Chef – berkshelf lesson for dummies like me Ermahgerd!

I feel like some of the explanations on berkshelf on the internet are confusing.
So i felt like doing a small write up myself

berkshelf is pretty much a replacement for the “knife cookbook” command.
The big win with berkshelf is that it also resolves dependencies of a cookbook like apt or yum.
It reads a file called “Berksfile” for other cookbooks the current cookbook needs and what repositories to fetch them from and pulls them to your local system.

I will use the logstash cookbook at https://github.com/lusis/chef-logstash as an example
If you read the Berksfile at https://github.com/lusis/chef-logstash/blob/master/Berksfile
it will show you what other cookbooks the logstash cookbook needs

So in order to get going

gem install berkshelf
git clone git@github.com:lusis/chef-logstash.git
cd logstash
berks install
berks upload

That installed berkshelf, cloned the logstash cookbook, resolved dependencies for the logstash cookbook and uploaded logstash cookbook and its dependencies to your chef-server

Additionally berkshelf installs its configuration file at : ~/.berkshelf/config.json
You may need to edit some stuff there to match your ~/.chef/knife.rb file

Advertisements

Chef – Nagios Server quickstart

Clone the opscode cookbook

$ git clone git@github.com:opscode-cookbooks/nagios.git

Create some berkshelf dependency stuff to make your life easier
( I’m going to assume you have berkshelf installed, if not

gem install berkself

and read this http://berkshelf.com/ )

$ cd nagios
$ cat>Berksfile<<EOF
metadata
cookbook 'bluepill'
cookbook 'perl'
cookbook 'rsyslog'
cookbook 'nginx'
cookbook 'nginx_simplecgi'

group :test do
#  cookbook 'minitest-handler', git: "git://github.com/btm/minitest-handler-cookbook.git"
end

EOF

Pull in your dependencies using Berkshelf and upload it to your chef-server

$ berks install
$ berks upload

Create your data bag for your nagios admin user

$ knife data bag create users
$ openssl passwd -1 -salt '78hJASHDGuywelhfsdkiukshdkfusdhgfu' 'nagiosadmin'
"$1$78hJASHD$KlWqNTM0UXf/iM6imQ.9F1"
$ cat>nagiosadmin.json<<EOF
{
  "id": "nagiosadmin",
  "groups": "sysadmin",
  "htpasswd": "$1$78hJASHD$KlWqNTM0UXf/iM6imQ.9F1",
  "nagios": {
    "pager": "nagiosadmin_pager@example.com",
    "email": "nagiosadmin@example.com"
  }
}
EOF

Upload your nagiosadmin user to data bag on your chef-server

$ knife data bag from file users nagiosadmin.json

Create a chef role for “monitoring”

$ cat>monitoring.rb<<EOF
name "monitoring"
run_list %w[
  recipe[nagios::server]
]

default_attributes({
  :nagios => {
    :server => {
      ### START Install Verison and Method
      :install_method => "package",
      ### END Install Version and Method
      :service_name => "nagios3",
      :home => "/usr/lib/nagios3",
      :conf_dir => "/etc/nagios3",
      :config_dir => "/etc/nagios3/conf.d",
      :cache_dir => "/var/cache/nagios3",
      :state_dir => "/var/lib/nagios3",
      :run_dir => "/var/run/nagios3",
      :docroot => "/usr/share/nagios3/htdocs",
      :server_name => "nagios",
      :web_server => "apache"
    },
    :client => {
      :install_method => "package"
    },
    :server_auth_method => "htauth",
    :url => "nagios.mydomain.com"
  }
})
EOF

Upload the “monitoring” role to chef-server and then apply the role and run chef-client

$ knife role from file monitoring.rb

$ knife node run_list add nagios.mydomain.com -r "role[monitoring]"
$ knife ssh -a ipaddress name:nagios.mydomain.com "chef-client"

Edit your local system’s host file to point the domain to the ip of your server if you don’t have DNS

10.0.1.1   nagios.mydomain.com

login at
http://nagios.mydomain.com/nagios3
username/password = nagiosadmin

Add the nrpe configurations on your clients

Create the application cookbook for your custom nrpe service checks

$ knife cookbook create mydomain_nrpe
$ cd mydomain_nrpe/recipes
$ cat>default.rb<<EOF
#
# Cookbook Name:: monitoring
# Recipe:: base_monitoring
#
# Copyright 2013, Example Company, Inc.
#
# This recipe defines the necessary NRPE commands for base system monitoring
# in Example Company Inc's Chef environment.

include_recipe 'nagios::client'

# Check for high load.  This check defines warning levels and attributes
nagios_nrpecheck "check_load" do
  command "#{node['nagios']['plugin_dir']}/check_load"
  warning_condition "6"
  critical_condition "10"
  action :add
end

# Check all non-NFS/tmp-fs disks.
nagios_nrpecheck "check_all_disks" do
  command "#{node['nagios']['plugin_dir']}/check_disk"
  warning_condition "8%"
  critical_condition "5%"
  parameters "-A -x /dev/shm -X nfs -i /boot"
  action :add
end

# Check for excessive users.  This command relies on the service definition to
# define what the warning/critical levels and attributes are
nagios_nrpecheck "check_users" do
  command "#{node['nagios']['plugin_dir']}/check_users"
  action :add
end
EOF

Upload the cookbook

$ knife cookbook upload mydomain_nrpe

Add the recipe to the run list of a node you want the nrpe services installed to or just assign it to a role

$ knife node run_list add james.mydomain "recipe[mydomain_nrpe]"
$ knife ssh -a ipaddress -x root name:james.mydomain "chef-client"

Add services to your nagios server using data bag entires in “nagios_services” data bag

$ knife data bag create nagios_services
$ mkdir nagios_services
$ cd nagios_services
$ cat>ssh.json<<EOF
{
  "id": "ssh",
  "hostgroup_name": "linux",
  "command_line": "$USER1$/check_ssh $HOSTADDRESS$"
}
EOF
$ cat>pingme.json<EOF
{
"id": "pingme",
 "hostgroup_name": "linux",
 "use_existing_command": "check-host-alive"
}
EOF
$ wget https://raw.github.com/opscode-cookbooks/nagios/master/examples/nagios_services/users.json
$ wget https://raw.github.com/opscode-cookbooks/nagios/master/examples/nagios_services/load.json
$ wget https://raw.github.com/opscode-cookbooks/nagios/master/examples/nagios_services/all_disks.json

Ingest all the nagios json service files to chef-server and run chef-client on the nagios server

$ ls |while read i ; do knife data bag from file nagios_services $i ; done
$ knife ssh -a ipaddress -x root name:nagios.mydomain.com "chef-client"

Install a system that’s not managed by chef

$ knife data bag create nagios_unmanagedhosts
$ cat >my host.json<EOF
{
  "address": "myhost.mydomain.com",
  "hostgroups": ["linux"],
  "id": "myhost",
  "notifications": 0
}
EOF
$ knife data bag from file nagios_unmanagedhosts host.json
$ knife ssh -x root -a ipaddress name:nagios.mydomain.com "chef-client"