chef interview questions
Top chef frequently asked interview questions
What is the best practice for storing password and API keys with Chef? It's really tempting to store database passwords, AWS api keys, and other sensitive credentials as Chef Server Attributes for use in recipes -- but what about security considerations? What's the best practice for this?
Source: (StackOverflow)
A current Chef recipe isn't running because of a bug in version 0.10.10. How can I upgrade the version of Chef that Vagrant uses, to 0.10.12?
I don't want to just update it for the current instance of the VM - I keep destroying and rebuilding those. Do I need to change something in the Vagrant base box, or something in my (physical) system's installation?
Source: (StackOverflow)
Trying to figure out the best approach for a large project. When is it appropriate to add recipes within a recipe by using include_recipe
as opposed to adding the recipe to the run_list
? Is there a good rule of thumb?
Source: (StackOverflow)
I'm learning Chef and I'm going to do right now for Ubuntu:
execute "add-apt-repository ppa:#{node[:some_repo]}" do
user "root"
end
execute "apt-get update" do
user "root"
end
but may be there is a better ("chef-style"?) way to do it. Also, I concerned that sometimes add-apt-repository waits for "Enter" key on it's execution, so this approach might not work as is. What is the Right way of doing it?
Edit: I only have ppa link in format: ppa:something/user
Source: (StackOverflow)
We're planning to use AMI EC2 instances which are not "pre-baked". I.e. when they are spun up, they are bare installs of AWS linux. Our bootstrap process will pull in the various installs that we need e.g. python, tomcat. We'll have min of 3 instances and max of 8.
Given these requirements, would using Puppet/Chef be useful rather than using Amazon Cloud Formation (CloudInit)?
Best I can see is if we used Puppet, then we'd have declarative programming which is easier to audit to see what's happening versus a script. Also CloudInit has a 16k script size limit which we may or may not run into.
Has anyone moved from CloudInit to Puppet or Chef for a specific reason that they can provide here in answer to my question?
Source: (StackOverflow)
I've installed a Vagrant + Virtualbox using Chef (+library chef). When I do vagrant up
first time, cookbooks get loaded correctly. However, when I do provision afterwards (be it vagrant provision
, vagrant reload --provision
or vagrant up --provision
I get this error:
Shared folders that Chef requires are missing on the virtual machine.
This is usually due to configuration changing after already booting the
machine. The fix is to run a `vagrant reload` so that the proper shared
folders will be prepared and mounted on the VM.
I searched everywhere and the only solution given is to do vagrant reload --provision
, this worked up up to Vagrant 1.3.1.
Source: (StackOverflow)
I have not yet come across a chef resource which will copy/move files locally. e.g. I want to download jetty hightide and unzip it. once done, then copy all the files into a particular folder:
something like this:
# mv /var/tmp/jetty-hightide-7.4.5.v20110725/* /opt/jetty/
BTW, jettyhightide when unzipped, gives you a folder and inside that folder rest of the files are located. hence unzip jetty-hightide-7.4.5.v20110725.zip -d /opt/jetty/
is useless because it will then create a directory /opt/jetty/jetty-hightide-7.4.5.v20110725/*
whereas what I really want is /opt/jetty/*
. Hence I am looking for a local copy/move resource in chef.
Thanks.
Source: (StackOverflow)
When using vagrant and chef as provisioner, I've got this warning:
[web] Chef 11.12.2 Omnibus package is already installed.
[web] Running provisioner: chef_solo...
Generating chef JSON and uploading...
Running chef-solo...
stdin: is not a tty
[2014-04-10T14:48:46+00:00] INFO: Forking chef instance to converge...
[2014-04-10T14:48:46+00:00] WARN:
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
SSL validation of HTTPS requests is disabled. HTTPS connections are still
encrypted, but chef is not able to detect forged replies or man in the middle
attacks.
To fix this issue add an entry like this to your configuration file:
```
# Verify all HTTPS connections (recommended)
ssl_verify_mode :verify_peer
# OR, Verify only connections to chef-server
verify_api_cert true
```
To check your SSL configuration, or troubleshoot errors, you can use the
`knife ssl check` command like so:
```
knife ssl check -c /tmp/vagrant-chef-1/solo.rb
```
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Would be nice to know what kind of settings does chef requires in Vagrantfile to fix this issue.
Source: (StackOverflow)
Right now I have the following in my Vagrantfile:
config.vm.provision :chef_solo do |chef|
chef.cookbooks_path = "cookbooks"
chef.add_recipe "apt"
chef.add_recipe "build-essential"
chef.add_recipe "chef-redis::source"
chef.add_recipe "openssl"
chef.add_recipe "git"
chef.add_recipe "postgresql::server"
chef.add_recipe "postgresql::client"
end
In order to install the software added to my recipe_list, I need to get the VM to issue an apt-get update before installing the other software.
I was under the impression that this was one of the features of the 'apt' recipe - that it would run the update first thing.
The output when I do a vagrant provision is:
[Sat, 11 Feb 2012 22:20:03 -0800] INFO: *** Chef 0.10.2 ***
[Sat, 11 Feb 2012 22:20:03 -0800] INFO: Setting the run_list to ["recipe[apt]", "recipe[build-essential]", "recipe[chef-redis::source]", "recipe[openssl]", "recipe[git]", "recipe[postgresql::server]", "recipe[postgresql::client]", "recipe[vagrant-main]"] from JSON
[Sat, 11 Feb 2012 22:20:03 -0800] INFO: Run List is [recipe[apt], recipe[build-essential], recipe[chef-redis::source], recipe[openssl], recipe[git], recipe[postgresql::server], recipe[postgresql::client], recipe[vagrant-main]]
[Sat, 11 Feb 2012 22:20:03 -0800] INFO: Run List expands to [apt, build-essential, chef-redis::source, openssl, git, postgresql::server, postgresql::client, vagrant-main]
[Sat, 11 Feb 2012 22:20:03 -0800] INFO: Starting Chef Run for lucid32
[Sat, 11 Feb 2012 22:20:03 -0800] INFO: Processing package[postgresql-client] action install (postgresql::client line 37)
[Sat, 11 Feb 2012 22:20:04 -0800] ERROR: package[postgresql-client] (postgresql::client line 37) has had an error
[Sat, 11 Feb 2012 22:20:04 -0800] ERROR: Running exception handlers
[Sat, 11 Feb 2012 22:20:04 -0800] ERROR: Exception handlers complete
[Sat, 11 Feb 2012 22:20:04 -0800] FATAL: Stacktrace dumped to /tmp/vagrant-chef-1/chef-stacktrace.out
[Sat, 11 Feb 2012 22:20:04 -0800] FATAL: Chef::Exceptions::Exec: package[postgresql-client] (postgresql::client line 37) had an error: apt-get -q -y install postgresql-client=8.4.8-0ubuntu0.10.04 returned 100, expected 0
Source: (StackOverflow)
I have the following setup:
- Many different projects which are separate git repositories, but all have mostly the same server configuration
- Each project in turn depends on many other projects and we use the composer dependency manager to get them together (PHP language here).
I want to use Vagrant and include a Vagrant file in each repository, so my team members can clone a repository, run vagrant up
and be ready to go.
My question is now directed towards the provisioning. I need to install several tools and packages like apache, git, mysql and several php packages, then download some files (like a recent development db dump), set everything up in /var/www and run the composer install command.
So one option to do this is using a manager using recipes like chef or puppet.
The alternative would be to write a bash file and use shell provisioning.
I have not much experience with chef / puppet, so naturally, it seems easier to use the shell option, but I want to understand if this is not a good / viable option in the long run.
Why to me it seems a bad approach to go with puppet / chef:
I understand that I will have to use several different recipes and will almost always use the same recipes for my different repositories, so I would have to include all of them in all the repositories. Consider having 20 repos and needing 10 recipes, that means that I will need to add 200 recipes as a git-submodule or alike (also each team member needs to clone the repository, then clone 10 recipe repositories and only then run vagrant up for each project). In contrast, I would just need to have a small repo with my shell script and clone it 20 times.
I am probably missing something, so please advice whether I should opt for chef / puppet and why it makes sense even if my repositories all have a very similar server setup.
Source: (StackOverflow)
I have a program that I build from source. For this I'm using the script
resource. What is a good way to implement the logic for installation and update? Right now I just have installation implemented with the built-in not_if
conditional.
script "install_program" do
not_if {File.exists?('/program')}
interpreter "bash"
user "root"
cwd "/tmp"
code <<-EOH
wget http://www.example.com/program.tar.gz
tar -zxf program.tar.gz
cd tarball
./configure
make
make install
EOH
end
Source: (StackOverflow)
How can you use a Chef recipe to set an environment variable?
I need to set an environment variable using a chef recipe. Can you provide an example of how to accomplish this?
Source: (StackOverflow)
I use vagrant and chef to develop my own blog in a virtual machine. To have easy access to the wordpress folder I created a shared folder.
Basically the wordpress folder is on my host and gets mounted as shared folder in /var/www/wordpress in the VM. The configuration is similar to:
config.vm.share_folder "foo", "/guest/path", "/host/path"
My problem is that the ownership in my VM is always vagrant:vagrant
even if I change it on my host. Ownership changes in the VM get ignored.
I cannot use chown
to set the ownership of the upload directory to www-data:www-data
.
It is possible to use chmod
and change the access restrictions to 777
, but this is a really ugly hack.
Here is what I actually want. Is this possible?:
- Development: Access to the shared folder from my host.
- Access Restriction: On the VM all files and folders should have proper and secure ownership and access restrictions.
Source: (StackOverflow)
I'm trying to use Chef to install graphite server and I encountered errors saying that either chef-solo or chef-client was not found on the VM. I'm using Ubuntu 12.04.amd64 LTS, this is server version so it will not have chef-client installed. I know that 13 version will auto have chef-client installed but I can not use 13 version.
I googled and saw some people suggest to ssh to the box and apt-get install chef-client.
My question is: is there anyway that I can preinstall chef-client before chef kicked in? Basically I would like my chef program download the raw image and do everything without additional manual steps from users. Is it possible?
My Vagrantfile:
Vagrant.configure("2") do |config|
config.vm.box = "ubuntu-12.04-amd64"
config.vm.box_url = "http://cloud-images.ubuntu.com/vagrant/precise/current/precise-server-cloudimg-amd64-vagrant-disk1.box"
config.vm.hostname = "graphite"
config.vm.network :forwarded_port, guest: 8080, host: 9090
config.vm.provision :chef_solo do |chef|
chef.cookbooks_path = "cookbooks"
chef.roles_path = "roles"
chef.data_bags_path = "data_bags"
chef.add_role "Graphite-Server"
chef.add_role "StatsD-Server"
end
end
Error Log:
[default] Running provisioner: chef_solo...
The chef binary (either `chef-solo` or `chef-client`) was not found on
the VM and is required for chef provisioning. Please verify that chef
is installed and that the binary is available on the PATH.
Thanks
Source: (StackOverflow)