Chef – berkshelf lesson for dummies like me Ermahgerd!

I feel like some of the explanations on berkshelf on the internet are confusing.
So i felt like doing a small write up myself

berkshelf is pretty much a replacement for the “knife cookbook” command.
The big win with berkshelf is that it also resolves dependencies of a cookbook like apt or yum.
It reads a file called “Berksfile” for other cookbooks the current cookbook needs and what repositories to fetch them from and pulls them to your local system.

I will use the logstash cookbook at as an example
If you read the Berksfile at
it will show you what other cookbooks the logstash cookbook needs

So in order to get going

gem install berkshelf
git clone
cd logstash
berks install
berks upload

That installed berkshelf, cloned the logstash cookbook, resolved dependencies for the logstash cookbook and uploaded logstash cookbook and its dependencies to your chef-server

Additionally berkshelf installs its configuration file at : ~/.berkshelf/config.json
You may need to edit some stuff there to match your ~/.chef/knife.rb file


Chef – Nagios Server quickstart

Clone the opscode cookbook

$ git clone

Create some berkshelf dependency stuff to make your life easier
( I’m going to assume you have berkshelf installed, if not

gem install berkself

and read this )

$ cd nagios
$ cat>Berksfile<<EOF
cookbook 'bluepill'
cookbook 'perl'
cookbook 'rsyslog'
cookbook 'nginx'
cookbook 'nginx_simplecgi'

group :test do
#  cookbook 'minitest-handler', git: "git://"


Pull in your dependencies using Berkshelf and upload it to your chef-server

$ berks install
$ berks upload

Create your data bag for your nagios admin user

$ knife data bag create users
$ openssl passwd -1 -salt '78hJASHDGuywelhfsdkiukshdkfusdhgfu' 'nagiosadmin'
$ cat>nagiosadmin.json<<EOF
  "id": "nagiosadmin",
  "groups": "sysadmin",
  "htpasswd": "$1$78hJASHD$KlWqNTM0UXf/iM6imQ.9F1",
  "nagios": {
    "pager": "",
    "email": ""

Upload your nagiosadmin user to data bag on your chef-server

$ knife data bag from file users nagiosadmin.json

Create a chef role for “monitoring”

$ cat>monitoring.rb<<EOF
name "monitoring"
run_list %w[

  :nagios => {
    :server => {
      ### START Install Verison and Method
      :install_method => "package",
      ### END Install Version and Method
      :service_name => "nagios3",
      :home => "/usr/lib/nagios3",
      :conf_dir => "/etc/nagios3",
      :config_dir => "/etc/nagios3/conf.d",
      :cache_dir => "/var/cache/nagios3",
      :state_dir => "/var/lib/nagios3",
      :run_dir => "/var/run/nagios3",
      :docroot => "/usr/share/nagios3/htdocs",
      :server_name => "nagios",
      :web_server => "apache"
    :client => {
      :install_method => "package"
    :server_auth_method => "htauth",
    :url => ""

Upload the “monitoring” role to chef-server and then apply the role and run chef-client

$ knife role from file monitoring.rb

$ knife node run_list add -r "role[monitoring]"
$ knife ssh -a ipaddress "chef-client"

Edit your local system’s host file to point the domain to the ip of your server if you don’t have DNS

login at
username/password = nagiosadmin

Add the nrpe configurations on your clients

Create the application cookbook for your custom nrpe service checks

$ knife cookbook create mydomain_nrpe
$ cd mydomain_nrpe/recipes
$ cat>default.rb<<EOF
# Cookbook Name:: monitoring
# Recipe:: base_monitoring
# Copyright 2013, Example Company, Inc.
# This recipe defines the necessary NRPE commands for base system monitoring
# in Example Company Inc's Chef environment.

include_recipe 'nagios::client'

# Check for high load.  This check defines warning levels and attributes
nagios_nrpecheck "check_load" do
  command "#{node['nagios']['plugin_dir']}/check_load"
  warning_condition "6"
  critical_condition "10"
  action :add

# Check all non-NFS/tmp-fs disks.
nagios_nrpecheck "check_all_disks" do
  command "#{node['nagios']['plugin_dir']}/check_disk"
  warning_condition "8%"
  critical_condition "5%"
  parameters "-A -x /dev/shm -X nfs -i /boot"
  action :add

# Check for excessive users.  This command relies on the service definition to
# define what the warning/critical levels and attributes are
nagios_nrpecheck "check_users" do
  command "#{node['nagios']['plugin_dir']}/check_users"
  action :add

Upload the cookbook

$ knife cookbook upload mydomain_nrpe

Add the recipe to the run list of a node you want the nrpe services installed to or just assign it to a role

$ knife node run_list add james.mydomain "recipe[mydomain_nrpe]"
$ knife ssh -a ipaddress -x root name:james.mydomain "chef-client"

Add services to your nagios server using data bag entires in “nagios_services” data bag

$ knife data bag create nagios_services
$ mkdir nagios_services
$ cd nagios_services
$ cat>ssh.json<<EOF
  "id": "ssh",
  "hostgroup_name": "linux",
  "command_line": "$USER1$/check_ssh $HOSTADDRESS$"
$ cat>pingme.json<EOF
"id": "pingme",
 "hostgroup_name": "linux",
 "use_existing_command": "check-host-alive"
$ wget
$ wget
$ wget

Ingest all the nagios json service files to chef-server and run chef-client on the nagios server

$ ls |while read i ; do knife data bag from file nagios_services $i ; done
$ knife ssh -a ipaddress -x root "chef-client"

Install a system that’s not managed by chef

$ knife data bag create nagios_unmanagedhosts
$ cat >my host.json<EOF
  "address": "",
  "hostgroups": ["linux"],
  "id": "myhost",
  "notifications": 0
$ knife data bag from file nagios_unmanagedhosts host.json
$ knife ssh -x root -a ipaddress "chef-client"