Managing System Installation and Upgrades with Chef

Overview

Most IAM project systems are now managed by Chef. This allows any change to the system to be built and deployed to every server running the project source. The systems currently managed by Chef are:

• CAS
• Cloudpath products for Wireless SetupIAM wiki
• People
• Shibboleth IdP

Those services not managed by Chef are ZUAUSR, EDIR LDAP, and Radius. The server held in reserve for a Grouper prototype has also not been set up for Chef.

Chef is managed from the user's desktop. All changes are made and the configuration is tested on the desktop. When satisfied that there are no errors in the system build and configuration, the new version of the service is pushed to UA GitHub (see GitHub Version Control).

System Requirements

GitHub

You will need:

• An account on the University of Alaska GitHub service: ​https://github.alaska.edu.
• !Git installed on your desktop
• The latest version of the project that you want to modify
• A plain text editor, such as vi or emacs.
• A directory to hold your chef "cookbooks", by convention usually named just that

See GitHub Version Control for a visual walk through of the University of Alaska GitHub site.

ChefDK

Vagrant

Vagrant manages the connections between your desktop and the remote Chef server. The following is taken directly from their site, ​Chef Client provisioning, to explain the relationship between Chef and Vagrant.

"The Vagrant Chef Client provisioner allows you to provision the guest using Chef, specifically by connecting to an existing Chef Server and registering the Vagrant machine as a node within your infrastructure."

Installation and Setup are managed within the ChefDK. If you are curious and want to learn more about Vagrant's relationship to Chef, ​Chef Client provisioning provides several links to detailed information on the product.

Virtual Box

Additional Helpful Applications

Mac O/S - Xcode

Sample Download of Most Recent Version of a Software Package

The following steps were taken to download the most recent version of UA software to that controls ​People Directory.

$ cd iam-dev/
$ ls
$ mkdir cookbooks
$ cd cookbooks/
$ git clone git@github.alaska.edu:OIT-IAM/iam-app-people.git
* Ensure git is applied to your location before executing the above command.
$ ls -aFC
* Resulting directory listing

./		../		iam-app-people/

$ cd iam-app-people/
$ ls -aFC
* Resulting directory listing

./			Berksfile		chefignore
../			Berksfile.lock		deploy/
.git/			CHANGELOG.md		files/
.gitignore		Gemfile			metadata.rb
.kitchen/		README.md		recipes/
.kitchen.ec2.yml	Thorfile		templates/
.kitchen.yml		Vagrantfile		test/
.travis.yml		attributes/

$ knife
* Ensure ChefDK is installed before executing the above command
* see ​About Knife
$ kitchen converge
* see ​Kitchen
$ kitchen converge
$ kitchen verify

Sample Upload to Chef to Manage a Product Upgrade

The following steps were taken to download and then install a new version of XpressConnect? Wizard onto the ​https://connect.alaska.edu server. While this Cloudpath product is not likely to be the choice going forward for wireless entrollment, the steps involved are no different than they would be for any Chef managed service.

$ find . -name cookbooks
$ mv people-chef/ cookbooks
$ mdfind cookbooks
$ cd cookbooks/
$ ls
$ git clone git@…:OIT-IAM/iam-app-xpc.git
* Resulting output

remote: Counting objects: 173, done.
remote: Compressing objects: 100% (26/26), done.
remote: Total 173 (delta 10), reused 0 (delta 0), pack-reused 140
Receiving objects: 100% (173/173), 33.73 KiB | 0 bytes/s, done.
Resolving deltas: 100% (54/54), done.
Checking connectivity... done.

$ ls
$ cd iam-app-xpc/
$ ls
$ cd attributes/
$ ls
$ vi default.rb
$ git diff
$ cd ../
$ ls
$ vi metadata.rb
$ vi CHANGELOG.md
$ kitchen test
$ git co -b xpcupdate
$ git checkout -b xpcupdate
$ git status
$ git add .
$ git status
$ git commit -m "apply latest XpressConnect? update"
$ git push -u origin xpcupdate
$ ls
$ ls .git
$ git checkout master
$ git pull
$ du .git
$ git branch
$ ls
$ berks install
$ berks upload
$ berks upload