Terraform has a chef provisioner that works with a chef server. I have working examples of that I’ve validated.
I’ve been experimenting with the chef tutorials and I wanted to confirm what I think I understand though about chef zero and test kitchen.
It seems there is no way to use Terraform to do the infrastructure provisioning and have chef zero to push chef client and cookbook to that instance within the world of test kitchen?
Do I understand correctly?
It seems there is no way to use Terraform to do the infrastructure provisioning and have chef zero to push chef client and cookbook to that instance within the world of test kitchen?
Could you elaborate? Why would you want to use terraform with test kitchen? Test kitchen is intended for spinning up 1 vm using virutalbox/vmware/docker/aws/azure. Test kitchen manages everything within the scope of its definition. It isn't intended to integrate with other services.
It is possible to point test kitchen at existing infrastructure that was created externally, using the 'proxy' driver.
- name: some_server
driver:
name: proxy
host: testserver1.example.com
reset_command: "exit 0"
port: 5985
username: bill@microsoft.com
password: <%= ENV['TK_PASS'] %>
Hi There!
It looks like there is kitchen-terraform gem (https://github.com/newcontext-oss/kitchen-terraform), but that appears to be for testing your terraform scripts. On the terraform side, the chef provisioner only supports a server installation, so using test-kitchen to test that would not be useful.
What is unclear for me about your question, is the ultimate goal. Are you wanting to find a way to use terraform without a chef-server, or a way to use test kitchen to test your terraform scripts?
Assuming the former, I have run into the same problem. What I did was the following:
• Set userdata in the instance resource to set the admin password (for windows)
• Create a project Berksfile and use the null_resource with the file provisioners to copy it to the instance (using the admin password I set in userdata)
• Use a null resource with the remote-exec provisioner to
o Install the chef-client, berks, and git
o Resolve and verndor the berksfile
o Run the chef-client with the desired runlist
Here is what that last part looks like:
# Bootstrap and provision the instance
resource "null_resource" "Run_Chef" {
count = "${ var.server_count }"
depends_on = ["null_resource.put_files"]
connection {
host = "${element(openstack_networking_floatingip_v2.get_corp_ip.*.address, count.index)}"
type = "winrm"
user = "Administrator"
password = "${ var.admin_pass }"
insecure = true
}
provisioner "remote-exec" {
inline = [
"powershell -Command \". { iwr -useb https://omnitruck.chef.io/install.ps1 } | iex; install -version ${ var.chef_client_version } ",
"powershell -Command \". iwr -useb https://github.com/git-for-windows/git/releases/download/v2.14.1.windows.1/Git-2.14.1-64-bit.exe -OutFile C:\\chef\\repo\\git_installer.exe ",
"c:\\chef\\repo\\git_installer.exe /SILENT /COMPONENTS=\"icons,ext\\reg\\shellhere,assoc,assoc_sh\"",
"set path=%path%;c:\\opscode\\chef\\bin\\;c:\\opscode\\chef\\embedded\\bin\\;C:\\Program Files\\Git\\cmd\\",
"set git_ssl_no_verify=true",
"setx path %path%",
"cmd /c \"gem install berkshelf && exit\"",
"cmd /c \"berks vendor c:\\chef\\repo\\cookbooks -b c:\\chef\\repo\\Berksfile && exit\"",
"chef-client --local-mode -r recipe[${ var.cookbook }::${ var.recipe }] --config-option cookbook_path=c:\\chef\\repo\\cookbooks\""
]
}
Note that the script (for windows) includes some “magic” lines where the actualy command is wrapped in "cmd /c \"<actual command>&& exit\"". This is because bers returns an unexpected exit code that terminates the remote-exec connection. The wrapper ensures a proper exit code so that the execution continues.
Kind regards,
Dan-Joe Lopez
Hey Guys,
Thanks for the info. Let me clarify a bit.
I want to use test kitchen to test my chef cookbooks. I wanted to test my cookbooks on temporary servers that are spun up via terraform also by test kitchen.
I've got the terraform-kitchen plugin working, but if it is just for provisioning/testing terraform scripts it isn't of much value, because I don't need test kitchen for that.
I can do that with the standard terraform client. I wanted to have test kitchen execute both workflows.
Dan-Joe
December 18 |
Hi There!
It looks like there is kitchen-terraform gem (GitHub - newcontext-oss/kitchen-terraform: Test Kitchen plugins for testing Terraform configurations), but that appears to be for testing your terraform scripts. On the terraform side, the chef provisioner only supports a server installation, so using test-kitchen to test that would not be useful.
What is unclear for me about your question, is the ultimate goal. Are you wanting to find a way to use terraform without a chef-server, or a way to use test kitchen to test your terraform scripts?
Assuming the former, I have run into the same problem. What I did was the following:
• Set userdata in the instance resource to set the admin password (for windows)
• Create a project Berksfile and use the null_resource with the file provisioners to copy it to the instance (using the admin password I set in userdata)
• Use a null resource with the remote-exec provisioner to
o Install the chef-client, berks, and git
o Resolve and verndor the berksfile
o Run the chef-client with the desired runlist
Here is what that last part looks like:
resource "null_resource" "Run_Chef" {
count = "${ var.server_count }"
depends_on = ["null_resource.put_files"]
connection {
host = "${element(openstack_networking_floatingip_v2.get_corp_ip.*.address, count.index)}"
type = "winrm"
user = "Administrator"
password = "${ var.admin_pass }"
insecure = true
}
provisioner "remote-exec" {
inline = [
"powershell -Command ". { iwr -useb https://omnitruck.chef.io/install.ps1 } | iex; install -version ${ var.chef_client_version } ",
"powershell -Command ". iwr -useb https://github.com/git-for-windows/git/releases/download/v2.14.1.windows.1/Git-2.14.1-64-bit.exe -OutFile C:\chef\repo\git_installer.exe ",
"c:\chef\repo\git_installer.exe /SILENT /COMPONENTS="icons,ext\reg\shellhere,assoc,assoc_sh"",
"set path=%path%;c:\opscode\chef\bin\;c:\opscode\chef\embedded\bin\;C:\Program Files\Git\cmd\",
"set git_ssl_no_verify=true",
"setx path %path%",
"cmd /c "gem install berkshelf && exit"",
"cmd /c "berks vendor c:\chef\repo\cookbooks -b c:\chef\repo\Berksfile && exit"",
"chef-client --local-mode -r recipe[${ var.cookbook }::${ var.recipe }] --config-option cookbook_path=c:\chef\repo\cookbooks""
]
}
Note that the script (for windows) includes some “magic” lines where the actualy command is wrapped in "cmd /c "&& exit"". This is because bers returns an unexpected exit code that terminates the remote-exec connection. The wrapper ensures a proper exit code so that the execution continues.
Kind regards,
Dan-Joe Lopez
Visit Topic or reply to this email to respond.
You are receiving this because you enabled mailing list mode.
To unsubscribe from these emails, click here.
“how do the cookbooks get to the new client?”-
berks vendor c:\chef\repo\cookbooks -b c:\chef\repo\Berksfile - In the remote_exec provisioner of the null_resource
“I wanted to test my cookbooks on temporary servers that are spun up via terraform…” -
test-kitchen has a whole suite of “drivers” to interface with different environments. Correct me if I’m wrong here, but it sounds like you just need the right driver for test-kitchen. In this way, terraform and test-kitchen are very similar: they both instantiate virtual instances via add-on tools (providers/drivers respectively).
Where terraform can be used to additionally configure the networking, security groups, users, etc. test-kitchen’s use case is more for testing chef cookbooks (creating instances fro them to run on, provisioning them with chef, converging them with your cookbook, and testing them with inspec). There are a bunch of drivers available to test-kitchen. You might take a look in the test-kitchen org on GitHub to see some of the available drivers and their configurations.
I guess the core question is where are your temporary servers located (AWS, GC, Azure, and openstack instance, a private ec2 instance, etc.)?
I'm using Oracle Cloud Infrastructure (OCI) - . There is a Terraform provider already for OCI, and there is a knife plugin for OCI. I'm using the Terraform provisioners for OCI and Chef in my lab environment with a self-hosted chef server.
I wanted to re-use those same terraform templates to spin up the VMs with block storage, but wanted to cut out the need for the chef server cookbook upload via knife that I'd been doing to my chef server.
Is there a generic test-kitchen driver for a cloud based ssh accessible vm? If I had to, I could separate the steps into two... Terraform to provision the VM and something else to point test-kitchen toward that fresh vm.
Or, since the chef server is really only my personal chef server anyway, I could just continue to use the Terraform OCI provider and chef provider to provision chef and infrastructure that registers with a Chef Server I have.
I was working through chef training and wanted to experiment with test-kitchen using the cloud based environment I had access to.
I could switch to Vagrant/Virtual Box to get a better sense of Test Kitchen as well, but just didn't want to do stuff locally on my laptop.
Job
Dan-Joe
December 18 |
“how do the cookbooks get to the new client?”-
berks vendor c:\chef\repo\cookbooks -b c:\chef\repo\Berksfile - In the remote_exec provisioner of the null_resource
“I wanted to test my cookbooks on temporary servers that are spun up via terraform…” -
test-kitchen has a whole suite of “drivers” to interface with different environments. Correct me if I’m wrong here, but it sounds like you just need the right driver for test-kitchen. In this way, terraform and test-kitchen are very similar: they both instantiate virtual instances via add-on tools (providers/drivers respectively).
Where terraform can be used to additionally configure the networking, security groups, users, etc. test-kitchen’s use case is more for testing chef cookbooks (creating instances fro them to run on, provisioning them with chef, converging them with your cookbook, and testing them with inspec). There are a bunch of drivers available to test-kitchen. You might take a look in the test-kitchen org on GitHub to see some of the available drivers and their configurations.
I guess the core question is where are your temporary servers located (AWS, GC, Azure, and openstack instance, a private ec2 instance, etc.)?
Visit Topic or reply to this email to respond.
In Reply To
jobmiller
December 18 |
Hey Guys, Thanks for the info. Let me clarify a bit. I want to use test kitchen to test my chef cookbooks. I wanted to test my cookbooks on temporary servers that are spun up via terraform also by test kitchen. I’ve got the terraform-kitchen plugin working, but if it is just for provisioning/…
Visit Topic or reply to this email to respond.
You are receiving this because you enabled mailing list mode.
To unsubscribe from these emails, click here.
It looks like that knife-oci pugin is written by Oracle, but they don’t have a test-kitchen driver. You are kinda stuck with your options here. You can either
The only other option that I see, would be (if OCI supports V-in-V) to setup a test landscape in OCI by running another virtualization technology (ESXi, Hyper-v, etc.), and having test-kitchen use that for your cookbook testing.
The chefdk bootstrap on a windows 7 machine doesn’t seem to work.
I’m not savvy enough to debug what is supposed to be a simple bootstrap script for a workstation.
I looked at the powershell script a bit, and tried too see if i could get anymore info out of why it was failing to resolve dependencies by isolating that piece, creating the Berksfile like the script does and running that bit manually with debug.
It produced this, but that doesn’t help me. I can install the pieces manually, but the idea of the bootstrap script was that it would hopefully make the local setup easy.
C:\opscode\chefdk> berks install -dI, [2017-12-20T10:43:01.568596 #11112] INFO – : Reducing lockfileD, [2017-12-20T10:43:01.568596 #11112] DEBUG – : Current lockfile:D, [2017-12-20T10:43:01.569596 #11112] DEBUG – :D, [2017-12-20T10:43:01.570596 #11112] DEBUG – : DEPENDENCIESD, [2017-12-20T10:43:01.570596 #11112] DEBUG – :D, [2017-12-20T10:43:01.571596 #11112] DEBUG – : GRAPHD, [2017-12-20T10:43:01.571596 #11112] DEBUG – :D, [2017-12-20T10:43:01.572596 #11112] DEBUG – : Unlocking dependencies no longer in the BerksfileD, [2017-12-20T10:43:01.572596 #11112] DEBUG – : Removing transitive dependenciesD, [2017-12-20T10:43:01.573596 #11112] DEBUG – : Checking chefdk_bootstrap (>= 0.0.0)D, [2017-12-20T10:43:01.573596 #11112] DEBUG – : Skipping (not graphed)D, [2017-12-20T10:43:01.574597 #11112] DEBUG – : New lockfile:D, [2017-12-20T10:43:01.575597 #11112] DEBUG – :D, [2017-12-20T10:43:01.575597 #11112] DEBUG – : DEPENDENCIESD, [2017-12-20T10:43:01.576597 #11112] DEBUG – :D, [2017-12-20T10:43:01.576597 #11112] DEBUG – : GRAPHD, [2017-12-20T10:43:01.577597 #11112] DEBUG – :Resolving cookbook dependencies…I, [2017-12-20T10:43:01.578597 #11112] INFO – : Checking if lockfile is trustedD, [2017-12-20T10:43:01.579597 #11112] DEBUG – : Checking chefdk_bootstrap (>= 0.0.0)D, [2017-12-20T10:43:01.579597 #11112] DEBUG – : Not in lockfile - cannot be trusted!I, [2017-12-20T10:43:01.580597 #11112] INFO – : Installing from universeD, [2017-12-20T10:43:01.580597 #11112] DEBUG – : Creating a resolverFetching cookbook index from https://supermarket.chef.io…D, [2017-12-20T10:43:03.750721 #11112] DEBUG – : Starting resolution…D, [2017-12-20T10:43:04.377757 #11112] DEBUG – : Using ‘chefignore’ at ‘C:/Users/jmiller/.berkshelf/cookbooks/seven_zip-2.0.1/chefignore’The dependency constraints could not be solved in the time allotted.Unable to find a solution for demands: chefdk_bootstrap (>= 0.0.0) C:/opscode/chefdk/embedded/lib/ruby/gems/2.4.0/gems/berkshelf-6.3.1/lib/berkshelf/resolver.rb:85:in rescue in resolve' C:/opscode/chefdk/embedded/lib/ruby/gems/2.4.0/gems/berkshelf-6.3.1/lib/berkshelf/resolver.rb:75:inresolve’ C:/opscode/chefdk/embedded/lib/ruby/gems/2.4.0/gems/berkshelf-6.3.1/lib/berkshelf/installer.rb:181:in install_from_universe' C:/opscode/chefdk/embedded/lib/ruby/gems/2.4.0/gems/berkshelf-6.3.1/lib/berkshelf/installer.rb:43:inrun’ C:/opscode/chefdk/embedded/lib/ruby/gems/2.4.0/gems/berkshelf-6.3.1/lib/berkshelf/berksfile.rb:426:in install' C:/opscode/chefdk/embedded/lib/ruby/gems/2.4.0/gems/berkshelf-6.3.1/lib/berkshelf/cli.rb:140:ininstall’ C:/opscode/chefdk/embedded/lib/ruby/gems/2.4.0/gems/thor-0.19.1/lib/thor/command.rb:27:in run' C:/opscode/chefdk/embedded/lib/ruby/gems/2.4.0/gems/thor-0.19.1/lib/thor/invocation.rb:126:ininvoke_command’ C:/opscode/chefdk/embedded/lib/ruby/gems/2.4.0/gems/thor-0.19.1/lib/thor.rb:359:in dispatch' C:/opscode/chefdk/embedded/lib/ruby/gems/2.4.0/gems/berkshelf-6.3.1/lib/berkshelf/cli.rb:49:indispatch’ C:/opscode/chefdk/embedded/lib/ruby/gems/2.4.0/gems/thor-0.19.1/lib/thor/base.rb:440:in start' C:/opscode/chefdk/embedded/lib/ruby/gems/2.4.0/gems/berkshelf-6.3.1/lib/berkshelf/cli.rb:25:inexecute!’ C:/opscode/chefdk/embedded/lib/ruby/gems/2.4.0/gems/berkshelf-6.3.1/bin/berks:5:in <top (required)>' C:/opscode/chefdk/bin/berks:267:inload’ C:/opscode/chefdk/bin/berks:267:in `'C:\opscode\chefdk>
any ideas?
Hi Job,
I’m not clear if your question is related to the remote_exec script that I mentioned, or something else.
I tried to look through the output you provided, it seems like you might have a lockfile that is causing some trouble. You might try berks update instead of berks install?
I've been doing all my development work in a cloud based vm. I was going to move that to my windows laptop and attempted to use the chefdk bootstrap process that installs atom, vagrant, vbox, etc.
that script fails. i can install stuff manually, just thought it would be nice if the bootstrap process worked OOTB.
Job
Dan-Joe
December 20 |
Hi Job,
I’m not clear if your question is related to the remote_exec script that I mentioned, or something else.
I tried to look through the output you provided, it seems like you might have a lockfile that is causing some trouble. You might try berks update instead of berks install?
Visit Topic or reply to this email to respond.
You are receiving this because you enabled mailing list mode.
To unsubscribe from these emails, click here.