About chef-repo
The chef-repo is a directory on your workstation that stores everything you need to define your infrastructure with Chef Infra:
- Cookbooks (including recipes, attributes, custom resources, libraries, and templates)
- Data bags
- Policyfiles
The chef-repo directory should be synchronized with a version control system, such as git. All of the data in the chef-repo should be treated like source code.
You’ll use the chef
and knife
commands to upload data to the Chef
Infra Server from the chef-repo directory. Once uploaded, Chef Infra
Client uses that data to manage the nodes registered with the Chef Infra
Server and to ensure that it applies the right cookbooks, policyfiles,
and settings to the right nodes in the right order.
Generate the chef-repo
Use the chef generate repo command to create your chef-repo directory along with the base folder structure. This command uses the chef
command-line tool that is packaged as part of Chef Workstation to create a chef-repo.
chef generate repo REPO_NAME
Note
chef generate repo
generates a chef-repo that is configured for Policyfiles by default. To create a repository that is setup for Roles and Environments use the --roles
flag when running the command.Directory structure
The chef-repo contains several directories, each with a README file that describes what it’s for and how to use that directory when managing systems.
The default structure of a new chef-repo is:
. chef-repo
├── LICENSE
├── README.md
├── chefignore
├── cookbooks
│ ├── README.md
│ └── example
│ ├── README.md
│ ├── attributes
│ │ ├── README.md
│ │ └── default.rb
│ ├── metadata.rb
│ └── recipes
│ ├── README.md
│ └── default.rb
├── data_bags
│ ├── README.md
│ └── example
│ ├── README.md
│ └── example_item.json
└── policyfiles
└── README.md
cookbooks
The cookbooks
directory contains cookbooks that configure systems in the infrastructure which are are downloaded from the Chef Supermarket or created locally. The Chef Infra Client uses cookbooks to configuring the systems in the organization. Each cookbook can be configured to contain cookbook-specific copyright, email, and license data.
data_bags
The data_bags
directory is used to store all the data bags that exist for an organization. Each sub-directory corresponds to a single data bag on the Chef Infra Server and contains a JSON file corresponding to each data bag item.
policyfiles
The policyfiles
directory is used to store Policyfiles in the .rb
format that define the set of cookbooks and attributes to apply to specific systems managed by the Chef Infra Server.
chefignore
A chefignore
file tells knife which cookbook files in the chef-repo it should ignore when uploading data to the Chef Infra Server.
Include swap files, version control data, and build output data in a chefignore
file.
The chefignore
file has the following rules:
- Patterns use
*
,**
, and?
wildcards to match files and directories as defined by theFile.fnmatch
Ruby method. - A pattern is relative to the directory it’s included in.
- A pattern may contain relative directory names.
- A pattern may match all files in a directory.
- You can add a
chefignore
file to any subdirectory of a chef-repo. For example,/
,/cookbooks
,/cookbooks/COOKBOOK_NAME/
, etc. - Lines that start with
#
are comments.
Group types of ignored files in sections similar to the following:
## OS generated files
*ignore_pattern
## Editors
another_ignore_pattern*
See Ruby’s File.fnmatch
documentation for information on creating matching file patterns.
Examples
Many text editors leave files behind. To prevent knife from uploading these files to the Chef Infra Server, add an entry to the chefignore
file.
For Emacs backup files:
*~
and for Vim swap files:
*.sw[a-z]
Many Users, Same Repo
The config.rb configuration can include arbitrary Ruby code to extend configuration beyond static values. This can be used to load environmental variables from the workstation. This makes it possible to write a single config.rb file that can be used by all users within your organization. This single file can also be checked into your chef-repo, allowing users to load different config.rb files based on which chef-repo they execute the commands from. This can be especially useful when each chef-repo points to a different chef server or organization.
Example config.rb:
current_dir = File.dirname(__FILE__)
user = ENV['CHEF_USER'] || ENV['USER']
node_name user
client_key "#{ENV['HOME']}/chef-repo/.chef/#{user}.pem"
chef_server_url "https://api.opscode.com/organizations/#{ENV['ORGNAME']}"
syntax_check_cache_path "#{ENV['HOME']}/chef-repo/.chef/syntax_check_cache"
cookbook_path ["#{current_dir}/../cookbooks"]
cookbook_copyright "Your Company, Inc."
cookbook_license "Apache-2.0"
cookbook_email "cookbooks@yourcompany.com"
# Amazon AWS
knife[:aws_access_key_id] = ENV['AWS_ACCESS_KEY_ID']
knife[:aws_secret_access_key] = ENV['AWS_SECRET_ACCESS_KEY']