Berks update fails with ‘Missing artifacts’ error message

When you add cookbooks as dependencies with the “depends” statement to the metadata.rb file of your Chef cookbook, to be able to test your cookbooks in Chef Test Kitchen, you also have to specify the location of those cookbooks in the Berksfile file.

For all the cookbooks that are available on the Chef Supermarket, one line

source "https://supermarket.chef.io"

is sufficient to specify their location. If a cookbook is only available at GitHub, specify the location with

cookbook 'COOKBOOK_NAME', git: 'git@github.com:PATH_TO_COOKBOOK.git'

If the cookbook is available on the local drive of the workstation, specify the path with

cookbook 'COOKBOOK_NAME', path: '../COOKBOOK_FOLDER_NAME'

Use the above relative path if all of your cookbooks are under the same cookbooks directory.

If a reference to a Chef cookbook is missing from the Berksfile file, the following message appears when you execute berks update.

Unable to satisfy constraints on package …, which does not exist, due to solution constraint (… = …). Solution constraints that may result in a constraint on …: [(… = …) -> (… >= …)]
Missing artifacts: ...
Demand that cannot be met: (… = …)
Unable to find a solution for demands: … (…)

Searching in Splunk

When you are building the search criteria, click the field and value in the search result to add it to the search.

 

Wildcard character

  • * (asterisk) one or multiple characters

Exact phrases

  • Use ” (double quotes)

Search for quotes

  • \” (use backslash to escape quotes if you want to search for quotes)

Keywords in the search bar are case sensitive!

Boolean keywords are

  • AND (if omitted, it is implied)
  • OR
  • NOT

Order of boolean evaluation

  1. Inside parentheses ()
  2. NOT
  3. OR
  4. AND

Operators

  • =
  • !=
  • >
  • >=
  • <
  • <=

 

Splunk installation

Install Splunk

  1. Navigate to the Splunk website at splunk.com,
  2. In the upper right corner select the Free Splunk button,
  3. If you don’t yet have a Splunk account, register to create one, otherwise log in,
  4. Select the Free Download in the Splunk Enterprise frame,
  5. Select the tab with the operating system of your machine.

Linux

  1. The simplest way to install Splunk on Linux is with wget in the command line. Click the Download via Command Line (wget) in the upper right corner in the Useful Tools box.
  2. Copy the command to your clipboard from the popup window,
  3. Execute the wget command in a terminal window to download the tar archive,
  4. It is recommended to install Splunk in the opt directory, untar the archive there.
    sudo tar xvzf splunk.tgz –C /opt

Windows

  1. Download the .msi installer for your operating system (32 bit or 64 bit),
  2. Run the installer, follow the prompts, and accept the license agreement,
  3. Use Local System to run Splunk under.

Macintosh OSX

  1. Select the .dmg installer for simpler installation,
  2. Follow the prompts to install the application,
  3. At the end of the installation select Start and Show Splunk to start the application and view the user interface in a browser.

 

To start, stop, and administer Splunk

Linux

  1. In a terminal window navigate to the Splunk bin directory
    cd /opt/splunk/bin
  2. To Start Splunk and accept the license agreement during the first start
    ./splunk start --accept-license
  3. The terminal window displays the Splunk web interface address in the The Splunk web interface is at … line. Open a browser to navigate to the address.
  4. To start, stop, and restart the instance, and get help execute
    ./splunk start
    ./splunk stop
    ./splunk restart
    ./splunk help

Macintosh OSX

  1. In a terminal window navigate to the Splunk bin directory
    cd /Applications/Splunk/bin
  2. To start, stop, and restart the instance, and get help execute
    ./splunk start
    ./splunk stop
    ./splunk restart
    ./splunk help

Logging into Splunk the first time

The initial credentials after installation is
Username: admin
Password; changeme

 

Get AWS SSL Certificate resource ids from existing Load Balancers

To launch an Elastic Load Balancer ( ELB ) with an existing SSL certificate using Terraform, you need to specify the AWS certificate resource id. If you have already uploaded the certificate and attached it to an existing load balancer, the following AWS CLI command will display it in the command window. MY_PROFILE is the name of the profile in the square brackets [] in the ~/.aws/credentials file.

aws elb describe-load-balancers --region MY_AWS_REGION --profile MY_PROFILE |grep SSL

To get all information on the load balancers, just omit the grep command:

aws elb describe-load-balancers --region MY_AWS_REGION --profile MY_PROFILE

Create a server image with Packer

Packer is a free, open source application from Hashicorp. It can generate a server image based on an existing one, and configure it for your special needs. You can use the generated image when you launch a server instance in the cloud or on your local workstation.

Install Packer

Generate the server image with Packer

  1. Open a Bash window,
  2. Navigate to the folder of the Packer JSON script,
  3. Execute the following command. Get the AWS access key and secret key from the ~/.aws/credentials file on your Macintosh or Linux workstation. On Windows, the file is at C:\Users\YOUR_USER_NAME\.aws\credentials.
    packer build -var 'aws_access_key=MY_ACCESS_KEY' -var 'aws_secret_key=MY_SECRET_KEY' ./MY_PACKER_SCRIPT.json
  4. The command window will display the ID of the generated image, or you can find it by name in the EC2 section of the AWS console under AMIs.

Share the generated server image with other cloud accounts

If you work in multiple cloud accounts you need to share the generated server image with other accounts

AWS

  1. Log into the AWS account you have used to generate the server image,
  2. On the left side of the EC2 section select AMI and find the new image by name of ID,
  3. On the Permissions tab click the Edit button,
  4. Make sure the Private radio button is selected if you don’t want to share the image publicly,
  5. Enter the account number of the account you want to share the image with,
  6. Check the Add “create volume” permissions… checkbox,
  7. Click the Add Permission button,
  8. When you have added all accounts to share with, click the Save button.

 

Convert PEM files to PPK to use them in PuTTY

When you create a key in AWS you can download it one time in PEM format. To use it in PuTTY, the free SSH and Telnet client, you have to convert it to PPK format.

To install PuTTY, see the Terminal Emulator section in Recommended utilities for your workstation

To convert a PEM file to PPK

  1. Open a terminal window in the folder of the PEM file
  2. Execute the following
    puttygen MYKEY.pem -o MYKEY.ppk

 

Chef Attributes

Chef attributes are global variables that are available for every cookbook on the node. There are multiple formats to declare and use an attribute. For important notes on the syntax, please see Undefined method or attribute error in a Chef recipe.

To override the value of an attribute that is defined in another cookbook, use the following syntax

node.override['ATTRIBUTE_NAME'] = 'NEW_VALUE'

During compilation, this line will replace the default value of the attribute with the NEW_VALUE.

 

Prevent the auto-termination of stranded instances in RighScale

When you launch an instance with RightScale Self Service, and the Chef cookbook execution fails, the instance goes into “stranded” mode. By default RightScale Self Service terminates the stranded instances, so there is no way to remote into them and read log files to find the cause of the problem.

To keep stranded instances running in RightScale

  1. Find the booting instance in Cloud Management and click the instance name,
  2. Click the lock icon on the top of the screen

RightScale Self Service cannot terminate locked instances. To terminate the instance after the troubleshooting process, unlock the instance and terminate the instance by hand.

Getting started with InSpec

InSpec is an open-source testing framework to verify your infrastructure satisfies the design requirements.

In this article, we will learn to install and use InSpec with Chef.

Install InSpec

  1. Navigate to https://downloads.chef.io/inspec, and download the installer for the operating system of your workstation.
  2. Execute the downloaded installer.

Start to use InSpec

To use InSpec as the default integration testing tool in Chef Test Kitchen

  1. Open the .kitchen.yml file of the cookbook,
  2. Add the following lines to the file:
    verifier:
      name: inspec
  3. Add this to every suite, so InSpec will search for the test files in the test/recipes directory. Otherwise, the test file needs to be in the test/recipes/SUITE_NAME directory
     verifier:
       inspec_tests:
         - test/recipes
  4. Create a folder structure in the cookbook folder for the InSpec integration tests,
    test
    |--recipes
  5. Create an integration test for your recipe. Create a new file in the test/recipes folder and name it RECIPE_NAME_test.rb. For the default recipe call it default_test.rb,
  6. The following is a simple example of an InSpec integration test:
    # # encoding: utf-8
    
    # Inspec test for recipe my_cookbook::default
    
    # The Inspec reference, with examples and extensive documentation, can be
    # found at https://docs.chef.io/inspec_reference.html
    
    unless os.windows?
     describe user('root') do
     it { should exist }
     skip 'This is an example test, replace with your own test.'
     end
    end
    
    describe port(80) do
     it { should_not be_listening }
     skip 'This is an example test, replace with your own test.'
    end

As you can see, the syntax of InSpec is (intentionally) very similar to ServerSpec, that it replaces. It is very easy to convert existing ServerSpec integration tests to InSpec compliance tests.

Differences between ServerSpec and InSpec

ServerSpec “process”

changed from

 describe process('PROCESS_NAME') do
   it { should be_running }
 end

to

describe processes('PROCESS_NAME') do
  its('states') { should eq ['R<'] }
end