Learn the Chef basics

Learn the Chef basics on Red Hat Enterprise Linux

Chef helps you express your infrastructure policy – how your software is delivered and maintained on your servers – as code. When infrastructure is code, it becomes more maintainable, versionable, testable, and collaborative.

A great way to get started with Chef is to log in to a server, or node, and configure it directly.

After completing this tutorial, you should be able to:

• describe what happens when Chef runs.
• write Chef code that defines a basic policy.
• apply that policy to a server.

In the next step, you'll install the Chef tools and a text editor on your own machine, or use a virtual machine in the cloud that we provide that already has everything set up. You'll use that machine in the lessons that follow.

The easiest way to get started is to use a free trial CentOS 7 virtual machine that we provide. The virtual machine runs in your browser and has the set of Chef tools, called the Chef DK, and several popular text editors pre-installed. You can also set up your own server to use with this tutorial.

1. Launch a free trial CentOS 7 virtual machine

Let us provide a CentOS virtual machine with the Chef DK installed for you. Just click the button below.

2. Prepare a text editor

Because Chef uses code to express infrastructure policy, it's important that you use a text editor that provides features such as syntax highlighting and line numbering.

After you launch your CentOS server, open a command prompt and bring up a text editor. The virtual machine comes withemacs, nano, and vim pre-installed. If you prefer another text editor, install it now.

If you're new to using command-line text editors on CentOS, here are some resources to help get you started.

• Emacs: Absolute Beginner's Guide to Emacs
• Nano: The Beginner’s Guide to Nano, the Linux Command-Line Text Editor
• Vim: Interactive Vim tutorial

Set up a machine to manage

The normal Chef workflow involves managing servers remotely from your workstation. But in this tutorial, you'll log in to a server and manage it directly to get a feel for how Chef works.

A typical Chef setup is comprised of three elements – your workstation, a Chef server, and nodes.

Chef server acts as a central repository for your Chef code as well as for information about every node it manages.

A node is any computer that is managed by a Chef server.

In practice, you use Chef to manage your servers remotely, typically from a Windows, Mac OS, or Linux workstation. Although you're configuring Red Hat Enterprise Linux or CentOS in this tutorial, your workstation can be any OS you choose.

The normal Chef workflow starts from your workstation. There you use the Chef Development Kit, or Chef DK, to write and verify your configuration policy by writing Chef code.

From there, you upload your Chef code to the Chef server and then run Chef client on your node. Your node downloads the latest code from the Chef server and runs that code to bring your node's configuration up to date. You might set up your node to check in periodically with the Chef server or update your node on demand when your configuration policy changes.

In this tutorial, we'll break from the normal Chef workflow to get a feel for how Chef works. You'll bring up a Red Hat Enterprise Linux or CentOS instance, install the Chef DK on that server, and write and apply a basic configuration policy. The Chef DK provides everything that's needed to write Chef code and apply it all from the same system.

Configure a resource

A Chef resource describes some piece of infrastructure, such as a file, a template, or a package. A Chef recipe is a file that groups related resources, such as everything needed to configure a web server, database server, or a load balancer.

To get started, let's look at a basic configuration management project. You'll learn how to manage the Message of the Day (MOTD) file for your organization. The MOTD file is an example of a resource.

1. Set up your working directory

From your virtual machine, create the chef-repo directory under your home directory, ~/.

mkdir ~/chef-repo

Now cd there

cd ~/chef-repo

2. Create the MOTD file

In this step, you'll first create the file and set the initial MOTD. To keep things basic, you'll configure the file in the /tmpdirectory.

Next, you'll write what's called a recipe to describe the desired state of the MOTD file. Then you'll run chef-client, the program that applies your Chef code to place your system in the desired state. Typically, chef-client downloads and runs the latest Chef code from the Chef server, but in this lesson, you'll run chef-client in what's called local mode to apply Chef code that exists locally on your virtual machine.

From your ~/chef-repo directory, create a file named hello.rb, add these contents, and then save the file.

file '/tmp/motd' do
  content 'hello world'
end

From your terminal window, run the following chef-client command to apply what you've written.

chef-client --local-mode hello.rb2016-03-24T18:24:21+00:00] WARN: No config file found or specified on command line, using command line options.[2016-03-24T18:24:21+00:00] WARN: No cookbooks directory found at or above current directory. Assuming /root/chef-repo.Starting Chef Client, version 12.8.1resolving cookbooks for run list: []Synchronizing Cookbooks:Installing Cookbook Gems:Compiling Cookbooks...[2016-03-24T18:24:23+00:00] WARN: Node default-centos-72 has an empty run list.Converging 1 resourcesRecipe: @recipe_files::/root/chef-repo/hello.rb * file[/tmp/motd] action create - create new file /tmp/motd - update content in file /tmp/motd from none to b94d27 --- /tmp/motd 2016-03-24 18:24:23.030000766 +0000 +++ /tmp/.chef-motd20160324-25656-75j2lz 2016-03-24 18:24:23.026999266 +0000 @@ -1 +1,2 @@ +hello world - restore selinux security context Running handlers:Running handlers completeChef Client finished, 1/1 resources updated in 01 seconds

The output tells us that a new file, /tmp/motd, was created. (The warnings you see relate to concepts we haven't introduced yet, and can be safely ignored for now.)

Now verify that the file was written. Run the more command, which prints a file to the console.

more /tmp/motd

hello world

Run the command a second time

Now, let's see now what happens when you run the same chef-client command again.

chef-client --local-mode hello.rb[2016-03-24T18:24:25+00:00] WARN: No config file found or specified on command line, using command line options.[2016-03-24T18:24:25+00:00] WARN: No cookbooks directory found at or above current directory. Assuming /root/chef-repo.Starting Chef Client, version 12.8.1resolving cookbooks for run list: []Synchronizing Cookbooks:Installing Cookbook Gems:Compiling Cookbooks...[2016-03-24T18:24:26+00:00] WARN: Node default-centos-72 has an empty run list.Converging 1 resourcesRecipe: @recipe_files::/root/chef-repo/hello.rb * file[/tmp/motd] action create (up to date) Running handlers:Running handlers completeChef Client finished, 0/1 resources updated in 01 seconds

This time you get a different response – the file is already up to date. This is because Chef applies the configuration only when it needs to.

Chef looks at the current configuration state and applies the action only if the current state doesn't match the desired state. Here, Chef doesn't create or modify /tmp/motd because it already exists and its contents didn't change. We call this approach test and repair.

3. Update the MOTD file's contents

Now you're going to change the MOTD.

Modify hello.rb like this ('hello world' becomes 'hello chef'.)

file '/tmp/motd' do
  content 'hello chef'
end

Run chef-client

chef-client --local-mode hello.rb[2016-03-24T18:24:29+00:00] WARN: No config file found or specified on command line, using command line options.[2016-03-24T18:24:29+00:00] WARN: No cookbooks directory found at or above current directory. Assuming /root/chef-repo.Starting Chef Client, version 12.8.1resolving cookbooks for run list: []Synchronizing Cookbooks:Installing Cookbook Gems:Compiling Cookbooks...[2016-03-24T18:24:30+00:00] WARN: Node default-centos-72 has an empty run list.Converging 1 resourcesRecipe: @recipe_files::/root/chef-repo/hello.rb * file[/tmp/motd] action create - update content in file /tmp/motd from b94d27 to c38c60 --- /tmp/motd 2016-03-24 18:24:23.026999266 +0000 +++ /tmp/.chef-motd20160324-26099-14hk6vy 2016-03-24 18:24:30.508737995 +0000 @@ -1,2 +1,2 @@ -hello world +hello chef - restore selinux security context Running handlers:Running handlers completeChef Client finished, 1/1 resources updated in 01 seconds

This time Chef applies the action because you've changed the desired state of the file.

4. Ensure the MOTD file's contents are not changed by anyone else

You need to make sure that no other process can change the MOTD.

Imagine that a co-worker manually changes /tmp/motd by replacing 'hello chef' with 'hello robots'. Go ahead and change your copy of /tmp/motd through your text editor. Or you can change the file from the command line like this.

echo 'hello robots' > /tmp/motd

Now run chef-client.

chef-client --local-mode hello.rb[2016-03-24T18:24:32+00:00] WARN: No config file found or specified on command line, using command line options.[2016-03-24T18:24:32+00:00] WARN: No cookbooks directory found at or above current directory. Assuming /root/chef-repo.Starting Chef Client, version 12.8.1resolving cookbooks for run list: []Synchronizing Cookbooks:Installing Cookbook Gems:Compiling Cookbooks...[2016-03-24T18:24:34+00:00] WARN: Node default-centos-72 has an empty run list.Converging 1 resourcesRecipe: @recipe_files::/root/chef-repo/hello.rb * file[/tmp/motd] action create - update content in file /tmp/motd from 548078 to c38c60 --- /tmp/motd 2016-03-24 18:24:31.701333952 +0000 +++ /tmp/.chef-motd20160324-26334-rexmjn 2016-03-24 18:24:34.061513366 +0000 @@ -1,2 +1,2 @@ -hello robots +hello chef - restore selinux security context Running handlers:Running handlers completeChef Client finished, 1/1 resources updated in 01 seconds

Chef restored the original configuration. This is actually a really good thing because Chef ensures that the actual state of your resource matches what you specify, even if it is altered by some outside process. Chef enables you to both apply a new configuration state as well as ensure that the current state stays how you want it.

  In practice, it's common to configure chef-client to act as a service that runs periodically or in response to an event, such as a commit to source control. Running Chef through automation helps to ensure that your servers remain configured as you expect and also enables them to be reconfigured when you need them to be.

5. Delete the MOTD file

OK, you're done experimenting with the MOTD, so let's clean up. From your ~/chef-repo directory, create a new file namedgoodbye.rb and save the following content to it.

file '/tmp/motd' do
  action :delete
end

Now apply goodbye.rb to delete the file.

chef-client --local-mode goodbye.rb[2016-03-24T18:24:36+00:00] WARN: No config file found or specified on command line, using command line options.[2016-03-24T18:24:36+00:00] WARN: No cookbooks directory found at or above current directory. Assuming /root/chef-repo.Starting Chef Client, version 12.8.1resolving cookbooks for run list: []Synchronizing Cookbooks:Installing Cookbook Gems:Compiling Cookbooks...[2016-03-24T18:24:37+00:00] WARN: Node default-centos-72 has an empty run list.Converging 1 resourcesRecipe: @recipe_files::/root/chef-repo/goodbye.rb * file[/tmp/motd] action delete - delete file /tmp/motd Running handlers:Running handlers completeChef Client finished, 1/1 resources updated in 01 seconds

The output shows that /tmp/motd is now gone, but let's prove it.

more /tmp/motd/tmp/motd: No such file or directory

Summary

You ran a few basic Chef commands and got a flavor of what Chef can do. You learned that a resource describes one part of the system and its desired state. You worked with a file, which is one kind of resource.

Resources describe the what, not the how

A recipe is a file that holds one or more resources. Each resource declares what state a part of the system should be in, but not how to get there. Chef handles these complexities for you.

In this lesson, you declared that the file /tmp/motd must exist and what its contents are, but you didn't specify how to create or write to the file. This layer of abstraction can not only make you more productive, but it can also make your work more portable across platforms.

Resources have actions

When you deleted the file, you saw the :delete action.

Think of an action as the process that achieves the desired configuration state. Every resource in Chef has a default action, and it's often the most common affirmative one – for example, create a file, install a package, and start a service.

When we created the file we didn't specify the :create action because :create is the default. But of course you can specify it if you want.

The documentation for each resource type, file for example, explains the type's default action.

Recipes organize resources

In Chef, hello.rb is an example of a recipe, or an ordered series of configuration states. A recipe typically contains related states, such as everything needed to configure a web server, database server, or a load balancer.

Our recipe states everything we need to manage the MOTD file. You used chef-client in local mode to apply that recipe from the command line.