will install the Digital Ocean Gem. Once you have done that you will need to generate an API Access Token from your Digital Ocean API section. Just click Generate Token and Copy it to your clipboard. Navigate to your chef-repo/.chef folder and edit the knife.rb file we created in part 1. You will need to add your API Token to this file.
knife[:digital_ocean_access_token] = 'Digital_Ocean_Access_Token_Hash'
Make sure you replace the red text with your access token. Note all commands regarding Knife must be run from your chef-repo! Once you have completed this step you can test it my listing your Digital Ocean Droplets [Virtual Machine].
[affix@desktop chef-repo] # knife digital_ocean droplet lists ID Name Size Region IPv4 Image Status 1111111 avm.affix.me 2gb Amsterdam 3 127.0.0.1 6.5 x64 active
If you followed along from part 1 you should have at least 1 Droplet since this is your chef server!
Your First Cookbook!
So if we are going to bootstrap our VM we should have something to bootstrap it with. This will be added to our run list. we can use knife to create our new cookbook. We do this by using cookbook create with knife.
[affix@desktop chef-repo] # knife cookbook create tutorial-ssh ** Creating cookbook tutorial-ssh in /Users/affix/chef-repo/cookbooks ** Creating README for cookbook: tutorial-ssh ** Creating CHANGELOG for cookbook: tutorial-ssh ** Creating metadata for cookbook: tutorial-ssh [affix@desktop chef-repo] # cd cookbooks/tutorial-ssh
This has created some directories we do not need, so we can go ahead and delete those.
[affix@desktop tutorial-ssh] # rm -rfdefinitions libraries providers resources templates attributes
awesome now we can create our authorized_keys file. We create this in the files folder and it should be just as it appears on the server. If you don’t know how this should look please look it up as this is beyond the scope of this guide. I also recommend you add a comment explaining the file is chef managed so you can see changes. So on to the recipe. Inside the recipes folder we have a file called default.rb this is where a little bit of Ruby or Scripting knowledge comes in handy. This is a really simple recipe.
# # Cookbook Name:: tutorial-ssh # Recipe:: default # # Copyright 2015, Affix # # All rights reserved - Do Not Redistribute # directory "/root/.ssh" do # This defines a Directory for Chef mode "0700" # the .ssh Directory must be 0700 to prevent unauthorized access action :create # this line is totally optional, If you don't specify chefs default action is create end cookbook_file "/root/.ssh/authorized_keys" do # Defines a file source "authorized_keys" # source is from the files directory and is called authorized_keys mode "0755" # File mode 0755 end
So now we need to edit the metadata file. This just tells us a little information about the cookbook.
name 'tutorial-ssh' maintainer 'Affix' maintainer_email 'firstname.lastname@example.org' license 'All rights reserved' description 'Installs/Configures tutorial-ssh' long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) version '0.1.0'
Now we just need to upload the cookbook to chef. We can do this 2 ways. By uploading all
[affix@desktop chef-repo] # knife cookbook upload -a
uploading all every time can get a little slow so we can upload a single recipe too.
[affix@desktop chef-repo] # knife cookbook upload tutorial-ssh Uploading tutorial-ssh [0.1.0] Uploaded 1 cookbook.
Awesome we can now bootstrap our new VM!
Creating and Bootstrapping a new Droplet
before going any further make sure to add an SSH public key to chef as this is required for the rest of this tutorial. Verify your SSH Key is there by running
[affix@desktop chef-repo] # knife digital_ocean sshkey list ID Name Fingerprint 123456 Tutorial df:17:19:f4:8d:b0:db:3d:e1:65:03:7d:f6:80:c5:59
If your SSH Key is there you can now proceed! So we need to find out a little about digital ocean before we can create our droplet. We should have our ssh key ID but we also need a Location ID, Image ID and Size ID. We can get this all from the Digital Ocean Knife Command. I will only be showing the lines of output I will be using.
[affix@desktop chef-repo] # knife digital_ocean region list Region Slug London 1 lon1 [affix@desktop chef-repo] # knife digital_ocean size list Slug 512mb [affix@desktop chef-repo] # knife digital_ocean image list -P 10322623 CentOS 7 x64 centos-7-0-x64
Thats everything we need. I have highlighted the exact values we need in bold. So lets create and bootstrap our droplet!
[affix@desktop chef-repo] # knife digital_ocean droplet create --server-name tutorial --image 10322623 --location lon1 --size 512mb --ssh-keys 123456 --bootstrap --run-list "recipe[tutorial-ssh]" Droplet creation for tutorial started. Droplet-ID is 1234567 Waiting for IPv4-Addressdone IPv4 address is: 127.0.0.2 Waiting for sshd:.done Connecting to 127.0.0.2 126.96.36.199 Installing Chef Client... ... Install Stuff ... 127.0.0.2 Recipe: tutorial-ssh::default 127.0.0.2 * directory[/root/.ssh] action create (up to date) 127.0.0.2 * cookbook_file[/root/.ssh/authorized_keys] action create 127.0.0.2 - update content in file /root/.ssh/authorized_keys from d558e1 to e183d3 ... Verbose Creation ... 127.0.0.2 Running handlers: 127.0.0.2 Running handlers complete 127.0.0.2 Chef Client finished, 1/2 resources updated in 2.704613696 seconds
Congratulations! You have now learned how to build your own Chef Server, Setup Your Workstation, Setup Digital Ocean Integration, Create a Simple Cookbook and Finally Bootstrap your new node! Now we are finished you can go ahead and destroy your droplet. Unless you desire to use it and you are more than welcome to do so.
[affix@desktop chef-repo] # knife digital_ocean droplet destroy 1234567
And we are finished! To Learn More about Chef Check Out The Documentation : https://learn.chef.io Remember you can get $10 Digital Ocean Credit using my Link : https://www.digitalocean.com/?refcode=368a394500c1