Book Image

Chef Infrastructure Automation Cookbook Second Edition

By : Matthias Marschall
Book Image

Chef Infrastructure Automation Cookbook Second Edition

By: Matthias Marschall

Overview of this book

Related Content you might be interested in

Current Title:

Small book image
Chef Infrastructure Automation Cookbook Second Edition
Matthias Marschall
May, 2015 | 278 pages
No titles found
Table of Contents (14 chapters)
Chef Infrastructure Automation Cookbook Second Edition
Chef Infrastructure Automation Cookbook Second Edition
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Chef Infrastructure
Chef Infrastructure
Introduction
Using version control
Installing the Chef development kit on your workstation
Using the hosted Chef platform
Managing virtual machines with Vagrant
Creating and using cookbooks
Inspecting files on your Chef server with knife
Defining cookbook dependencies
Managing cookbook dependencies with Berkshelf
Downloading and integrating cookbooks as vendor branches into your Git repository
Using custom knife plugins
Deleting a node from the Chef server
Developing recipes with local mode
Using roles
Using environments
Freezing cookbooks
Running Chef client as a daemon
Using chef-shell
2
Evaluating and Troubleshooting Cookbooks and Chef Runs
Evaluating and Troubleshooting Cookbooks and Chef Runs
Introduction
Testing your Chef cookbooks
Flagging problems in your Chef cookbooks
Test-driven development for cookbooks using ChefSpec
Integration testing your Chef cookbooks with Test Kitchen
Showing affected nodes before uploading cookbooks
Overriding a node's run list to execute a single recipe
Using why-run mode to find out what a recipe might do
Debugging Chef client runs
Inspecting the results of your last Chef run
Raising and logging exceptions in recipes
Diff-ing cookbooks with knife
Using community exception and report handlers
Creating custom handlers
3
Chef Language and Style
Chef Language and Style
Introduction
Using community Chef style
Using attributes to dynamically configure recipes
Using templates
Mixing plain Ruby with Chef DSL
Installing Ruby gems and using them in recipes
Using libraries
Using definitions
Creating your own Lightweight Resource Providers (LWRP)
Extending community cookbooks by using application wrapper cookbooks
Creating custom Ohai plugins
Creating custom knife plugins
4
Writing Better Cookbooks
Writing Better Cookbooks
Introduction
Setting the environment variables
Passing arguments to shell commands
Overriding attributes
Using search to find nodes
Using data bags
Using search to find data bag items
Using encrypted data bag items
Accessing data bag values from external scripts
Getting information about the environment
Writing cross-platform cookbooks
Finding the complete list of operating systems you can use in cookbooks
Making recipes idempotent by using conditional execution
5
Working with Files and Packages
Working with Files and Packages
Introduction
Creating configuration files using templates
Using pure Ruby in templates for conditionals and iterations
Installing packages from a third-party repository
Installing software from source
Running a command when a file is updated
Distributing directory trees
Cleaning up old files
Distributing different files based on the target platform
6
Users and Applications
Users and Applications
Introduction
Creating users from data bags
Securing the Secure Shell Daemon (SSHD)
Enabling passwordless sudo
Managing NTP
Managing nginx
Creating nginx virtual hosts
Creating MySQL databases and users
Managing WordPress sites
Managing Ruby on Rails applications
Managing Varnish
Managing your local workstation
7
Servers and Cloud Infrastructure
Servers and Cloud Infrastructure
Introduction
Creating your infrastructure using Chef Provisioning
Creating cookbooks from a running system with Blueprint
Running the same command on many machines at once
Setting up SNMP for external monitoring services
Deploying a Nagios monitoring server
Building high-availability services using heartbeat
Using HAProxy to load-balance multiple web servers
Using custom bootstrap scripts
Managing firewalls with iptables
Managing fail2ban to ban malicious IP addresses
Managing Amazon EC2 instances
Loading your Chef infrastructure from a file with spiceweasel and knife
Index
Index

Managing firewalls with iptables

Securing your servers is very important. One basic way of shutting down quite a few attack vectors is running a firewall on your nodes. The firewall will make sure that only those network connections that hit the services you decide to allow are accepted.

On Ubuntu, iptables is one of the tools available for the job. Let's see how to set it up to make your servers more secure.

Getting ready

Make sure that you have a cookbook called my_cookbook and that the run_list of your node includes my_cookbook, as described in the Creating and using cookbooks recipe in Chapter 1, Chef Infrastructure.

Create your Berksfile in your Chef repository including my_cookbook:

mma@laptop:~/chef-repo $ subl Berksfile

cookbook 'my_cookbook', path: './cookbooks/my_cookbook'

How to do it...

Let's set up iptables so that it blocks all network connections to your node and only accepts connections to the SSH and HTTP ports:

  1. Edit your cookbook's metadata.rb:

    mma@laptop:~/chef-repo $ subl cookbooks...
Previous Section
End of Section 11
Next Section