Archive for the ‘ chef ’ Category

Testing Chef cookbooks on travis-ci / with chef-zero

If you are using your own Chef cookbooks you certainly have some sort of tests for them. Likely running test-kitchen with docker or vagrant driver. That setup works perfectly fine locally or on a self-hosted Jenkins server. However building them on public CI platforms like travis-ci or is not possible like that. Caused by their virtualization technology, we cant use test-kitchen with docker or vagrant driver there.

What people usually do to solve this: Use a cloud driver like EC2, Cloudstack, Rackspace so travis-ci will spin up a VM there. However I found this very clunky. This require additional accounts and costs with a Cloud provider.

So what I did is mimicing how the chef-zero provisioner for test-kitchen works as seen here
It basically boils down to installing Chef, copying all dependency cookbooks in place along with some configs and then running chef-client with chef-zero.

Read more

Chef Cookbook for Spacewalk server and clients

I wrote two cookbooks to work with Spacewalk and submitted them to Chefs supermarket.

Read on after the jump how to use these cookbooks. I promise its really simple tho

Read more

Finding obsolete and unused Roles in Chef

If your Chef environment has grown and its time for a cleanup, here is an easy way to find unused and obsolete Roles.
This works as long as the roles/*.rb files are named exactly like the roles.

# in roles/ directory do
for f in *.rb; do echo $f; done | cut -d'.' -f1 | tr '\n' '\0'|xargs -0 -L1 -I '$' sh -c "echo '$:';knife search node 'role:$'|grep Node" > result.txt
# then
for f in *.rb; do echo $f; done | cut -d'.' -f1 | tr '\n' '\0'|xargs -0 -L1 -I '$' sh -c "echo '$:';knife search node 'roles:$'|grep Node" > result2.txt

This will output role name and the hosts using it. Roles not having nodes in both result files are unused and can be removed.

Sample output

Node Name:   auth-app2.prod1.example.lan
Node Name:   auth-app3.prod1.example.lan
Node Name:   auth-app1.prod2.example.lan
Node Name:   ch-esearch3.prod1.example.lan
Node Name:   ch-esearch2.prod2.example.lan

Reason why you need to run it twice is first command searches for nodes having exactly that role and second one searching in expanded run lists.