pantry - Manage resources for chef-solo
version 0.005
$ mkdir my-project $ cd my-project $ pantry init $ pantry create node foo.example.com $ pantry list nodes $ pantry apply node foo.example.com --recipe nginx $ pantry apply node foo.example.com --default nginx.port=80 $ pantry sync node foo.example.com
pantry is a utility to make it easier to manage a collection of computers with the configuration management tool chef-solo http://wiki.opscode.com/display/chef/Chef+Solo
pantry
Arguments to the pantry command line tool follow a regular structure:
$ pantry VERB [[NOUN] [ARGUMENTS...]]
See the following sections for details and examples by topic.
$ pantry init
This initializes a pantry in the current directory. Currently, it just creates some directories for use storing cookbooks, node data, etc.
$ pantry list nodes $ pantry list roles
Prints to STDOUT a list of nodes or roles managed within the pantry.
In this section, when a node NAME is required, the name is expected to be a valid DNS name or IP address. The name will be converted to lowercase for consistency. When referring to an existing node, you may often abbreviate it to a unique prefix, e.g. "foo" for "foo.example.com".
Also, whenever a command takes a single 'node NAME' target, you may give a single dash ('-') as the NAME and the command will be run against a list of nodes read from STDIN.
You can combine this with the pantry list command to do batch operations. For example, to sync all nodes:
pantry list
$ pantry list nodes | pantry sync node -
$ pantry create node NAME
Creates a node configuration file for the given NAME.
NAME
$ pantry rename node NAME DESTINATION
Renames a node to a new name. The old node data file is renamed. The NAME must exist.
$ pantry delete node NAME
Deletes a node. The NAME must exist. Unless the --force or -f options are given, the user will be prompted to confirm deletion.
--force
-f
$ pantry show node NAME
Prints to STDOUT the JSON data for the given NAME.
$ pantry apply node NAME --recipe nginx --role mail --default nginx.port=80
Applies recipes, roles or attributes to the given NAME.
To apply a role to the node's run_list, specify --role role or -R role. May be specified multiple times to apply more than one role. Roles will be appended to the run_list before after any existing entries but before any recipes specified in the same command.
run_list
--role role
-R role
To apply a recipe to the node's run_list, specify --recipe RECIPE or -r RECIPE. May be specified multiple times to apply more than one recipe.
--recipe RECIPE
-r RECIPE
To apply an attribute to the node, specify --default KEY=VALUE or -d KEY=VALUE. If the KEY has components separated by periods (.), they will be interpreted as subkeys of a multi-level hash. For example:
--default KEY=VALUE
-d KEY=VALUE
KEY
.
$ pantry apply node NAME -d nginx.port=80
will be added to the node's data structure like this:
{ ... # other node data nginx => { port => 80 } }
If the VALUE contains commas, the value will be split and serialized as an array data structure. For example:
VALUE
$ pantry apply node NAME -d nginx.port=80,8080
{ ... # other node data nginx => { port => [80, 8080] } }
Both KEY and VALUE support periods and commas (respectively) to be escaped by a backslash.
N.B. While the term --default is used for command line consistency, attributes set on nodes actually have what Chef terms "normal" precedence.
--default
$ pantry strip node NAME --recipe nginx --role mail --default nginx.port
Strips recipes, roles or attributes from the given NAME.
To strip a role to the node's run_list, specify --role role or -R role. May be specified multiple times to strip more than one role.
To strip a recipe to the node's run_list, specify --recipe RECIPE or -r RECIPE. May be specified multiple times to strip more than one recipe.
To strip an attribute from the node, specify --default KEY or -d KEY. The KEY parameter is interpreted and may be escaped just like in apply, above.
--default KEY
-d KEY
apply
$ pantry sync node NAME
Copies cookbooks and configuration data to the NAME node and invokes chef-solo via ssh to start a configuration run. After configuration, the latest run-report for the node is updated in the 'reports' directory of the pantry.
chef-solo
ssh
$ pantry edit node NAME
Invokes the editor given by the environment variable EDITOR on the configuration file for the name node.
EDITOR
name
The resulting file must be valid JSON in a form acceptable to Chef. Generally, you should use the apply or strip commands instead of editing the node file directly.
strip
In this section, when a role NAME is required, any name without whitespace is acceptable. The name will be converted to lowercase for consistency. When referring to an existing role, you may often abbreviate it to a unique prefix, e.g. "web" for "webserver".
Also, whenever a command takes a single 'node NAME' target, you may give a single dash ('-') as the NAME and the command will be run against a list of roles read from STDIN.
You can combine this with the pantry list command to do batch operations. For example, to add a recipe to all roles:
$ pantry list roles | pantry apply role - --recipe ntp
These commands work the same as they do for nodes. The difference is that you must specify the 'role' type:
$ pantry create role web $ pantry show role web
The apply and strip commands have slight differences, as roles have two kinds of attributes, "default attributes" (--default or -d) and "override attributes" (--override or -O), with slightly different precedence.
-d
--override
-O
$ pantry apply role NAME -d nginx.user=nobody -O nginx.port=80 $ pantry strip role NAME -d nginx.user -O nginx.port
The --recipe (-r) and --role (-R) arguments work the same as for nodes. Note that roles can have other roles in their run_list.
--recipe
-r
--role
-R
When Chef merges attribute, the role default attribute has the lower precedence than node attributes. Override attributes have higher precedence than node attributes. Yes, this is a gross simplification of how Chef does it. See Chef docs for more: http://wiki.opscode.com/display/chef/Attributes
$ pantry commands
This gives a list of all pantry commands with a short description of each.
$ pantry help COMMAND
This gives some detailed help for a command, including the options and arguments that may be used.
pantry relies on OpenSSH for secure communications with managed nodes, but does not manage keys itself. Instead, it expects the user to manage keys using standard OpenSSH configuration and tools.
The user should specify SSH private keys to use in the ssh config file. One approach would be to use the IdentityFile with a host-name wildcard:
IdentityFile
IdentityFile ~/.ssh/identities/id_dsa_%h
This would allow a directory of host-specific identities (which could all be symlinks to a master key). Another alternative might be to create a master key for each environment:
IdentityFile ~/.ssh/id_dsa_dev IdentityFile ~/.ssh/id_dsa_test IdentityFile ~/.ssh/id_dsa_prod
pantry also assumes that the user will unlock keys using ssh-agent. For example, assuming that ssh-agent has not already been invoked by a graphical shell session, it can be started with a subshell of a terminal:
ssh-agent
$ ssh-agent $SHELL
Then private keys can be unlocked in advance of running pantry using ssh-add:
ssh-add
$ ssh-add ~/.ssh/id_dsa_test $ pantry ...
See the documentation for ssh-add for control over how long keys stay unlocked.
In the future, I hope to extend pantry to support some or all of the following:
Chef role creation and application
environments
tagging nodes
searching nodes based on configuration
data bags
cookbook download from Opscode community repository
bootstrapping Chef over ssh
If you are interested in contributing features or bug fixes, please let me know!
Inspiration for this tool came from similar chef-solo management tools. In addition to being implemented in different languages, each approaches the problem in slightly different ways, neither of which fit my priorities. Nevertheless, if you use chef-solo, you might consider them as well:
littlechef http://github.com/tobami/littlechef (Python)
pocketknife http://github.com/igal/pocketknife (Ruby)
David Golden <dagolden@cpan.org>
This software is Copyright (c) 2011 by David Golden.
This is free software, licensed under:
The Apache License, Version 2.0, January 2004
To install Pantry, copy and paste the appropriate command in to your terminal.
cpanm
cpanm Pantry
CPAN shell
perl -MCPAN -e shell install Pantry
For more information on module installation, please visit the detailed CPAN module installation guide.