CONTINUAL INTEGRATION – Page 80 – A Technical I.T./DevOps Blog

How Do You Install and Configure Chef Client on a Linux Server in AWS or Azure?

Updated 11/9/17

Problem scenario
In AWS or Azure you have Linux instances that you want to be configured to use a Chef Server. How do you install Chef client and configure it to work with a Chef server?

Solution
These directions have been tested in Azure (with an Ubuntu 16.x server as either the Chef client node or the Chef server) and AWS (with a Red Hat Enterprise Linux 7.x server as the Chef client node or the Chef server). This solution will install Chef InSpec on RHEL 8.x

Prerequisite: This assumes you have access to the Chef Server and know where the organization permission file (e.g., orgname-validator.pem) is and user permission file (e.g., adminUser.pem) is. To set up Chef server, see this posting.

Procedures
1. From Chef client nodes you need the Chef server's URL to resolve without an IP address (i.e., you need an FQDN to route properly with TCP/IP operations). For the chef client servers, do one of two things:

a) Update the /etc/hosts file so the Chef server's FQDN maps to an IP address. For AWS this would normally be the internal IP address of the Chef server.

b) If you do not want to configure the /etc/hosts file you may configure your Chef client machine (server or computer) to use a DNS server so the FQDN of the Chef server will resolve correctly.

2. a) On the Chef client, create the directory "/etc/chef" (with no quotes).

b) This substep only applies if your Chef server is in AWS. (Your Chef client nodes could be on-premises or in Rackspace or Azure.) Ensure that the AWS Security Group governing the Chef server allows TCP connections from the IP address of the Chef client server. If the Chef client machine is also in AWS and will use an /etc/hosts file with the internal IP address of the Chef server, then the Security Group protecting the Chef server should allow for inbound connections from the internal IP address of the Chef client server. If the Chef client machine in AWS will map the FQDN of the Chef server to its external IP address or if the Chef client machine is not in AWS, use the external IP address of the Chef client for the Security Group inbound rule. Go directly to step 3 (and skip step 2.c).

c) This substep only applies if your Chef server is in Azure. (Your Chef client nodes could be on-premises or in Rackspace or AWS.) Ensure that the Network Security Group (NSG) for the Chef server allows TCP connections from the IP address of your workstation. (Use ipchicken.com if you need to.) You may be able to SSH into your Chef server, but by default the relevant NSG may restrict your ability to open a web UI connection from a web browser. For non-Azure Chef client servers, you should also ensure that the NSG in Azure that controls and protects the Chef server allows for inbound connections from the Chef client servers' external IP addresses.

3. From the server that will be configured as a Chef client, run this command:

sudo curl -L https://www.opscode.com/chef/install.sh | sudo bash

4. From the Chef client machine, do the following.

a) Create a client.rb file in /etc/chef/ with the following three lines:

chef_server_url 'https://<FQDN of Chef server>/organizations/contint'
validation_client_name 'contint-validator'
ssl_verify_mode :verify_none

b) Replace <FQDN of Chef Server> with the FQDN of the Chef server. Replace "contint" with your organization name. Replace "contint-validator" with the name of your validator file.

5.    a) Open a web browser and go to the Chef server's URL or external IP address (e.g., http://<FQDN of Chef server>/organizations/nameOfOrganization). (The browser must accept cookies from this Chef's web UI.)
    b) Go to Policy -> Clients.
    c) Go to Create
    d) Enter the FQDN of the Chef client server. (This can be found by using "hostname -f" on the Linux prompt of the Chef server.)
    e) Click "Create Client."
    f) Copy the text in the window that pops up. (Include "-----BEGIN RSA PRIVATE KEY-----" and everything beneath including the last line "----- END RSA PRIVATE KEY-----".)
    g) Go to the Chef client's command interface (e.g., Linux prompt). Go to /etc/chef/ and create a file named client.pem. The contents should be the text from substep f above.

6. Run a command like this (but substitute the <FQDN of Chef Server> appropriately, and substitute "contintnick" with your organization's nickname):

sudo chef-client -S https://<FQDN of Chef Server>/organizations/contintnick

# The "contintnick" would be whatever you used on the Chef server when you ran this command where "companynickname" is:

sudo chef-server-ctl org-create companynickname 'Continual Integration' --association_user contint --filename contint-validator.pem

What Are Some Common kubectl Commands?

Problem scenario
You want to know about some common kubectl commands. What should you do?

Solution
The below was taken from running "kubectl help". Here are some kubectl commands:

Basic Commands (Beginner):
  create         Create a resource from a file or from stdin.
  expose         Take a replication controller, service, deployment or pod and expose it as a new Kubernetes Service
  run            Run a particular image on the cluster
  set            Set specific features on objects

Basic Commands (Intermediate):
  explain        Documentation of resources
  get            Display one or many resources
  edit           Edit a resource on the server
  delete         Delete resources by filenames, stdin, resources and names, or by resources and label selector

Deploy Commands:
  rollout        Manage the rollout of a resource
  scale          Set a new size for a Deployment, ReplicaSet, Replication Controller, or Job
  autoscale      Auto-scale a Deployment, ReplicaSet, or ReplicationController

Cluster Management Commands:
  certificate    Modify certificate resources.
  cluster-info   Display cluster info
  top            Display Resource (CPU/Memory/Storage) usage.
  cordon         Mark node as unschedulable
  uncordon       Mark node as schedulable
  drain          Drain node in preparation for maintenance
  taint          Update the taints on one or more nodes

Troubleshooting and Debugging Commands:
  describe       Show details of a specific resource or group of resources
  logs           Print the logs for a container in a pod
  attach         Attach to a running container
  exec           Execute a command in a container
  port-forward   Forward one or more local ports to a pod
  proxy          Run a proxy to the Kubernetes API server
  cp             Copy files and directories to and from containers.
  auth           Inspect authorization

Advanced Commands:
  diff           Diff live version against would-be applied version
  apply          Apply a configuration to a resource by filename or stdin
  patch          Update field(s) of a resource using strategic merge patch
  replace        Replace a resource by filename or stdin
  wait           Experimental: Wait for a specific condition on one or many resources.
  convert        Convert config files between different API versions
  kustomize      Build a kustomization target from a directory or a remote url.

Settings Commands:
  label          Update the labels on a resource
  annotate       Update the annotations on a resource
  completion     Output shell completion code for the specified shell (bash or zsh)

Other Commands:
  api-resources  Print the supported API resources on the server
  api-versions   Print the supported API versions on the server, in the form of "group/version"
  config         Modify kubeconfig files
  plugin         Provides utilities for interacting with plugins.
  version        Print the client and server version information

How Do You Change the Apache Web Server Default Directory for a Website’s Files?

Problem scenario
You updated the Directory section of apache2.conf. You changed the DocumentRoot stanza in apache2.conf too. But when you browse to the website, you are not getting to the files in the directory you changed it to. You are getting files from /var/www/html/. Apache has been installed on Debian Linux. What do you do?

Solution

Find this file: 000-default.conf
Back it up. Then change its DocumentRoot stanza.
Restart apache2 web services.

How Do You Find Your Email Distribution List in WordPress?

Problem scenario
You know you have subscribers to your blog or email newsletter via your website. Your website is powered by WordPress. How do you browse to the email addresses that signed up through your website?

Solution
Log into the WordPress dashboard. Go to "Email Subscribers" and click on "Audience."

How Do You Install Kotlin on a Debian/Ubuntu Distribution of Linux?

Problem scenario
You are using Debian or Ubuntu Linux. You want to install Kotlin. What do you do?

Solution
Prerequisite
Install Java. If you need assistance, see this posting.

Procedure
Run this command: sudo snap install --classic kotlin

How Do You Securely Connect an EC-2 Instance in a VPC to an S3 Bucket?

Problem scenario
You have a server in AWS that is in a VPC. You want it to access an S3 bucket. How do you do this?

Solution
Use a VPC endpoint, specifically, use a Gateway Endpoint.

Source: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints.html

How Can Kubernetes Allow for Traffic to Non-Kubernetes Resources?

Problem scenario
You have a Kubernetes cluster, and you need some applications to access external websites. How do you do this?

Solution
Use an Ambassador. It is a sidecar that is designed to reach services (e.g., URLs or sockets) outside the Kubernetes cluster. If the external IP address changes, you just need to change it in the Ambassador containers. A convenient single-source of truth is maintainable.

How Do You Troubleshoot an Ansible Playbook Failing with “The filter … is invalid…AttributeError: Client Error object has no attribute message”?

Problem scenario
Your playbook fails with the following message: "The filter … is invalid…AttributeError: Client Error object has no attribute message"?

What should you do?

Solution
Remove the word "filter" and try your playbook again.

How Do You Rotate PDF Pages for Free?

Problem scenario
You want to rotate the pages of a PDF 90 degrees. What should you do?

Solution
Use the steps 1-3 from the this posting.

If you want to rotate the PDF pages, you can choose "Vertical" or "Horizontal" before you click "Build."

How Do You View the Images That Are Part of Your WordPress Website?

Problem scenario
You are using WordPress, and you want to view the images of your website. You forget where a specific picture/photo (e.g., a JPEG or PNG file is). What should you do?

Solution
1. Log into the WordPress dashboard.
2. Go to Media -> Library
3. Find the drop down menu that says "All media items" and choose "Images"