How to install and configure Chef Cookbook: users to manage users

February 11, 2014

This article will cover the basics of installing a Chef Cookbook to perform an automated infrastructure task, in this case managing users with the Chef Cookbook users. This article builds off the article “How to install Chef Configuration Management Server Workstation and Node”.

*These steps are completed on your Chef Workstation

Add some basic information to your knife.rb file

vim ~/chef-repo/.chef/knife.rb
 
cookbook_path ["./"]
cookbook_copyright "copyright-entity"
cookbook_license "apachev2"
cookbook_email "your-email@host.com"

Install the Berkshelf Ruby Gem

gem install berkshelf

Configure your cookbook info into a Berksfile

cookbook 'user_mg', path: './cookbooks/user_mg'

Create a cookbook user_mg

knife cookbook create user_mg

Create a users data bag

knife data bag create users
 
cd ~/chef-repo/
mkdir data_bags/users

Create your user info in your users data bag (You can more then one user by repeating this step)
*see documentation for users cookbook for more options

vim ~/chef-repo/data_bags/users/some-user.json
 
{
  "id": "some-user",
  "ssh_keys": [
    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQ-user-pubkey"
  ],
  "groups": [ "devops" ],
  "shell": "\/bin\/bash"
}

Add a depends entry and other metadata for your user_mg cookbook

vim ~/chef-repo/cookbooks/user_mg/metadata.rb
 
name             'user_mg'
maintainer       'maintainer-name'
maintainer_email 'your-email@host.com'
license          'Apache 2.0'
description      'Installs/Configures user_mg'
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
version          '0.1.1'
 
depends "users"

Create a recipe for your user_mg cookbook in the default.rb
*see documentation for users cookbook for more options

vim ~/chef-repo/cookbooks/user_mg/recipes/default.rb
 
include_recipe "users"
 
users_manage "devops" do
  action [ :remove, :create ]
end

Check your changes into git

git add ~/chef-repo/cookbooks/*
git add ~/chef-repo/data_bags/*
git commit -m'Added users cookbook and databag'

Include your users data bag file some-user.json (*Run this for each user if more then one)

knife data bag from file users some-user.json

Use Berkshelf to install and upload your changes

berks install
berks upload

Add your cookbook recipes to your node

knife node run_list add your-node.com users
knife node run_list add your-node.com user_mg

*If you need to remove a cookbook recipe ever you can run

knife node run_list remove your-node.com recipe[users]

*If you change data bag data run this

knife data bag from file users some-user.json

*If you need to delete a item in the data bag run this

knife data bag delete users some-user

*If you update the recipe update your Cookbook Version

vim ~/chef-repo/cookbooks/user_mg/metadata.rb

Hope this helps you get an idea on how to implement a Chef Cookbook!

Comments for “How to install and configure Chef Cookbook: users to manage users”

  1. Giorgos Saslis commented on November 20, 2014

    I had some trouble using the ‘ssh_keys’ attribute when using the users cookbook…
    When my user.json did NOT include a ‘gid’ attribute, I was getting an error:

    template[/home/giorgos/.ssh/authorized_keys] (/tmp/vagrant-chef-3/chef-solo-1/cookbooks/users/providers/manage.rb line 121) had an error: Chef::Exceptions::GroupIDNotFound: cannot determine group id for ‘giorgos’, does the group exist on this system?

    (https://github.com/opscode-cookbooks/users/blob/master/providers/manage.rb#L121)

    The template resource was not able to find the group id…
    So, I tried including a ‘gid’ attribute, only this time:

    ==> default: Chef::Exceptions::User
    ==> default: ———————-
    ==> default: user[giorgos] (/tmp/vagrant-chef-3/chef-solo-1/cookbooks/users/providers/manage.rb line 94) had an error: Chef::Exceptions::User: Couldn’t lookup integer GID for group name 7000

    …leaving me no choice but to change the source code:

    This is all on an OpenSUSE 13.1 VM, so it probably works on other OS, but I thought I might save someone else some time if they come across this post…

Leave a Reply