vinyar

# encoding: utf-8
### Sample script to export Chef Server nodes and import them to Chef Compliance
### Change the 'api_url', 'api_user', 'api_pass' and 'api_org' variables below
### Change the nodes_array json suit your environment
### Go to your chef-repo and check Chef Server access first
# cd chef-repo; knife environment list
### Save this Ruby script as kitchen_sink.rb and run it like this:
# cat kitchen_sink.rb | knife exec
### Chef Compliance API docs: https://docs.chef.io/api_compliance.html

vinyar

Tools for Managing RabbitMQ

rabbitmqctl

rabbitmqctl man page

rabbitmqctl provides some management capabilities

vinyar

redbug Debugging on a live EC11 or Chef 12 Server

https://github.com/massemanet/eper/blob/master/doc/redbug.txt

Attach to the running erlang process on running EC11x or Chef 12 systems

/opt/opscode/embedded/bin/erl -name [email protected] -remsh [email protected] -setcookie erchef

Debug LDAP

vinyar

#old code
$mike_smells = 'c:\temp'
if(!(test-path \\$env:computername\MySMBShare)){net share logroot=$mike_smells}


#new DSC code
$mike_smells = 'c:\temp'
Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force
Set-PSRepository -Name PSGallery -InstallationPolicy trusted
# this module will be used for creating shares

vinyar

Why?

There is a long standing issue in Ruby where the net/http library by default does not check the validity of an SSL certificate during a TLS handshake. Rather than deal with the underlying problem (a missing certificate authority, a self-signed certificate, etc.) one tends to see bad hacks everywhere. This can lead to problems down the road.

From what I can see the OpenSSL library that Rails Installer delivers has no certificate authorities defined. So, let's go fetch some from the curl website. And since this is for ruby, why don't we download and install the file with a ruby script?

Installation

The Ruby Way! (Fun)

vinyar

12.5 style custom resources

This is by far the most recommended way of writing resources for all users. There are two gotchas which we're working through:

1. For helper functions that you used to write in your provider code or used to mixin to your provider code, you have to use an action_class do ... end block.
2. The 12.5 resources allow for a shorthand notation in provider code where you can refer to properties by their bare name my_property and it works most of the time. Since it does not work all the time (because of the way ruby scopes things), its recommended to stick to referring to properties by new_resource.my_property.

You cannot subclass, and must use mixins for code-sharing (which is really a best practice anyway -- e.g. see languages like rust which do not support subclassing).

in resources/whatever.rb:

vinyar

How do I set up compliance checks for an application or cookbook pipeline in delivery?

Delivery version: 0.4.109 or higher
Inspec version: 0.16.0 or higher

1) Create a compliance pipeline of a profile you are interested in, or use an existing one.

2) Configure the application or cookbook to depend on that profile.

vinyar

# pre_create_command = <<-EOH
#   if Vagrant.has_plugin?('vagrant-cachier')
#     unless (is_windows)
#       puts 'hello world'
#       config.cache.scope = :box
#       config.cache.enable :generic, {
#         'wget' => { cache_dir: '/var/cache/wget' }
#       }
#     end
#   end

vinyar

# Chef Bootstrap with Chef Vaults
# Required chef version: 12

# Single Vault Item
$ knife bootstrap node1 -N node1 --sudo -r 'recipe[cookbook::default]' --bootstrap-vault-item 'vault:item'

# Multiple Vault through JSON
$ knife bootstrap node1 -N node1 --sudo -r 'recipe[cookbook::default]' --bootstrap-vault-json {"vault1":"item1","vault2":"item2"}

# Multiple Vault through File

vinyar

bash -c '
<%= "export http_proxy=\"#{knife_config[:bootstrap_proxy]}\"" if knife_config[:bootstrap_proxy] -%>

yum install -y wget
wget <%= "--proxy=on " if knife_config[:bootstrap_proxy] %>http://rbel.co/rbel5
rpm -Uvh rbel5

yum install -y rubygem-chef
'