-
Notifications
You must be signed in to change notification settings - Fork 5
Expand file tree
/
Copy pathchef.cloudscript
More file actions
290 lines (221 loc) · 9.81 KB
/
chef.cloudscript
File metadata and controls
290 lines (221 loc) · 9.81 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
# Install latest Chef Master and Agent on CS1-SSD (2x $.015/hr) all running Linux Ubuntu Server 14.04 LTS 64-bit
cloudscript chef_multi_stack
version = _LATEST
result_template = chef_result_template
globals
server_hostname = 'chef-server'
server_image_type = 'Ubuntu Server 14.04 LTS'
server_instance_type = 'CS1-SSD' # 1GB RAM, 1 vCore, 25GB SSD, 10Gbps
client_hostname = 'chef-client'
client_image_type = 'Ubuntu Server 14.04 LTS'
client_instance_type = 'CS1-SSD' # 1GB RAM, 1 vCore, 25GB SSD, 10Gbps
system = 'ubuntu'
sys_server_version = 'trusty'
sys_client_version = '13.04'
chef_version = '12.0.3-1_amd64'
server_pass = lib::random_password()
console_pass = lib::random_password()
default_slice_user = 'chef'
organization_short = 'companyname'
organization_full = 'Company Name'
admin_user = 'admin'
admin_user_full = 'Chef Administrator' #Format is two separated words
admin_mail = 'admin@companyname.com'
admin_password = lib::random_password()
thread haproxy_setup
tasks = [chef_client_server_setup]
task chef_client_server_setup
#-------------------------------
# create chef keys
#-------------------------------
# create chef server root password key
/key/password chef_server_password_key read_or_create
key_group = _SERVER
password = server_pass
# create chef server console key
/key/password chef_server_console_key read_or_create
key_group = _CONSOLE
password = console_pass
# create admin password key
/key/password admin_password_key read_or_create
key_group = _SERVER
password = server_pass
# create storage slice keys
/key/token default_slice_key read_or_create
username = default_slice_user
#-------------------------------
# create slice and container
#-------------------------------
# create slice to store script in cloudstorage
/storage/slice default_slice read_or_create
keys = [default_slice_key]
# create slice container to store script in cloudstorage
/storage/container chef_container => [default_slice] read_or_create
slice = default_slice
#-------------------------------
# create chef-server bootstrap
# script and recipe
#-------------------------------
# place script data in cloudstorage
/storage/object server_bootstrap_object => [default_slice, chef_container] read_or_create
container_name = 'chef_container'
file_name = 'bootstrap_server.sh'
slice = default_slice
content_data = server_bootstrap_data
# associate the cloudstorage object with the chef-server script
/orchestration/script server_bootstrap_script => [default_slice, chef_container, server_bootstrap_object] read_or_create
data_uri = 'cloudstorage://default_slice/chef_container/bootstrap_server.sh'
script_type = _SHELL
encoding = _STORAGE
# create the recipe and associate the script
/orchestration/recipe server_bootstrap_recipe read_or_create
scripts = [server_bootstrap_script]
#-------------------------------
# create the chef-server
#-------------------------------
/server/cloud chef_server read_or_create
hostname = '{{ server_hostname }}'
image = '{{ server_image_type }}'
service_type = '{{ server_instance_type }}'
keys = [chef_server_password_key, chef_server_console_key]
recipes = [server_bootstrap_recipe]
#-------------------------------
# create client-server bootstrap
# script and recipe
#-------------------------------
# place script data in cloudstorage
/storage/object client_bootstrap_object => [default_slice, chef_container, chef_server] read_or_create
container_name = 'chef_container'
file_name = 'bootstrap_client.sh'
slice = default_slice
content_data = client_bootstrap_data
# associate the cloudstorage object with the chef-client script
/orchestration/script client_bootstrap_script => [default_slice, chef_container, client_bootstrap_object] read_or_create
data_uri = 'cloudstorage://default_slice/chef_container/bootstrap_client.sh'
script_type = _SHELL
encoding = _STORAGE
# create the recipe and associate the script
/orchestration/recipe client_bootstrap_recipe read_or_create
scripts = [client_bootstrap_script]
#-------------------------------
# create the chef-client
#-------------------------------
/server/cloud chef_client read_or_create
hostname = '{{ client_hostname }}'
image = '{{ client_image_type }}'
service_type = '{{ client_instance_type }}'
keys = [chef_server_password_key, chef_server_console_key]
recipes = [client_bootstrap_recipe]
#-------------------------
# CHEF-SERVER
#-------------------------
text_template server_bootstrap_data
#!/bin/sh
# get latest package list
apt-get update
# Download latest version of chef-server for Ubuntu 14.04
wget https://web-dl.packagecloud.io/chef/stable/packages/{{ system }}/{{ sys_server_version }}/chef-server-core_{{ chef_version }}.deb
# Install chef-server
dpkg -i chef-server-core_{{ chef_version }}.deb
sleep 20s
export HOME="/root"
# Initial reconfiguring chef-server
chef-server-ctl reconfigure
# Install opscode-manage
chef-server-ctl install opscode-manage
opscode-manage-ctl reconfigure
# Reconfiguring chef-server with opscode-manage
chef-server-ctl reconfigure
# Create admin user and organization
chef-server-ctl user-create {{ admin_user }} {{ admin_user_full }} {{ admin_mail }} {{ admin_password_key.password }} --filename /etc/chef/{{ admin_user }}.pem
chef-server-ctl org-create {{ organization_short }} {{ organization_full }} --association_user {{ admin_user }} --filename /etc/chef/{{ organization_short }}-validator.pem
#Download and install chef admin tool - knife
wget https://opscode-omnibus-packages.s3.amazonaws.com/{{ system }}/{{ sys_client_version }}/x86_64/chef_{{ chef_version }}.deb
dpkg -i chef_{{ chef_version }}.deb
#Create knife config
cat <<\EOF> /etc/chef/knife.rb
log_level :info
log_location STDOUT
node_name 'admin'
client_key '/etc/chef/admin.pem'
validation_client_name '{{ organization_short }}-validator'
validation_key '/etc/chef/{{ organization_short }}-validator.pem'
chef_server_url 'https://{{ server_hostname }}/organizations/{{ organization_short }}'
syntax_check_cache_path '/etc/chef/syntax_check_cache'
cookbook_path [ '/etc/chef/cookbooks' ]
EOF
# Copy SSL cert from server
mkdir /etc/chef/trusted_certs
cp /var/opt/opscode/nginx/ca/{{ server_hostname }}.crt /etc/chef/trusted_certs/
_eof
#-------------------------
# CHEF-CLIENT
#-------------------------
text_template client_bootstrap_data
#!/bin/sh
# get latest package list
apt-get update
# Install expect
apt-get install expect -y
# Add chef-server to hosts
echo "{{ chef_server.ipaddress_public }} {{ server_hostname }}" >> /etc/hosts
# Download & install chef-client
wget https://opscode-omnibus-packages.s3.amazonaws.com/{{ system }}/{{ sys_client_version }}/x86_64/chef_{{ chef_version }}.deb
dpkg -i chef_{{ chef_version }}.deb
# Remove interactive permit to adding to known hosts
sed -r "s/# StrictHostKeyChecking ask/StrictHostKeyChecking no/g" /etc/ssh/ssh_config > /etc/ssh/ssh_conf
mv /etc/ssh/ssh_conf /etc/ssh/ssh_config
# Copy validator key from server
mkdir /etc/chef
# Create 'expect' script for coping validation key
cat <<\EOS>/tmp/copy.exp
#!/usr/bin/expect -f
spawn scp root@{{ chef_server.ipaddress_public }}:/etc/chef/{{ organization_short }}-validator.pem /etc/chef/
expect "password:" {send "{{ chef_server_password_key.password }}\n" }
expect "$ $"
EOS
chmod +x /tmp/copy.exp
#Now run script
/tmp/copy.exp
# Create client config
cat <<\EOF>/etc/chef/client.rb
log_level :info
log_location STDOUT
chef_server_url 'https://{{ server_hostname }}/organizations/{{ organization_short }}'
validation_key "/etc/chef/{{ organization_short }}-validator.pem"
validation_client_name '{{ organization_short }}-validator'
EOF
# Copy SSL cert from server
mkdir /etc/chef/trusted_certs
# Create 'expect' script for coping SSL key
cat <<\EOS>/tmp/copy_ssl.exp
#!/usr/bin/expect -f
spawn scp root@{{ chef_server.ipaddress_public }}:/var/opt/opscode/nginx/ca/{{ server_hostname }}.crt /etc/chef/trusted_certs/
expect "password:" {send "{{ chef_server_password_key.password }}\n" }
expect "$ $"
EOS
chmod +x /tmp/copy_ssl.exp
# Run it
/tmp/copy_ssl.exp
# Run chef-client
/usr/bin/chef-client
_eof
#------------------------
# RESULT TEMPLATE
#------------------------
text_template chef_result_template
Your chef-server is located at:
{{ chef_server.ipaddress_public }}
You may SSH to your server and login with the following credentials:
username: root
password: {{ chef_server_password_key.password }}
Also you can login to chef-server webui:
https://{{ chef_server.ipaddress_public }}/
username: {{ admin_user }}
password: {{ admin_password_key.password }}
Your chef-client is located at:
{{ chef_client.ipaddress_public }}
You may SSH to your server and login with the following credentials:
username: root
password: {{ chef_server_password_key.password }}
_eof