cloud-banner

Monday, 21 May 2012 19:00

zNcrypt Chef cookbook Part II

Written by 

674938fe759dcb190d0f82192a3b499c

Now that we have walked through some basic tips on creating a cookbook in Part I, let's walk through the zncrypt cookbook to learn how you can use it to quickly and easily install zncrypt.

See https://github.com/gazzang/cookbooks

Let's look at the basic structure of the zncrypt cookbook: see https://github.com/gazzang/cookbooks/tree/master/zncrypt

|-- CONTRIBUTING 
|-- LICENSE 
|-- metadata.rb 
|-- README.md `
-- recipes 
 |-- default.rb `
 -- zncrypt.rb
CONTRIBUTING: contains basic information on how to contribute to this open source project 
LICENSE: contains the license information, in this case Apache 2 metadata.rb: ruby file contains metadata about the cookbook 
README.md: readme information following .md formatting recipes 
 default.rb: the default recipe, for zncrypt cookbook, it is used to call the zncrypt recipe 
 zncrypt.rb: this has all the logic to install zncrypt

Let's start by analyzing zncrypt.rb

# # Cookbook Name:: zncrypt 
# Recipe:: zncrypt 
# 
# Copyright 2012, Gazzang, Inc. 
# 
# Licensed under the Apache License, Version 2.0 (the "License"); 
# you may not use this file except in compliance with the License. 
# You may obtain a copy of the License at 
# 
# http://www.apache.org/licenses/LICENSE-2.0 
# 
# Unless required by applicable law or agreed to in writing, software 
# distributed under the License is distributed on an "AS IS" BASIS, 
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 
# See the License for the specific language governing permissions and 
# limitations under the License. 
#

We start off by setting up yum and apt to use the gazzang repository and gazzang gpg key

casenode['platform_family'] 
when"rhel","fedora" 
# use the yum cookbook 
include_recipe"yum::yum" 
# Add the Gazzang gpg key and repo, redhat centos fedora 
yum_key"RPM-GPG-KEY-gazzang"do 
url"http://archive.gazzang.com/gpg_gazzang.asc" 
action:add end 
yum_repository"gazzang"do 
repo_name"gazzang" 
description"RHEL $releasever - gazzang.com - base" 
url"http://archive.gazzang.com/redhat/stable/$releasever/$basearch" 
key"RPM-GPG-KEY-gazzang" 
action:add 
end 
when"debian" 
# use the apt cookbook 
include_recipe"apt::default" 
# Add the Gazzang gpg key and repoi, ubuntu debian 
apt_repository"gazzang"do 
uri"http://archive.gazzang.com/#{node['platform']}/stable" 
distributionnode['lsb']['codename'] 
components["main"] 
key"http://archive.gazzang.com/gpg_gazzang.asc" 
action:add 
end 
else 
Chef::Application.fatal!("Your distro is not yet supported/tested, patches welcome!") 
end

zNcrypt depends on dkms, since it is not included in CentOS we will need to download it from a repository

|-# zNcrypt requires dkms to dynamically compile the zNcrypt kernel nodule 
# in most distributions the package is included in the repo 
# on CentOS it may need to be preinstalled, we will use RPM forge 
ifplatform?("centos") 
# use the yum cookbook to add the RPM-GPG-KEY 
yum_key"RPM-GPG-KEY.dag.txt"do 
url"http://apt.sw.be/RPM-GPG-KEY.dag.txt" 
action:add 
end 
# there may be a better way to install using yum_repository, but this works 
script"install dkms rpm for CentOS"do 
interpreter"bash" 
user"root" 
cwd"/usr/local/src" 
code<<-EOH 
wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.x86_64.rpm 
rpm -ivh --force rpmforge-release-0.5.2-2.el5.rf.x86_64.rpm 
EOH 
end
end

Now that all the repos are setup, we will iterate over the package installations for kernel headers, dkms, ezncryptfs and ezncrypt

|# assemble the packages 
zncrypt_packages=casenode['platform_family'] 
when"rhel","fedora" 
%w{kernel-devel kernel-headers dkms ezncryptfs ezncrypt} 
when"debian" 
uname=%x(uname -r) 
%W{linux-headers-#{uname}dkms ezncryptfs ezncrypt} 
end 
# loop to install packages 
zncrypt_packages.eachdo|zncrypt_pack| 
packagezncrypt_packdo 
action:install 
end

The metadata.rb has some boilerplate attributes, defines dependancies and supported operating systems

maintainer "Gazzang, Inc." 
maintainer_email"eddie.garcia@gazzang.com" 
license"Apache 2.0" 
description"Installs/Configures zNcrypt" 
long_descriptionIO.read(File.join(File.dirname(__FILE__),'README.md')) 
version"0.0.2" 
%w{ apt yum }.eachdo|cb| 
dependscb 
end 
%w{ debian ubuntu centos redhat fedora }.eachdo|os| 
supportsos 
end 
recipe"zncrypt::default","Installs and configures zNcrypt"

Lastly the default.rb in this cookbook is a one liner that uses the zncrypt recipe to install zncrypt.

include_recipe"zncrypt::zncrypt"

If you are looking to install zncrypt with chef all that is needed now is to download the zncrypt cookbook, upload to your repository and add the recipe to your node role or runlist.

 # git clone git@github.com:gazzang/cookbooks.git 
# knife cookbook upload zncrypt 
# knife node run_list add ubuntu recipe[zncrypt:default]

When all is done you can run chef-client on a node, which if it has zncrypt in its run_list or role will install zncrypt.

# sudo chef-client

Part III will expand the zncrypt cookbook to use data bags for license activation, configuration and generation of encryption keys.

Happy Cooking!

Eddie Garcia

Latest from Eddie Garcia

back to top