"systemguy" do comment "system guy" system true shell "/bin/false" end directory "/opt/demo-app/" do mode "0755" owner "systemguy" recursive true end service "demo-app" do action [:enable, :start] end
run • Policyfile - source code for a policy • Compiled Policy - snapshot of a policy • Policy Group - a set of nodes that share the same revision of Compiled Policy
# Specify a custom source for some cookbooks: cookbook "demo-app", path: "./" cookbook "apache2", git: "https://github.com/svanzoest-cookbooks/apache2.git" $ chef install Policyfile.rb # => ./Policyfile.lock.json Compile the policy and download cookbooks:
all the cookbooks needed • Determines node attributes • Compiles the resource collection • Runs all the resources subsequently • Updates node’s object on the Chef Server
testing infrastructure code and software on isolated target platforms. Acceptance & Integration Tests • InSpec - testing framework for infrastructure. Compliance as a code.
in cookbook Recompile policies $ chef update ./policyfile.rb $ git add ./policyfile.lock.json $ git commit ... Test the infrastructure locally $ kitchen test
Client on nodes ... Checkout the required git ref $ git checkout release/v1.0.2 $ sudo chef-client # on the node $ chef push ./policyfile.rb production