Base Role

First, let's add a base role that we will apply to every server that we provision with chef. In our company, it is our policy to install NTP on every server so that we can ensure that all servers have the correct time; not only does this make it easier to match up log files in the future, this prevents problems (that are often hard to diagnose) between servers. We also set all server timezones to UTC so that we can easily match up log files on different servers (you never want to have to convert between Pacific Time and Mountain Time and then worry about Daylight Saving Time on top of it all). Luckily, these are pretty common policies and I was able to find cookbooks for these on the Community Cookbook Site. Both had good documentation in their README files, which made it easy to create a run list and attributes for the role (see below).

You will need to create the file roles/base.rb:

name 'base'
description 'Role applied to all servers'
run_list 'recipe[ntp]',
         'recipe[timezone-ii]'
default_attributes(
  'ntp' => {
    'servers' => ['0.pool.ntp.org', '1.pool.ntp.org', '2.pool.ntp.org', '3.pool.ntp.org']
  },
  'timezone-ii' => {
    'tz' => 'UTC'
  }
)

This ensures that servers started with this 'base' role will have ntp installed and configured with ntp.org's pool of servers. It also makes sure that the server's timezone is set to UTC.

To upload this role to your chef server, simply run this command: knife role from file roles/base.rb.

Community Cookbooks

We will be using Librarian-Chef to help us manage the cookbooks that our chef-repo depends on.

Simply tell Librarian-Chef which cookbooks need to be downloaded and where to download them from. To do so, edit the Cheffile in your repository:

#!/usr/bin/env ruby
    
site 'http://community.opscode.com/api/v1'
    
cookbook 'ntp',
   :git => 'https://github.com/opscode-cookbooks/ntp',
   :ref => '1.3.2'
    
cookbook 'timezone-ii',
   :git => 'https://github.com/L2G/timezone-ii',
   :ref => '0.2.0'

Now that Librarian-Chef knows which cookbooks you need and how to find them, simply run librarian-chef install to download the cookbook. You can then upload all of the cookbooks to your chef server at the same time with knife cookbook upload --all or you can upload a specific cookbook with knife cookbook upload ntp for example.

Environments

Finally, lets create some environments so that we can configure servers differently if we need to in the future (for example, opscode may update their 'ntp' cookbook in the future, but we want to test it in our dev/test/staging environments before we trust it on our production servers). Our company uses the following environments: development, test, staging, and production; however, you can create environments for whatever makes sense for you.

Here is an example environment file environments/development.rb:

name 'development'
description 'The development environment'
cookbook "ntp", "1.3.2"
cookbook "timezone-ii", "0.2.0"

You will want to create additional environments to match your needs.

You can upload environments to your chef server with the following command: knife environment from file environments/development.rb. If you want to upload all environments at the same time, you can use a simple for loop to upload all of them for you: for env in $(ls environments/*.rb); do knife environment from file ${env}; done.

Testing

Let's make sure everything works as expected... First, spin up a virtual machine: vagrant up precise32. Now connect to the virtual machine: vagrant ssh precise32.

Now lets make some changes:

# See what the date is currently with the `date` command:
vagrant@precise32:~$ date
Fri Jul 26 17:34:55 UTC 2013

# Make sure that ntp isn't installed
vagrant@precise32:~$ sudo apt-get -y purge ntp
...

# You will need to reboot to reprofile ureadahead
vagrant@precise32:~$ sudo reboot
...

# Let's change the timezone interactively
vagrant@precise32:~$ sudo dpkg-reconfigure tzdata

Current default time zone: 'US/Mountain'
Local time is now:      Fri Jul 26 11:48:28 MDT 2013.
Universal Time is now:  Fri Jul 26 17:48:28 UTC 2013.

# Now you can change the date/time
vagrant@precise32:~$ sudo date 080912302013
...

# And now you can see that we have the server set to a different timezone with an incorrect date:
vagrant@precise32:~$ date
Fri Aug  9 12:30:02 MDT 2013

Okay, so now that our server is ready to test, let's log out of the virtual machine and go back to our chef repository so we can apply the base role to this server: knife bootstrap localhost --ssh-user vagrant --ssh-password vagrant --ssh-port 2222 --run-list 'role[base]' --sudo

This should get chef up and running on your VM and apply the 'base' role to the server. You should now be able to connect to your VM and issue the date command to see that the correct date has been applied and that the timezone is set to UTC again.

If everything looks good, you can destroy your VM: vagrant destroy precise32... This should clean everything up on your machine and on the chef server.