Skip to content

Chef Inneractive Workflow

Archived (pre-2022)

Preserved for reference only -- likely outdated. View original | Last updated: July 2019

Configuration

  1. Clone the system-common repo.
  2. Create your user with the admin privileges on the chef server of Inneractive and it to the Inneractive organization:
chef-server-ctl user-create sdogg Snoop Dogg snoop.dogg@fyber.com 'Password'
chef-server-ctl org-user-add inneractive sdogg --admin
chef-server-ctl grant-server-admin-permissions sdogg
chef-server-ctl user-show sdogg
  1. Add your newly created key to system-common (no need to push)
cd system-common
mkdir chef-keys ; cd chef-keys
cat chef_user_key.pem >> username-inneractive.pem 
vim inneractive_validator.pem
  1. Don't know where to find inneractive_validator.pem? It's in the key store of the Inneractive's Vault (will not work without a VPN). But you should ask them for access to it first.
  2. Now the cool part, but first you need to make a backup of the existing knife config:
cp ~/.chef/knife.rb ~/.chef/knife.rb.backup
  1. There is a knife config in the system-common repo, you need to create the following links to make it work:
cp ~/Repos/system-common/config.local.yaml.example ~/Repos/system-common/config.local.yaml
ln -s ~/Repos/system-common/config.local.yaml ~/.chef/config.local.yaml
ln -s ~/Repos/system-common/config.yaml ~/.chef/config.yaml
ln -s ~/Repos/system-common/knife.repo.rb ~/.chef/knife.rb

* you will have to change the username in the config.local.yaml file to correct one. 7. Now you should be able to do some knife tricks, list the cookbooks or something like this: try knife status for example.

Architecture

In the Inneractive environment, each internal cookbook belongs to a separate repository in BitBucket: Bitbucket

The name convention is the following: *chef-inneractive_cookbookname*

In order to assign specific cookbooks or/and recipes to the server, they are using Chef Roles. Many Roles. Almost 300 hundreds of roles. The approach is almost the same as we are doing for our Frankfurt DC chef-infrastructure.

The difference is that they are using only one Berksfile per each environment (QA/Staging/Production). The current state of the infrastructure is stored in the system-common  repository. There you can find roles, Berksfiles, data-bags, and all other Chef related stuff.

Workflow

For simple changes in the roles, data-bags and so on, we only need to modify the content of the system-common repository. Make sure that you have the up-to-date repo before you push the changes.

In a case where we need to modify the cookbooks:

  1. You need to clone the corresponding repository first.
  2. When you finished with the changes, update the version of the metadata in the cookbook, push the changes and then you need to do the following:
berks -e [inneractive|ia-qa|ia-stg|all] update cookbook_name

This script will update the Berksfile for the desired infrastructure. 3. Check the difference with git diff to make sure you are not updating something you don't want to update. In any questions, it's better to consult with DevOps in TLV. 4. Push the changes 5. Check the status of the following Jenkins job: Project Chef object sync