SlideShare una empresa de Scribd logo

Chef training - Day3

Descargar como ODP, PDF
Andriy Samilyak
Andriy Samilyak

Presentation for Day3 training held by SmartMe http://www.smartme.com.ua/courses/nachala-devops-konfiguriruem-server-s-pomoshchyu-opscode-chef

TecnologíaDesarrollo personal
1 de 25
Начала DevOps: Opscode Chef Day 3 Andriy Samilyak samilyak@gmail.com skype: samilyaka
Goals ● New resources: file, cookbook_file ● Berkshelf ● DataBags ● Deployment with Chef ● Environments
Password protection We need to close our site by login/password in order to keep it private admin/password
Password protection HTTP Basic Authentication <Directory <%= node['apache']['docroot_dir'] %>/> Options Indexes FollowSymLinks MultiViews AllowOverride None AuthType Basic AuthName "Restricted Files" AuthBasicProvider file AuthUserFile <%= node['apache']['dir'] %>/htpasswd Require valid-user </Directory> Copy/paste from http://goo.gl/6sEYT5
htpasswd We need this contents to be in node['apache']['dir']/htpasswd admin:$apr1$ejZO6aAi$9zUZFyNxkX7pHOfqnjs8/0 Copy/paste from http://goo.gl/6sEYT5
Google it! 'chef resource file'
Putting file to server #1 ../cookbooks/webserver/recipes/default.rb file "#{node['apache']['dir']}/htpasswd" do owner 'root' group node['apache']['root_group'] mode '0644' backup false content "admin: $apr1$ejZO6aAi$9zUZFyNxkX7pHOfqnjs8/0" end
Putting file to server #2 ● 'content' attribute is not really scalable – what if we need 2Kb of text inside? ● Lets first comment out with # content attribute ● create file ../cookbooks/webserver/files/default/htpasswd ● and put root (not admin!) and password hash to it ● Change resource from 'file' to 'cookbook_file'
Putting file to server #2 ../cookbooks/webserver/recipes/default.rb cookbook_file "#{node['apache']['dir']}/htpasswd" do owner 'root' group node['apache']['root_group'] mode '0644' backup false end
Welcome Berks-way! gem install berkshelf Test it with “berks -v” -------------------------------------------------------------On Windows you'll need to add to chefrepo/.berkshelf/config.json: "ssl": { "verify": false }
Move out community cookbooks ● Add a line to Berksfile: cookbook “cookbook” path: cookbooks/webserver ● berks install ← download cookbook to local folder ● berks upload ← upload cookbooks to Chef Server ● remove 'apache2' folder from chef_repo Where is cookbook now anyway?
Well done! Lets put it to git git commit -a -m “Initial commit” git push origin master
Berks locations ● site: cookbook "artifact", site: "http://cookbooks.opscode.com/api/v1/cookbooks" cookbook "artifact", site: :opscode ● git: cookbook "mysql", git: "https://github.com/opscodecookbooks/mysql.git", branch: "foodcritic"
Lets do it better now! https://github.com/Youscribe/htpasswdcookbook Goal: specify user/pass with cookbook attributes Copy/paste from http://goo.gl/6sEYT5
New cookbook in Berksfile cookbook "htpasswd", git: https://github.com/Youscribe/htpasswdcookbook.git
Example: htpasswd "/etc/apache2/htpasswd" do user node['webserver']['auth_user'] password node['webserver']['auth_pass'] end
Htpasswd - review ● webserver/metadata.rb: add dependency ● recipes/default.rb: add resource httpasswd ● attributes/default.rb: add two attributes ● berks update & berks upload
Managing users access Site User1/pass User2/pass User3/pass Site Backend User1/pass User3/pass Store Backend User3/pass
DataBags ● Reusable data containers ● JSON ● Search API
Managing user access - Plan ● Keep user/pass with granted nodes ● Find all users for current node ● Generate htpasswd by adding hash for each user
DataBags as files chef_repo data_bags htpasswd user1.json user2.json user3.json
user1.json { "id": "user1", "pass": "password", "nodes" : ["yournode1", "yournode2"] }
Data bag CLI knife data bag create htpasswd knife data bag from file htpasswd user1.json knife data bag from file htpasswd data_bags/htpasswd/* knife search htpasswd "(id:user1)" knife search htpasswd "(nodes:yournode)"
Search API search(:htpasswd, "nodes:#{node.name}") do |user| #add line to file user['pass'] end
Just an example of solution... file "#{node['apache']['dir']}/htpasswd" do action :delete end search(:htpasswd, "nodes:#{node.name}") do |user| htpasswd "#{node['apache']['dir']}/htpasswd" do user user['id'] password user['pass'] notifies :reload, 'service[apache2]' end end

Recomendados

Chef training Day5
Chef training Day5Chef training Day5
Chef training Day5
Andriy Samilyak
 
Chef training Day4
Chef training Day4Chef training Day4
Chef training Day4
Andriy Samilyak
 
Chef training - Day2
Chef training - Day2Chef training - Day2
Chef training - Day2
Andriy Samilyak
 
Infrastructure = Code
Infrastructure = CodeInfrastructure = Code
Infrastructure = Code
Georg Sorst
 
NLIT 2011: Chef & Capistrano
NLIT 2011: Chef & CapistranoNLIT 2011: Chef & Capistrano
NLIT 2011: Chef & Capistrano
nickblah
 
Cooking with Chef
Cooking with ChefCooking with Chef
Cooking with Chef
Ken Robertson
 
Getting Started with Ansible
Getting Started with AnsibleGetting Started with Ansible
Getting Started with Ansible
Ahmed AbouZaid
 
Cook Infrastructure with chef -- Justeat.IN
Cook Infrastructure with chef -- Justeat.INCook Infrastructure with chef -- Justeat.IN
Cook Infrastructure with chef -- Justeat.IN
Rajesh Hegde
 

Recomendados

Chef training Day5
Chef training Day5Chef training Day5
Chef training Day5
Andriy Samilyak
 
Chef training Day4
Chef training Day4Chef training Day4
Chef training Day4
Andriy Samilyak
 
Chef training - Day2
Chef training - Day2Chef training - Day2
Chef training - Day2
Andriy Samilyak
 
Infrastructure = Code
Infrastructure = CodeInfrastructure = Code
Infrastructure = Code
Georg Sorst
 
NLIT 2011: Chef & Capistrano
NLIT 2011: Chef & CapistranoNLIT 2011: Chef & Capistrano
NLIT 2011: Chef & Capistrano
nickblah
 
Cooking with Chef
Cooking with ChefCooking with Chef
Cooking with Chef
Ken Robertson
 
Getting Started with Ansible
Getting Started with AnsibleGetting Started with Ansible
Getting Started with Ansible
Ahmed AbouZaid
 
Cook Infrastructure with chef -- Justeat.IN
Cook Infrastructure with chef -- Justeat.INCook Infrastructure with chef -- Justeat.IN
Cook Infrastructure with chef -- Justeat.IN
Rajesh Hegde
 
Cookbook testing with KitcenCI and Serverrspec
Cookbook testing with KitcenCI and ServerrspecCookbook testing with KitcenCI and Serverrspec
Cookbook testing with KitcenCI and Serverrspec
Daniel Paulus
 
Docker Docker Docker Chef
Docker Docker Docker ChefDocker Docker Docker Chef
Docker Docker Docker Chef
Sean OMeara
 
Orchestration? You Don't Need Orchestration. What You Want is Choreography.
Orchestration? You Don't Need Orchestration. What You Want is Choreography.Orchestration? You Don't Need Orchestration. What You Want is Choreography.
Orchestration? You Don't Need Orchestration. What You Want is Choreography.
Julian Dunn
 
What Makes a Good Chef Cookbook? (May 2014 Edition)
What Makes a Good Chef Cookbook? (May 2014 Edition)What Makes a Good Chef Cookbook? (May 2014 Edition)
What Makes a Good Chef Cookbook? (May 2014 Edition)
Julian Dunn
 
Introduction to chef framework
Introduction to chef frameworkIntroduction to chef framework
Introduction to chef framework
morgoth
 
Practical Chef and Capistrano for Your Rails App
Practical Chef and Capistrano for Your Rails AppPractical Chef and Capistrano for Your Rails App
Practical Chef and Capistrano for Your Rails App
SmartLogic
 
Frontend JS workflow - Gulp 4 and the like
Frontend JS workflow - Gulp 4 and the likeFrontend JS workflow - Gulp 4 and the like
Frontend JS workflow - Gulp 4 and the like
Damien Seguin
 
Chef infrastructure as code - paris.rb
Chef infrastructure as code - paris.rbChef infrastructure as code - paris.rb
Chef infrastructure as code - paris.rb
Nicolas Ledez
 
Automating your workflow with Gulp.js
Automating your workflow with Gulp.jsAutomating your workflow with Gulp.js
Automating your workflow with Gulp.js
Bo-Yi Wu
 
Deploying Rails Apps with Chef and Capistrano
Deploying Rails Apps with Chef and Capistrano Deploying Rails Apps with Chef and Capistrano
Deploying Rails Apps with Chef and Capistrano
SmartLogic
 
DevOps Hackathon: Session 3 - Test Driven Infrastructure
DevOps Hackathon: Session 3 - Test Driven InfrastructureDevOps Hackathon: Session 3 - Test Driven Infrastructure
DevOps Hackathon: Session 3 - Test Driven Infrastructure
Antons Kranga
 
Ansible introduction - XX Betabeers Galicia
Ansible introduction - XX Betabeers GaliciaAnsible introduction - XX Betabeers Galicia
Ansible introduction - XX Betabeers Galicia
Juan Diego Pereiro Arean
 
Vagrant introduction for Developers
Vagrant introduction for DevelopersVagrant introduction for Developers
Vagrant introduction for Developers
Antons Kranga
 
Using Test Kitchen for testing Chef cookbooks
Using Test Kitchen for testing Chef cookbooksUsing Test Kitchen for testing Chef cookbooks
Using Test Kitchen for testing Chef cookbooks
Timur Batyrshin
 
A quick intro to Ansible
A quick intro to AnsibleA quick intro to Ansible
A quick intro to Ansible
Dan Vaida
 
Infrastructure = code - 1 year later
Infrastructure = code - 1 year laterInfrastructure = code - 1 year later
Infrastructure = code - 1 year later
Christian Ortner
 
Ansible intro
Ansible introAnsible intro
Ansible intro
Hsi-Kai Wang
 
Cookbook refactoring & abstracting logic to Ruby(gems)
Cookbook refactoring & abstracting logic to Ruby(gems)Cookbook refactoring & abstracting logic to Ruby(gems)
Cookbook refactoring & abstracting logic to Ruby(gems)
Chef Software, Inc.
 
Cloud Automation with Opscode Chef
Cloud Automation with Opscode ChefCloud Automation with Opscode Chef
Cloud Automation with Opscode Chef
Sri Ram
 
DevOps Hackathon - Session 1: Vagrant
DevOps Hackathon - Session 1: VagrantDevOps Hackathon - Session 1: Vagrant
DevOps Hackathon - Session 1: Vagrant
Antons Kranga
 
Osaaminen uuden yrityksen johtajan näkökulmasta
Osaaminen uuden yrityksen johtajan näkökulmastaOsaaminen uuden yrityksen johtajan näkökulmasta
Osaaminen uuden yrityksen johtajan näkökulmasta
Marko Taipale
 
Powerful Ways To End Emails and Blog Posts
Powerful Ways To End Emails and Blog PostsPowerful Ways To End Emails and Blog Posts
Powerful Ways To End Emails and Blog Posts
Steve Williams
 

Más contenido relacionado

La actualidad más candente

Chef infrastructure as code - paris.rb
Chef infrastructure as code - paris.rbChef infrastructure as code - paris.rb
Chef infrastructure as code - paris.rb
Nicolas Ledez
 

La actualidad más candente (20)

Cookbook testing with KitcenCI and Serverrspec
Cookbook testing with KitcenCI and ServerrspecCookbook testing with KitcenCI and Serverrspec
Cookbook testing with KitcenCI and Serverrspec
 
Docker Docker Docker Chef
Docker Docker Docker ChefDocker Docker Docker Chef
Docker Docker Docker Chef
 
Orchestration? You Don't Need Orchestration. What You Want is Choreography.
Orchestration? You Don't Need Orchestration. What You Want is Choreography.Orchestration? You Don't Need Orchestration. What You Want is Choreography.
Orchestration? You Don't Need Orchestration. What You Want is Choreography.
 
What Makes a Good Chef Cookbook? (May 2014 Edition)
What Makes a Good Chef Cookbook? (May 2014 Edition)What Makes a Good Chef Cookbook? (May 2014 Edition)
What Makes a Good Chef Cookbook? (May 2014 Edition)
 
Introduction to chef framework
Introduction to chef frameworkIntroduction to chef framework
Introduction to chef framework
 
Practical Chef and Capistrano for Your Rails App
Practical Chef and Capistrano for Your Rails AppPractical Chef and Capistrano for Your Rails App
Practical Chef and Capistrano for Your Rails App
 
Frontend JS workflow - Gulp 4 and the like
Frontend JS workflow - Gulp 4 and the likeFrontend JS workflow - Gulp 4 and the like
Frontend JS workflow - Gulp 4 and the like
 
Chef infrastructure as code - paris.rb
Chef infrastructure as code - paris.rbChef infrastructure as code - paris.rb
Chef infrastructure as code - paris.rb
 
Automating your workflow with Gulp.js
Automating your workflow with Gulp.jsAutomating your workflow with Gulp.js
Automating your workflow with Gulp.js
 
Deploying Rails Apps with Chef and Capistrano
Deploying Rails Apps with Chef and Capistrano Deploying Rails Apps with Chef and Capistrano
Deploying Rails Apps with Chef and Capistrano
 
DevOps Hackathon: Session 3 - Test Driven Infrastructure
DevOps Hackathon: Session 3 - Test Driven InfrastructureDevOps Hackathon: Session 3 - Test Driven Infrastructure
DevOps Hackathon: Session 3 - Test Driven Infrastructure
 
Ansible introduction - XX Betabeers Galicia
Ansible introduction - XX Betabeers GaliciaAnsible introduction - XX Betabeers Galicia
Ansible introduction - XX Betabeers Galicia
 
Vagrant introduction for Developers
Vagrant introduction for DevelopersVagrant introduction for Developers
Vagrant introduction for Developers
 
Using Test Kitchen for testing Chef cookbooks
Using Test Kitchen for testing Chef cookbooksUsing Test Kitchen for testing Chef cookbooks
Using Test Kitchen for testing Chef cookbooks
 
A quick intro to Ansible
A quick intro to AnsibleA quick intro to Ansible
A quick intro to Ansible
 
Infrastructure = code - 1 year later
Infrastructure = code - 1 year laterInfrastructure = code - 1 year later
Infrastructure = code - 1 year later
 
Ansible intro
Ansible introAnsible intro
Ansible intro
 
Cookbook refactoring & abstracting logic to Ruby(gems)
Cookbook refactoring & abstracting logic to Ruby(gems)Cookbook refactoring & abstracting logic to Ruby(gems)
Cookbook refactoring & abstracting logic to Ruby(gems)
 
Cloud Automation with Opscode Chef
Cloud Automation with Opscode ChefCloud Automation with Opscode Chef
Cloud Automation with Opscode Chef
 
DevOps Hackathon - Session 1: Vagrant
DevOps Hackathon - Session 1: VagrantDevOps Hackathon - Session 1: Vagrant
DevOps Hackathon - Session 1: Vagrant
 

Destacado

Proxecto 6º o medio no que vivimos
Proxecto 6º o medio no que vivimos Proxecto 6º o medio no que vivimos
Proxecto 6º o medio no que vivimos
David Paz
 
Универсальный энергосберегающий режущий аппарат
Универсальный энергосберегающий режущий аппаратУниверсальный энергосберегающий режущий аппарат
Универсальный энергосберегающий режущий аппарат
kulibin
 
Ux paper prototyping
Ux paper prototypingUx paper prototyping
Ux paper prototyping
Grace Ng
 
How effective is the combination of your main
How effective is the combination of your mainHow effective is the combination of your main
How effective is the combination of your main
xxcloflo13xx
 
производство биомелиоранта
производство биомелиорантапроизводство биомелиоранта
производство биомелиоранта
kulibin
 
Nuevas tecnologías de la
Nuevas tecnologías de laNuevas tecnologías de la
Nuevas tecnologías de la
Michelle
 
Communitymanager
CommunitymanagerCommunitymanager
Communitymanager
Mizarvega
 

Destacado (19)

Osaaminen uuden yrityksen johtajan näkökulmasta
Osaaminen uuden yrityksen johtajan näkökulmastaOsaaminen uuden yrityksen johtajan näkökulmasta
Osaaminen uuden yrityksen johtajan näkökulmasta
 
Powerful Ways To End Emails and Blog Posts
Powerful Ways To End Emails and Blog PostsPowerful Ways To End Emails and Blog Posts
Powerful Ways To End Emails and Blog Posts
 
Proxecto 6º o medio no que vivimos
Proxecto 6º o medio no que vivimos Proxecto 6º o medio no que vivimos
Proxecto 6º o medio no que vivimos
 
NLP meetup 2016.10.05 - Szekeres Péter: Neticle
NLP meetup 2016.10.05 - Szekeres Péter: NeticleNLP meetup 2016.10.05 - Szekeres Péter: Neticle
NLP meetup 2016.10.05 - Szekeres Péter: Neticle
 
Presentation1
Presentation1Presentation1
Presentation1
 
Универсальный энергосберегающий режущий аппарат
Универсальный энергосберегающий режущий аппаратУниверсальный энергосберегающий режущий аппарат
Универсальный энергосберегающий режущий аппарат
 
קורס מגיק למפתחים
קורס מגיק למפתחיםקורס מגיק למפתחים
קורס מגיק למפתחים
 
Some Notes On "Inclusion" - Pat Kane for Creative Scotland
Some Notes On "Inclusion" - Pat Kane for Creative ScotlandSome Notes On "Inclusion" - Pat Kane for Creative Scotland
Some Notes On "Inclusion" - Pat Kane for Creative Scotland
 
Ux paper prototyping
Ux paper prototypingUx paper prototyping
Ux paper prototyping
 
Philadelphia Best Places to Work Roadshow | OpenTable
Philadelphia Best Places to Work Roadshow | OpenTablePhiladelphia Best Places to Work Roadshow | OpenTable
Philadelphia Best Places to Work Roadshow | OpenTable
 
Daily Newsletter: 16th December, 2010
Daily Newsletter: 16th December, 2010Daily Newsletter: 16th December, 2010
Daily Newsletter: 16th December, 2010
 
Chef training - Day1
Chef training - Day1Chef training - Day1
Chef training - Day1
 
How effective is the combination of your main
How effective is the combination of your mainHow effective is the combination of your main
How effective is the combination of your main
 
производство биомелиоранта
производство биомелиорантапроизводство биомелиоранта
производство биомелиоранта
 
Nuevas tecnologías de la
Nuevas tecnologías de laNuevas tecnologías de la
Nuevas tecnologías de la
 
Customer service communities
Customer service communitiesCustomer service communities
Customer service communities
 
EVALUATION QUESTION: 05
EVALUATION QUESTION: 05EVALUATION QUESTION: 05
EVALUATION QUESTION: 05
 
Communitymanager
CommunitymanagerCommunitymanager
Communitymanager
 
Wykładzina vol. 14 Teatr Narodowy Opera Narodowa
Wykładzina vol. 14 Teatr Narodowy Opera NarodowaWykładzina vol. 14 Teatr Narodowy Opera Narodowa
Wykładzina vol. 14 Teatr Narodowy Opera Narodowa
 

Similar a Chef training - Day3

Cooking environments with chef
Cooking environments with chefCooking environments with chef
Cooking environments with chef
pythonandchips
 
Bugzilla Installation Process
Bugzilla Installation ProcessBugzilla Installation Process
Bugzilla Installation Process
Vino Harikrishnan
 
Provisioning with Puppet
Provisioning with PuppetProvisioning with Puppet
Provisioning with Puppet
Joe Ray
 
PyCon AU 2010 - Getting Started With Apache/mod_wsgi.
PyCon AU 2010 - Getting Started With Apache/mod_wsgi.PyCon AU 2010 - Getting Started With Apache/mod_wsgi.
PyCon AU 2010 - Getting Started With Apache/mod_wsgi.
Graham Dumpleton
 
Ride on the Fast Track of Web with Ruby on Rails- Part 2
Ride on the Fast Track of Web with Ruby on Rails- Part 2Ride on the Fast Track of Web with Ruby on Rails- Part 2
Ride on the Fast Track of Web with Ruby on Rails- Part 2
A.K.M. Ahsrafuzzaman
 

Similar a Chef training - Day3 (20)

IT Automation with Chef
IT Automation with ChefIT Automation with Chef
IT Automation with Chef
 
Chef introduction
Chef introductionChef introduction
Chef introduction
 
Cooking environments with chef
Cooking environments with chefCooking environments with chef
Cooking environments with chef
 
Cloud Automation with Opscode Chef
Cloud Automation with Opscode ChefCloud Automation with Opscode Chef
Cloud Automation with Opscode Chef
 
WordPress At Scale. WordCamp Dhaka 2019
WordPress At Scale. WordCamp Dhaka 2019WordPress At Scale. WordCamp Dhaka 2019
WordPress At Scale. WordCamp Dhaka 2019
 
ApacheConNA 2015: What's new in Apache httpd 2.4
ApacheConNA 2015: What's new in Apache httpd 2.4ApacheConNA 2015: What's new in Apache httpd 2.4
ApacheConNA 2015: What's new in Apache httpd 2.4
 
Common configuration with Data Bags - Fundamentals Webinar Series Part 4
Common configuration with Data Bags - Fundamentals Webinar Series Part 4Common configuration with Data Bags - Fundamentals Webinar Series Part 4
Common configuration with Data Bags - Fundamentals Webinar Series Part 4
 
Bugzilla Installation Process
Bugzilla Installation ProcessBugzilla Installation Process
Bugzilla Installation Process
 
Effective DevOps by using Docker and Chef together !
Effective DevOps by using Docker and Chef together !Effective DevOps by using Docker and Chef together !
Effective DevOps by using Docker and Chef together !
 
Apache httpd v2.4
Apache httpd v2.4Apache httpd v2.4
Apache httpd v2.4
 
Apache HTTPD 2.4 - GWO2016
Apache HTTPD 2.4 - GWO2016Apache HTTPD 2.4 - GWO2016
Apache HTTPD 2.4 - GWO2016
 
Provisioning with Puppet
Provisioning with PuppetProvisioning with Puppet
Provisioning with Puppet
 
[Devconf.cz][2017] Understanding OpenShift Security Context Constraints
[Devconf.cz][2017] Understanding OpenShift Security Context Constraints[Devconf.cz][2017] Understanding OpenShift Security Context Constraints
[Devconf.cz][2017] Understanding OpenShift Security Context Constraints
 
PyCon AU 2010 - Getting Started With Apache/mod_wsgi.
PyCon AU 2010 - Getting Started With Apache/mod_wsgi.PyCon AU 2010 - Getting Started With Apache/mod_wsgi.
PyCon AU 2010 - Getting Started With Apache/mod_wsgi.
 
Cooking Perl with Chef: Real World Tutorial with Jitterbug
Cooking Perl with Chef: Real World Tutorial with JitterbugCooking Perl with Chef: Real World Tutorial with Jitterbug
Cooking Perl with Chef: Real World Tutorial with Jitterbug
 
Chef Fundamentals Training Series Module 3: Setting up Nodes and Cookbook Aut...
Chef Fundamentals Training Series Module 3: Setting up Nodes and Cookbook Aut...Chef Fundamentals Training Series Module 3: Setting up Nodes and Cookbook Aut...
Chef Fundamentals Training Series Module 3: Setting up Nodes and Cookbook Aut...
 
Ride on the Fast Track of Web with Ruby on Rails- Part 2
Ride on the Fast Track of Web with Ruby on Rails- Part 2Ride on the Fast Track of Web with Ruby on Rails- Part 2
Ride on the Fast Track of Web with Ruby on Rails- Part 2
 
Introduction to Infrastructure as Code & Automation / Introduction to Chef
Introduction to Infrastructure as Code & Automation / Introduction to ChefIntroduction to Infrastructure as Code & Automation / Introduction to Chef
Introduction to Infrastructure as Code & Automation / Introduction to Chef
 
[EXTENDED] Ceph, Docker, Heroku Slugs, CoreOS and Deis Overview
[EXTENDED] Ceph, Docker, Heroku Slugs, CoreOS and Deis Overview[EXTENDED] Ceph, Docker, Heroku Slugs, CoreOS and Deis Overview
[EXTENDED] Ceph, Docker, Heroku Slugs, CoreOS and Deis Overview
 
Azure handsonlab
Azure handsonlabAzure handsonlab
Azure handsonlab
 

Más de Andriy Samilyak

Más de Andriy Samilyak (12)

Kaizen Magento Support - 2
Kaizen Magento Support - 2 Kaizen Magento Support - 2
Kaizen Magento Support - 2
 
Kaizen Magento support
Kaizen Magento supportKaizen Magento support
Kaizen Magento support
 
Amazon Cognito + Lambda + S3 + IAM
Amazon Cognito + Lambda + S3 + IAM Amazon Cognito + Lambda + S3 + IAM
Amazon Cognito + Lambda + S3 + IAM
 
MageClinic: Affiliative program
MageClinic: Affiliative programMageClinic: Affiliative program
MageClinic: Affiliative program
 
Magento - choosing Order Management SaaS
Magento - choosing Order Management SaaSMagento - choosing Order Management SaaS
Magento - choosing Order Management SaaS
 
TOCAT Introduction (English)
TOCAT Introduction (English)TOCAT Introduction (English)
TOCAT Introduction (English)
 
TOCAT Introduction
TOCAT IntroductionTOCAT Introduction
TOCAT Introduction
 
Как мы играли в DevOps и как получился Magento Autoscale
Как мы играли в DevOps и как получился Magento AutoscaleКак мы играли в DevOps и как получился Magento Autoscale
Как мы играли в DevOps и как получился Magento Autoscale
 
Magento autoscaling
Magento autoscalingMagento autoscaling
Magento autoscaling
 
DevOps in realtime
DevOps in realtimeDevOps in realtime
DevOps in realtime
 
Synthetic web performance testing with Selenium
Synthetic web performance testing with SeleniumSynthetic web performance testing with Selenium
Synthetic web performance testing with Selenium
 
DevOps в реальном времени
DevOps в реальном времениDevOps в реальном времени
DevOps в реальном времени
 

Último

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 

Último (20)

Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 

Chef training - Day3

  • 1. Начала DevOps: Opscode Chef Day 3 Andriy Samilyak samilyak@gmail.com skype: samilyaka
  • 2. Goals ● New resources: file, cookbook_file ● Berkshelf ● DataBags ● Deployment with Chef ● Environments
  • 3. Password protection We need to close our site by login/password in order to keep it private admin/password
  • 4. Password protection HTTP Basic Authentication <Directory <%= node['apache']['docroot_dir'] %>/> Options Indexes FollowSymLinks MultiViews AllowOverride None AuthType Basic AuthName "Restricted Files" AuthBasicProvider file AuthUserFile <%= node['apache']['dir'] %>/htpasswd Require valid-user </Directory> Copy/paste from http://goo.gl/6sEYT5
  • 5. htpasswd We need this contents to be in node['apache']['dir']/htpasswd admin:$apr1$ejZO6aAi$9zUZFyNxkX7pHOfqnjs8/0 Copy/paste from http://goo.gl/6sEYT5
  • 7. Putting file to server #1 ../cookbooks/webserver/recipes/default.rb file "#{node['apache']['dir']}/htpasswd" do owner 'root' group node['apache']['root_group'] mode '0644' backup false content "admin: $apr1$ejZO6aAi$9zUZFyNxkX7pHOfqnjs8/0" end
  • 8. Putting file to server #2 ● 'content' attribute is not really scalable – what if we need 2Kb of text inside? ● Lets first comment out with # content attribute ● create file ../cookbooks/webserver/files/default/htpasswd ● and put root (not admin!) and password hash to it ● Change resource from 'file' to 'cookbook_file'
  • 9. Putting file to server #2 ../cookbooks/webserver/recipes/default.rb cookbook_file "#{node['apache']['dir']}/htpasswd" do owner 'root' group node['apache']['root_group'] mode '0644' backup false end
  • 10. Welcome Berks-way! gem install berkshelf Test it with “berks -v” -------------------------------------------------------------On Windows you'll need to add to chefrepo/.berkshelf/config.json: "ssl": { "verify": false }
  • 11. Move out community cookbooks ● Add a line to Berksfile: cookbook “cookbook” path: cookbooks/webserver ● berks install ← download cookbook to local folder ● berks upload ← upload cookbooks to Chef Server ● remove 'apache2' folder from chef_repo Where is cookbook now anyway?
  • 12. Well done! Lets put it to git git commit -a -m “Initial commit” git push origin master
  • 13. Berks locations ● site: cookbook "artifact", site: "http://cookbooks.opscode.com/api/v1/cookbooks" cookbook "artifact", site: :opscode ● git: cookbook "mysql", git: "https://github.com/opscodecookbooks/mysql.git", branch: "foodcritic"
  • 14. Lets do it better now! https://github.com/Youscribe/htpasswdcookbook Goal: specify user/pass with cookbook attributes Copy/paste from http://goo.gl/6sEYT5
  • 15. New cookbook in Berksfile cookbook "htpasswd", git: https://github.com/Youscribe/htpasswdcookbook.git
  • 16. Example: htpasswd "/etc/apache2/htpasswd" do user node['webserver']['auth_user'] password node['webserver']['auth_pass'] end
  • 17. Htpasswd - review ● webserver/metadata.rb: add dependency ● recipes/default.rb: add resource httpasswd ● attributes/default.rb: add two attributes ● berks update & berks upload
  • 18. Managing users access Site User1/pass User2/pass User3/pass Site Backend User1/pass User3/pass Store Backend User3/pass
  • 20. Managing user access - Plan ● Keep user/pass with granted nodes ● Find all users for current node ● Generate htpasswd by adding hash for each user
  • 23. Data bag CLI knife data bag create htpasswd knife data bag from file htpasswd user1.json knife data bag from file htpasswd data_bags/htpasswd/* knife search htpasswd "(id:user1)" knife search htpasswd "(nodes:yournode)"
  • 24. Search API search(:htpasswd, "nodes:#{node.name}") do |user| #add line to file user['pass'] end
  • 25. Just an example of solution... file "#{node['apache']['dir']}/htpasswd" do action :delete end search(:htpasswd, "nodes:#{node.name}") do |user| htpasswd "#{node['apache']['dir']}/htpasswd" do user user['id'] password user['pass'] notifies :reload, 'service[apache2]' end end