Overview of Effortless Audit in Chef

Effortless Environment Setup

The environment setup is easy and can be done in a few steps. Let's go through them:

✅ Step 1: Install the Chef Workstation.

✅ Step 2: Install the Chef Habitat.

✅ Step 3: Run the hab setup to configure Chef Habitat on the system.

Wrapper Profile Pattern

The wrapper profile pattern depends on the other profile. It is part of Chef InSpec and fetches profiles from primary sources such as Chef Automate Profile Store. We will understand the implementation of the pattern through an example given below. 

Example:

✅ Step 1: Navigate to the profile directory.

cd ninja_profile

✅ Step 2: Create a habitat directory.

mkdir habitat

✅ Step 3: Create a plan file. In windows, it is 'plan.psl', and in Linux, it is 'plan.sh'.

touch plan.sh

✅ Step 4: Add some information to the blank plan file.

pkg_name=<ninja_profile>
pkg_origin=<cn_origin>
pkg_version=<1.0>
pkg_maintainer="Manish, myemail@gmail.com"
pkg_license=("Apache-2.0")
pkg_scaffolding="chef/scaffolding-chef-inspec"

✅ Step 5: Run the following command to build the package.

hab pkg build

✅ Step 6: Create a kitchen.yml file with the following content and add it to your profile.

---
driver:
  name: vagrant
  synced_folders:
    - ["./results", "/tmp/results"]

provisioner:
  name: shell

verifier:
  name: inspec

platforms:
  - name: centos-7.6

suites:
  - name: base
    provisioner:
      arguments: ["<cn_origin>", "<ninja_package>"]
    verifier:
      inspec_tests:
        test/integration/base

✅ Step 7: Create a bootstrap.sh script with the following content.

#!/bin/bash
export HAB_LICENSE="accept-no-persist"
export CHEF_LICENSE="accept-no-persist"


if [ ! -e "/bin/hab" ]; then
curl https://raw.githubusercontent.com/habitat-sh/habitat/main/components/hab/install.sh | sudo bash
fi


if grep "^hab:" /etc/passwd > /dev/null; then
echo "Hab ninja user exists"
else
useradd hab && true
fi

if grep "^hab:" /etc/group > /dev/null; then
echo "Hab group exists"
else
groupadd hab && true
fi

pkg_origin=$1
pkg_name=$2

echo "Starting $pkg_origin/$pkg_name"

latest_hart_file=$(ls -la /tmp/results/$pkg_origin-$pkg_name* | tail -n 1 | cut -d " " -f 9)
echo "Latest hart file is $latest_hart_file"

echo "Installing $latest_hart_file"
hab pkg install $latest_hart_file

echo "Determining pkg_prefix for $latest_hart_file"
pkg_prefix=$(find /hab/pkgs/$pkg_origin/$pkg_name -maxdepth 2 -mindepth 2 | sort | tail -n 1)

echo "Found $pkg_prefix"

echo "Running inspec for $pkg_origin/$pkg_name"
cd $pkg_prefix
hab pkg exec $pkg_origin/$pkg_name inspec exec $pkg_prefix/*.tar.gz

✅ Step 8: Test the profile execution by spinning up the centos VM locally using the following command.

Kitchen coverage base-centos

✅ Step 9: Destroy the temporary VM using the following command.

kitchen destroy

✅ Step 10:  It's time to upload your profile pkg to the Habitat Builder. Use the following command to complete this step.

source results/lastbuild.env
hab pkg upload results/$pkg_artifact

✅ Step 11: Install Chef Habitat as a service on your system and run the following command.

hab svc load <cn_origin>/<ninja_profile>

Waivers Feature

As the name suggests, it is a feature that allows us to skip or waive certain things. This feature was introduced with the release of scaffolding-chef-inspec. We can specify a Control ID to identify features to skip in our Chef Habitat Config. Let's look at the steps to implement this feature:
 

✅ Step 1: Create an effortless audit profile and run it on our system.
 

✅ Step 2: Create a my_config.toml file with the following content.

[waivers]
[waivers.control_id]
run = false
expiration_date: 2023-10-12
justification = This control makes my app lag. That's why I don't want it.

✅ Step 3: Make changes to the habitat config file.

hab config apply <my_profile_service>.<my_profile_service_group> $(date +'%s') <my_config.toml>

✅ Step 4: Habitat is smart enough to automatically identify changes, re-start the system, and skip the stuff mentioned in the waiver file.

Frequently Asked Questions

What is the advantage of using Effortless?

The Effortless patterns maximise code reusability and make it easy to manage our infrastructure. It also helps to visualise our fleet.

What is the use of chef infra?

Chef Infra is a robust automation platform that turns infrastructure into code. Chef Infra automates infrastructure configuration, deployment, and management across the network, regardless of its scale, whether we are operating in the cloud, on-premises, or in a hybrid environment.

What is a chef habitat builder?

Developers can deploy their apps to any environment with Chef's Habitat Builder.

What is chef Infra?

A powerful agent that applies your configurations to distant Linux, macOS, Windows, and cloud-based systems is the Chef Infra Client.

Conclusion

We extensively discussed the effortless Audit in Chef. We learned in detail about habitat, wrapper pattern, waiver, and sample codes. This knowledge will help us build our effortless patterns and make managing our infra a breeze.

If you want to learn more, check out the excellent content on the Coding Ninjas Website:

• Chef Berkshelf
• Chef infra server - users
• Chef Executable- CLI Tool

Refer to our guided paths on the Coding Ninjas Studio platform to learn more about DSA, DBMS, Competitive Programming, Python, Java, chef infra server - users JavaScript, etc.

Refer to the links problems, top 100 SQL problems, resources, and mock tests to enhance your knowledge.

For placement preparations, visit interview experiences and interview bundles.

Do upvote our blog to help other ninjas grow. 

Happy Coding!