This is a simple tool to manage Chef Solo recipe without having to deal with
knife command line tool. Tinychef is basically few lines of Ruby code
wrapping shell scripts I used to run my chef recipes.
It aims to be just enough to:
- automate node boostrapping just a little bit
- run recipes on nodes, overriding the run list if necessary
- make it easy to work with encrypted data bags
$ gem install tinychef
To create a tinychef compatible directory:
$ tinychef new [dirname]
This will create a new dirname folder with the following structure:
├── cookbooks
├── data_bags
├── imported_cookbooks
├── nodes
├── roles
└── vendor
└── solo.rb
Node bootstrapping is up to you. You have to prepare your own script file for
bootstrapping and put it in boot.sh. You can then let tinychef run it:
$ tinychef boot newnode.example.org
$ tinychef run username@mynode.example.org
This command will look for a mynode.example.org.json file in nodes folder
and execute the run list on that. Alternatively you can run:
$ tinychef run nodes/another_node.json username@mynode.example.org
If you want to override the run list defined in the node file, append a run list sequence:
$ tinychef run nodes/another_node.json username@mynode.example.org "recipe[mybook::myrecipe]"
If this command does not encounter problems, all files are removed from the remote host when it completes. If any error occurs, files from the remote host are not removed, you'll have to clean everything up.
Tinychef assumes you will only work with encrypted data bags. In order to work with encrypted databags you have to create a secret.key file in your tinychef root folder.
$ tinychef key:generate
This command will generate a secret.key file. Keep it secure.
Databags must be placed under data_bags directory organized in folders
reflecting the name of the recipe where the databag is used. You work on databags as
plain ruby hash files, and then encrypt them when it's time to run the recipe
or push everything to the remote.
$ tinychef bag:create myrecipe bag_name
This command will crete a file named data_bags/myrecipe/bag_name.rb. When
you are done editing this file you can encrypt it.
$ tinychef bag:encrypt myrecipe bag_name
Encryption command will generate a json representation of the hash file.
This json file is the one that will be moved to the remote host when running recipes.
In order to keep your working copy clean and secure, tinychef provides a
couple of commands to password protect you secret.key file:
$ tinychef key:lock
will ask for a password and encrypt you key an secret.key.aes file. The
reverse command is:
$ tinychef key:unlock
It's a good idea to leave your working copy safe by removing all plain hashes version of data_bags. You'll be always able to restore the ruby hash version of an encrypted data bag with the command:
$ tinychef bag:decrypt myrecipe bag_name
- Fork it
- Create your feature branch (
git checkout -b my-new-feature) - Commit your changes (
git commit -am 'Added some feature') - Push to the branch (
git push origin my-new-feature) - Create new Pull Request