Managing Systems with Chef: Sandbox Play

Chef is an awesome tool for centralized management of systems and resources. Chef recipes are best consumed in a sandbox, first, before being deployed. Below, I describe a simple sandbox setup using VirtualBox and Debian Lenny.

Using VirtualBox, define a new virtual machine. I used the business card ISO to install a bare minimum Debian, without even the base system packages installed, which can be deselected from within tasksel during the install.

Once your Debian instance is running, you’ll want to install a few additional packages. (Imagine sudo is used below if it makes you feel more comfortable.)

# apt-get install build-essential linux-headers-$(uname -r) \
  ruby1.8 ruby1.8-dev rdoc1.8 ri1.8 ssh libopenssl-ruby1.8 couchdb \
  less netcat psmisc vim-nox sudo
# update-alternatives --install /usr/bin/ruby ruby /usr/bin/ruby1.8 500 \
  --slave /usr/share/man/man1/ruby.1.gz ruby.1.gz \
  /usr/share/man/man1/ruby.1.8.gz \
  --slave /usr/bin/ri ri /usr/bin/ri1.8 \
  --slave /usr/bin/irb irb /usr/bin/irb1.8

Thereafter, follow the installation guide for Debian based systems. I used update-alternatives again for the gem command.

# update-alternatives --install /usr/bin/gem gem /usr/bin/gem1.8 500

If you need more than NAT — you can run chef on a guest by itself and use chef-client against it for testing purposes — for applying recipes to nodes in addition to the chef-server node, you can configured bridged networking on a virtual network. Tolaris has a great guide on configuring VirtualBox for networking using bridge-utils. I decided to use maradns and udhcpd instead of dnsmasq, though. The former will easily allow you to use a bogus TLD.

On the system running VirtualBox:

# apt-get install bridge-utils maradns udhcpd

Two files are necessary for maradns to host a sandbox domain. One for the server, /etc/maradns/mararc:

maradns_uid = 115
ipv4_bind_addresses = "10.5.4.1"
chroot_dir = "/etc/maradns"
recursive_acl = "10.5.4.0/24"
csv2 = {}
csv2["net.chef."] = "db.net.chef"

A zone file, db.net.chef:

server.% 10.5.4.1
chef-server.% 10.5.4.10
# askmara Achef-server.net.chef. 10.5.4.1

# Querying the server with the IP 10.5.4.1
# Question: Achef-server.net.chef.
chef-server.net.chef. +86400 a 10.5.4.10
# NS replies:
#net.chef. +86400 ns synth-ip-0a050401.net.chef.
# AR replies:
#synth-ip-0a050401.net.chef. +86400 a 10.5.4.1

Finally, the configuration for udhcpd in /etc/udhcpd.conf:

start           10.5.4.10
end             10.5.4.254
max_leases      245
interface vnet0
opt     dns     10.5.4.1
opt     subnet  255.255.255.0
opt     router  10.5.4.1

The above alleviates the need for manually configuring each guest’s IP, default route, and DNS server, making it easier to use a single cloned, immutable disk image for all testing needs. The IP assigned can be tied to the virtual machine’s virtual ethernet mac address, too.

With that complete, a FQDN can be used for Chef hosts and SSL certs.

Post a Comment

Your email is never shared. Required fields are marked *

*
*