Introduction to CHEF on AIX
It’s a short introduction on how to use CHEF on AIX. It’s mainly targeted at people wondering what is actually possible to do with CHEF on AIX. The official client is really good but it’s features are not well known. So I thought about showing them here.
introduction
I will mainly focus on this post on what is possible to do with the CHEF client package. So I will only use chef-solo which allow us to work without a chef server. So I will skip a lot of the great features of CHEF but it will simplify a lot the explanations.
CHEF installation
You need to download the CHEF client on the official website :
The client is the same for AIX 6.1 and AIX 7.1.
It’s a bff package named chef-12.4.1-1.powerpc.bff.
You install it like any standard package :
inutoc .
installp -acXYd . chef
...
+-----------------------------------------------------------------------------+
Summaries:
+-----------------------------------------------------------------------------+
Installation Summary
--------------------
Name Level Part Event Result
-------------------------------------------------------------------------------
chef 12.4.1.1 USR APPLY SUCCESS
chef 12.4.1.1 ROOT APPLY SUCCESS
Binaries are installed in /opt/chef/bin. It’s a good idea to add it in your PATH :
export PATH=$PATH:/opt/chef/bin
environment setup
Let’s setup a directory where to store the cookbooks and recipes used by CHEF.
Here it will be a directory in /tools filesystem. The first cookbook will be named aixtest :
mkdir -p /tools/chef/cookbooks/aixtest/recipes
chef-solo
chef-solo will be used to run in standalone mode on the AIX system.
chef-solo needs a configuration file to know where are the cookbooks. So let’s create a file named /tools/chef/solo.rb with this configuration :
cookbook_path "/tools/chef/cookbooks"
It need a json file to specify what tasks will be performed.Create a file firstrun.json :
{
"run_list": [ "recipe[aixtest]" ]
}
So to run the first recipe, the command will be :
chef-solo -c /tools/chef/solo.rb -j /tools/chef/firstrun.json
first recipe
The first recipe will be named /tools/chef/cookbooks/aixtest/recipes/default.rb.
In the following sections, we will add actions to see the different resources available in standard in the chef package.
adding a user
It’s a good first step :) The user account will be created using the user resource:
user 'adejoux' do
comment 'Alain Dejoux'
uid 1234
gid 'sys'
home '/home/adejoux'
shell '/usr/bin/ksh'
password 'zbpkcVZ.1okhk'
supports :manage_home => true
end
Note: In this example, I kept the crypt method for password encryption but you should definitely use something better like sha.
Note2: Thanks to Donal to inform I forgot supports to create the user home directory :)
So let’s run chef-solo and see what happens :
root@adxlpar2(/root)# chef-solo -c /tools/chef/solo.rb -j /tools/chef/firstrun.json
Starting Chef Client, version 12.4.1
Compiling Cookbooks...
Converging 1 resources
Recipe: aixtest::default
* user[adejoux] action create
- create user adejoux
Running handlers:
Running handlers complete
Chef Client finished, 1/1 resources updated in 5.154866 seconds
no LVM management ?
Nice modules for managing aix LVM are still not available but it’s not mandatory at all.
We have the execute resource which allow us to run any commands we want.
So let’s create a logical volume :
execute 'Create tools2lv LV' do
command 'mklv -t jfs2 -y tools2lv rootvg 1G'
creates '/dev/tools2lv'
end
And the output :
Starting Chef Client, version 12.4.1
Compiling Cookbooks...
Converging 2 resources
Recipe: aixtest::default
* user[adejoux] action create (up to date)
* execute[Create tools2lv LV] action run
- execute mklv -t jfs2 -y tools2lv rootvg 1G
Running handlers:
Running handlers complete
Chef Client finished, 1/2 resources updated in 5.608437 seconds
It’s really important to have a recipe which can be run multiple times on one system with the same result. It’s what means to be idempotent.
So here we added the creates attribute. It will check if the “file” /dev/tools2lv exists and will run the command only if this file is not already existing.
So the output when running chef-solo again is :
Starting Chef Client, version 12.4.1
Compiling Cookbooks...
Converging 2 resources
Recipe: aixtest::default
* user[adejoux] action create (up to date)
* execute[Create tools2lv LV] action run (up to date)
Running handlers:
Running handlers complete
Chef Client finished, 0/2 resources updated in 4.935229 seconds
To create the filesystem, we use the same resource :
execute 'Create /tools2 FS' do
command 'crfs -v jfs2 -A yes -m /tools2 -d tools2lv'
creates '/tools2'
end
mount a filesystem
To mount a filesystem, it’s possible to use the execute resource but it’s not so convenient to have to choose a file to check with creates.
Luckily the mount resource work well on AIX :
mount '/tools2' do
device '/dev/tools2lv'
fstype 'jfs2'
end
install a bff package
Here again the package resource fully support AIX :
package 'install vopt_manager' do
package_name 'vopt_manager.rte'
source '/tools/vopt_manager.1.0.0.0.bff'
end
In source you can specify a directory where a .toc file was generated or directly the bff file itself. It’s the standard installp command.
install a rpm package
For rpm format, it’s almost the same but you need to use rpm_package instead.
rpm_package 'fio' do
source '/tools/fio-2.1.12-1.aix5.3.ppc.rpm'
end
managing AIX services
Let guess what ? Yes, the service resource fully support AIX too.
A simple example where sshd is restarted :
service 'sshd' do
action :restart
end
recipe execution
When runnning it the first time :
chef-solo -c solo.rb -j test.json
Starting Chef Client, version 12.4.1
Compiling Cookbooks...
Converging 8 resources
Recipe: aixtest::default
* user[adejoux] action create
- create user adejoux
* execute[Create tools2lv LV] action run
- execute mklv -t jfs2 -y tools2lv rootvg 1G
* execute[Create /tools2 FS] action run
- execute crfs -v jfs2 -A yes -m /tools2 -d tools2lv
* mount[/tools2] action mount
- mount /dev/tools2lv to /tools2
* rpm_package[zlib] action install
- install version 1.2.7-1 of package zlib
* rpm_package[fio] action install
- install version 2.1.12-1 of package fio
* package[install vopt_manager] action install
- install version 1.0.0.0 of package vopt_manager.rte
* service[sshd] action restart
- restart service service[sshd]
Running handlers:
Running handlers complete
Chef Client finished, 8/8 resources updated in 7.990516 seconds
When running it again :
Starting Chef Client, version 12.4.1
Compiling Cookbooks...
Converging 8 resources
Recipe: aixtest::default
* user[adejoux] action create (up to date)
* execute[Create tools2lv LV] action run (up to date)
* execute[Create /tools2 FS] action run (up to date)
* mount[/tools2] action mount (up to date)
* rpm_package[zlib] action install (up to date)
* rpm_package[fio] action install (up to date)
* package[install vopt_manager] action install (up to date)
* service[sshd] action restart
- restart service service[sshd]
Running handlers:
Running handlers complete
Chef Client finished, 1/8 resources updated in 6.843585 seconds
It’s important to be able to run multiple times the same recipe.
Note: only ssh restart is performed again because no condition was set on this task execution.
the end
I hope this short introduction make you want to test CHEF on AIX. And showed you than it’s not so complex to use.
To go further on automation with AIX, I recommend to check the AIX cookbook :
It’s adding a lot of new resources to manage AIX.
Another great example of automation on AIX with CHEF is :
It will give you a good idea of what the capabilities of CHEF. Hope you will have fun :)