If you've gone through the Learn Chef Rally modules, joined us for in-person training, or use Chef in your daily work, you may be considering the Chef certification program.
This is a perfect opportunity to check your skills by solving real-world infrastructure and automation challenges.
Being able to complete these tasks is a good indicator that you're ready for Chef certification. Of course, feel free to pair up with a coworker or refer to the documentation. Along the way, we'll point to resources in case you need a refresher.
In this challenge, you'll automate Tomcat installation steps, which are performed manually from the command line, to a Chef cookbook that runs on CentOS.
You'll gain experience:
- creating cookbooks and recipes.
- using common resources and their actions, including the
- defining node attributes.
- creating templates.
- applying node attributes to templates.
- using resource notifications.
- working with environments.
We'll outline the requirements but leave the details to you.
If you find that you need additional background to successfully complete this challenge, the Infrastructure Automation track and the Test driven development with InSpec module teach you many of the skills needed to complete these tasks.
Here's what you need to complete this challenge.
- Bring up a terminal (or PowerShell if you're on Windows) and move to a directory to work in.
- Bring up a text editor that you're comfortable using. Atom, Sublime Text, and Visual Studio Code are a few graphical text editors that are popular among Chef users.
1. Configure Tomcat
Your task here is to convert manual Tomcat installation steps to a Chef cookbook. Here's an outline to guide the process.
Create the repo, cookbook, and recipe
Start by using the
chef command to:
- create a Chef repo called
- create a cookbook called
tomcat in the
- create a recipe called
server in the
Automate the Tomcat configuration
Next, modify the
tomcat::server recipe to convert the manual Tomcat installation steps to Chef resources. Your solution should include these resources:
Here are some additional requirements.
- You should be able to run your cookbook repeatedly, meaning actions should happen only when needed. Remember to use guards in your
tomcat::server recipe where appropriate.
- Tomcat must be restarted if
- Tomcat listens on TCP port 8080 by default. Create a node attribute called
tomcat-port to make this setting configurable.
- Hint: The port is configured in
- Tomcat must be restarted if
- Ensure you follow recommended naming conventions for node attributes.
default recipe should call the
- The cookbook version must be 1.0.0.
2. Configure users
This task configures users on the system.
Create the users cookbook
Start by creating a cookbook called
Add a user
Next, modify the default recipe to add a user called
chef with password
Enable SSH access
Next, modify the default recipe to allow SSH access using password authentication.
Hint: Password authentication is configured by setting
/etc/ssh/sshd_config. Here's an example
Also ensure the
sshd service is restarted when
Hint: You'll need to use a notification. Use the
:nothing action to define the
/etc/ssh/sshd_config file's default action.
3. Test your cookbooks
This task uses InSpec to verify your configuration.
Write an InSpec control for every resource in your cookbooks. Here's a checklist:
java-1.7.0-openjdk-devel should be installed.
tomcat should exist.
tomcat should exist, and belong to group
- The directory
/opt/tomcat should exist.
- The file
apache-tomcat-8.0.33.tar.gz should be extracted to
- The directory
/opt/tomcat/conf should belong to group tomcat and have group permissions
- The contents of directory
/opt/tomcat/conf (in other words,
/opt/tomcat/conf/*) should belong to group
tomcat and have group permissions
- The following directories should be owned by user
- The file
/etc/systemd/system/tomcat.service should exist and contain the content specified.
curl http://localhost:8181 should return the Tomcat homepage.
- Hint: Earlier you defined a node attribute for the TCP port. Overwrite its value in the
suites section of your Test Kitchen configuration file,
- The user
chef should exist.
- SSH access using password authentication should be enabled.
Your task is complete when:
- all InSpec tests pass. (Run
kitchen test –
echo $? must then return 0.)
- Foodcritic and Cookstyle report no errors. (You can use RuboCop to autocorrect any Cookstyle issues.)
4. Deploy your cookbooks
This task deploys your cookbook to a node that's managed by a Chef server.
Configure access to Chef server
Ensure you have a Chef server that you can access. You can use hosted Chef.
Configure your workstation to communicate with the Chef server, without downloading the starter kit.
Upload your cookbooks
berks to upload the
users cookbooks to the Chef server. Ensure you upload your
tomcat cookbook, and not the one from Chef Supermarket.
Create a role
Next, create a role called
tomcatrole. Then, in your role:
- Specify the
tomcat::default recipe in the run-list.
- Specify that Tomcat should listen on port 8181 (use the node attribute you defined earlier.)
Configure chef-client using a base role
Next, use use the appropriate community cookbook to configure
chef-client to run as a service on your node.
You should use a wrapper cookbook called
my_chef_client and add this cookbook to a base role that is included from the
tomcatrole role. Name your base role
Also include the
users::default recipe in the base role.
Create the production environment
Create an environment called
production which pins the
tomcat cookbook to version 1.0.0.
chef-client to run every 5 minutes. Do this by setting the appropriate node attributes in the
production environment – do not modify the
Upload your roles and environment
Next, upload each of your roles and your environment to the Chef server.
Bootstrap your node
Finally, bootstrap your CentOS 7 node using the
tomcatrole role into the
production environment. Name your node
Verify the result
From a browser, navigate to http://YOUR_NODE_IP_OR_FQDN:8181 and verify that your Tomcat server is running.
5. Update the configuration
This task uses an environment attribute to modify the Tomcat configuration.
Bump the version
First, increment the
tomcat cookbook's version from 1.0.0 to 1.1.0.
Hint: For extra credit, use the
knife spork bump command. You may need to install the
Create the acceptance environment
Next, create a new environment called
acceptance which pins the
tomcat cookbook to version 1.1.0.
Next, move your node,
tomcat-node01, from the
production environment to the
acceptance environment, using one the methods below. Consider the pros and cons of each method.
knife node command
knife exec command
knife-flip community plugin
knife-block community plugin
Listen on port 8282
Next, modify the
acceptance environment to configure Tomcat to listen on port 8282. This value should override the value set in your role. (Hint: the documentation explains attribute precedence.)
knife status to determine when the next
chef-client run is due, as determined by the interval value set in the environment.
chef-client runs again, run
why-run mode to determine what changes will be made on the system.
knife ssh command to run
chef-client on your node.
6. Extra credit: configure the web management interface
As a bonus, extend your cookbook to configure the Tomcat web management interface by converting the steps defined here to Chef.
- Implement this in a recipe called
recipe[tomcat::tomcat-users] is included in the run-list in your
- The username and password should be configurable through node attributes. You can set their default values to "admin" and "password".
chef-client on your node. Ensure you can access http://YOUR_NODE_IP_OR_FQDN:8282/manager/html.