Overview of Effortless Config in Chef

Introduction

Hey Ninja!! 🥷The Effortless Pattern is a technique to manage Chef InSpec and Chef Infra in a better way using the Chef Habitat. It also helps to visualise our fleet using Chef Automate. The Effortless exploits the powers of Chef Habitat to manage the Chef Infra and Chef InSpec dependencies. The primary purpose of Effortless is to reduce the knowledge and code required to deploy products using Chef successfully.

In this blog, we will cover Effortless Config in Chef. We will also go through Repo and Policyfile Cookbook patterns in detail. All the discussions regarding patterns will be complemented with helpful code snippets. Let's begin with the conversation.

Effortless Config

It is the pattern to manage our Chef Infra workloads. Sometimes it becomes difficult to manage the insane amount of complexity and workloads that our Chef Infra is handling. In such times effortless config comes in handy. It uses habitat and policyfiles to build artefacts that contain dependencies and cookbooks alongside the scripts needed to run them on our system.

Effortless Environment Setup

The environment setup is easy and can be done in a few steps. Let's go through them:

✅ Step 1: Install the Chef Workstation.

✅ Step 2: Install the Chef Habitat.

✅ Step 3: Run the hab setup to configure Chef Habitat on the system.

Chef Repo Cookbook Pattern

It is a clear pattern to store and organise stuff needed for our Chef Infra. It uses chef-repo and contains cookbooks (recipes, attributes, libraries and templates), policyfiles and data bags.

Let's go through the steps required to use this pattern.

✅ Step 1: Move to the chef-repo directory.

cd chef-repo

✅ Step 2: Create a habitat folder using the following command.

mkdir habitat

✅ Step 3: Create a plan file.

touch plan.sh

✅ Step 4: Add the following cookbook information to the plan file.

pkg_name=<ninja_policyfile>
pkg_origin=<ninja_origin>
pkg_version="0.1.0"
pkg_maintainer=" Manish, manish@gmail.com"
pkg_license=("Apache-2.0")
pkg_scaffolding="chef/scaffolding-chef-infra"
pkg_svc_user=("root")
scaffold_policy_name="<ninja_policyfile>"

✅ Step 5: Create a policyfiles directory in the chef-repo.

mkdir policyfiles

✅ Step 6: Execute the following command to generate the policyfile.

chef generate policyfile policyfiles/ninja_policyfile

Example of policyfile.rb:

name "base"

default_source: supermarket
default_source:chef_repo, "../"

# below is the running list
run_list [
"patching::default",
"hardening::default"
]

# attributes to be set from the cookbook
default['hardening'] = {}

default['patching'] = {}

Let's go through the steps required to build the package, bootstrap file and run the policyfile.

✅ Step 1: Run the following command to build the package.

hab pkg build

✅ Step 2: Create a kitchen.yml file with the following content and add it to your profile.

---
driver:
  name: vagrant
  synced_folders:
    - ["./results", "/tmp/results"]

provisioner:
  name: shell

verifier:
  name: inspec

platforms:
  - name: centos-7.6

suites:
  - name: base
    provisioner:
      arguments: ["<cn_origin>", "<ninja_package>"]
    verifier:
      inspec_tests:
        test/integration/base

✅ Step 3: Create a bootstrap.sh script with the following content.

#!/bin/bash
export HAB_LICENSE="accept-no-persist"
export CHEF_LICENSE="accept-no-persist"

if [ ! -e "/bin/hab" ]; then
curl https://raw.githubusercontent.com/habitat-sh/habitat/main/components/hab/install.sh | sudo bash
fi

if grep "^hab:" /etc/passwd > /dev/null; then
echo "Hab ninja user exists"
else
useradd hab && true
fi

if grep "^hab:" /etc/group > /dev/null; then
echo "Hab group exists"
else
groupadd hab && true
fi

pkg_origin=$1
pkg_name=$2

echo "Starting $pkg_origin/$pkg_name"

latest_hart_file=$(ls -la /tmp/results/$pkg_origin-$pkg_name* | tail -n 1 | cut -d " " -f 9)
echo "Latest hart file is $latest_hart_file"

echo "Installing $latest_hart_file"
hab pkg install $latest_hart_file

echo "Determining pkg_prefix for $latest_hart_file"
pkg_prefix=$(find /hab/pkgs/$pkg_origin/$pkg_name -maxdepth 2 -mindepth 2 | sort | tail -n 1)

echo "Found $pkg_prefix"

echo "Running inspec for $pkg_origin/$pkg_name"
cd $pkg_prefix
hab pkg exec $pkg_origin/$pkg_name inspec exec $pkg_prefix/*.tar.gz

✅ Step 4: Test the profile execution by spinning up the centos VM locally using the following command.

Kitchen coverage base-centos

✅ Step 5: Destroy the temporary VM using the following command.

kitchen destroy

✅ Step 6: It's time to upload your profile pkg to the Habitat Builder. Use the following command to complete this step.

source results/lastbuild.env
hab pkg upload results/$pkg_artifact

✅ Step 7: Install Chef Habitat as a service on your system and run the following command.

hab svc load <cn_origin>/<ninja_profile>

Policyfile Cookbook Pattern

It is a pattern to build the Chef Habitat artifact for the Policyfile Cookbook. Let's go through the steps needed to use this pattern.

✅ Step 1: Navigate to the cookbook directory.

cd chef-repo/cookbooks/ninja_cookbook

✅ Step 2: Create a habitat folder using the following command.

mkdir habitat

✅ Step 3: Create a plan file.

touch plan.sh

✅ Step 4: Add the following cookbook information to the plan file.

pkg_name=<ninja_artifact>
pkg_origin=<ninja_origin>
pkg_version="<1.0>"
pkg_maintainer="<manish>"
pkg_license=("<License for my_cookbook example Apache-2.0>")
pkg_scaffolding="chef/scaffolding-chef-infra"
scaffold_policy_name="Policyfile"
scaffold_policyfile_path="$PLAN_CONTEXT/../" # habitat/../Policyfile.rb

✅ Step 5: Create a policyfile in the cookbook directory and add the following content.

# A name for the cookbook
name '<ninja_cookbook>'

# source of external cookbooks
default_source: supermarket

# running list
run_list '<ninja>:: default'

# custom source
cookbook '<ninja>', path: '.'

✅ Step 6: Build the package using the following command.

hab pkg build <ninja_cookbook>

✅ Step 7: Create a kitchen.yml file with the following content and add it to your profile.

---
driver:
  name: vagrant
  synced_folders:
    - ["./results", "/tmp/results"]

provisioner:
  name: shell

verifier:
  name: inspec

platforms:
  - name: centos-7.6

suites:
  - name: base
    provisioner:
      arguments: ["<cn_origin>", "<ninja_cookbook>"]
    verifier:
      inspec_tests:
        test/integration/base

✅ Step 8: Create a bootstrap.sh script with the following content.

#!/bin/bash
export HAB_LICENSE="accept-no-persist"
export CHEF_LICENSE="accept-no-persist"

if [ ! -e "/bin/hab" ]; then
curl https://raw.githubusercontent.com/habitat-sh/habitat/main/components/hab/install.sh | sudo bash
fi

if grep "^hab:" /etc/passwd > /dev/null; then
echo "Hab ninja user exists"
else
useradd hab && true
fi

if grep "^hab:" /etc/group > /dev/null; then
echo "Hab group exists"
else
groupadd hab && true
fi

pkg_origin=$1
pkg_name=$2

echo "Starting $pkg_origin/$pkg_name"

latest_hart_file=$(ls -la /tmp/results/$pkg_origin-$pkg_name* | tail -n 1 | cut -d " " -f 9)
echo "Latest hart file is $latest_hart_file"

echo "Installing $latest_hart_file"
hab pkg install $latest_hart_file

echo "Determining pkg_prefix for $latest_hart_file"
pkg_prefix=$(find /hab/pkgs/$pkg_origin/$pkg_name -maxdepth 2 -mindepth 2 | sort | tail -n 1)

echo "Found $pkg_prefix"

echo "Running inspec for $pkg_origin/$pkg_name"
cd $pkg_prefix
hab pkg exec $pkg_origin/$pkg_name chef-client -z -c $pkg_prefix/config/bootstrap-config.rb

✅ Step 9: Test the profile execution by spinning up the centos VM locally using the following command.

Kitchen coverage base-centos

✅ Step 10: Destroy the temporary VM using the following command.

kitchen destroy

✅ Step 12: It's time to upload your profile pkg to the Habitat Builder. Use the following command to complete this step.

source results/lastbuild.env
hab pkg upload results/$pkg_artifact

✅ Step 13: Install Chef Habitat as a service on your system and run the following command. It will run the cookbook on the system:

hab svc load ninja_origin/ninja_cookbook

Frequently Asked Questions

What are the Effortless Patterns?

The Effortless patterns maximise code reusability and make it easy to manage our infrastructure. It also helps to visualise our fleet.

What is Kitchen converge in Chef?

A converge will keep the machine running, and Kitchen will automatically upload modifications after each converge so that configuration code iterations can happen quickly.

What is chef infra?

Chef Infra is a robust automation platform that turns infrastructure into code. Chef Infra automates infrastructure configuration, deployment, and management across the network, regardless of its scale, whether we are operating in the cloud, on-premises, or in a hybrid environment.

Conclusion

We extensively discussed the effortless Config in Chef. We learned about Chef Repo Cookbook Pattern and Policyfile Cookbook Pattern. This knowledge will help us build our effortless patterns and make managing our infra a breeze.

If you want to learn more, check out the excellent content on the Coding Ninjas Website:

Chef Berkshelf, Chef infra server - users, Chef Executable- CLI Tool

Refer to our guided paths on the Coding Ninjas Studio platform to learn more about DSA, DBMS, Competitive Programming, Python, Java, chef infra server - users JavaScript, etc.

Refer to the links problems, top 100 SQL problems, resources, and mock tests to enhance your knowledge.

For placement preparations, visit interview experiences and interview bundles.

Do upvote our blog to help other ninjas grow.

Happy Coding!