Chef Interview Questions DevOps

The cookbook is the fundamental unit of configuration and policy distribution. It contains all the details of a scenario. a scenario and contains everything that is required to support that scenario:

• Recipes that specify the resources to be used and the order in which they are to be applied
• Attribute values
• File distributions
• Templates
• Extensions to Chef

A chef is a powerful automation platform that transforms infrastructure into code. The Chef server is the main component which stores cookbooks, the policies that are applied to nodes, and metadata which has details of the registered nodes which are being managed by the chef-client.

Chef DK workstation is used for user interaction with Chef. In the Workstation users write and test cookbooks using tools and after testing upload to Chef Server using knife command line tools. Also, it provides the below

• Testing tools such as Test Kitchen, ChefSpec, Cook style, and Food critic
• Inspec
• Everything else needed to author cookbooks and upload them to the Chef server

Chef-Client nodes are the machines managed by Chef. It is installed on each node which is required to configure the node to its desired state.

• It acts as a hub for storing configuration data. It is used for storing cooks cookbooks, policies, and metadata which has details of each registered node that is being managed by Chef.
• chef-client accesses the Chef Server from the node on which it’s installed to get configuration data performs searches and pulls down the necessary configuration data.
• After the chef-client run is finished, the chef-client uploads updated run data to the Chef server.

Chef workstation is a computer that has knife configured along with chef-client installed on it. Using knife we can author cookbooks, interact with Chef Server and with the nodes.

Workstation is used for the below purposes.

• Developing and testing cookbooks and recipes
• Testing Chef code
• Synchronize the chef-repo with version source control
• Configure organizational policy and ensuring that critical data is stored in data bags
• Interacting with nodes

• chef-repo is a directory on the workstation that stores Cookbooks, Roles, Databags and environments. 
• It should be synchronized with a version control system, such as git. 
• It consists of multiple directories such as .chef, cookbooks, data_bags, environments and roles that describes the purpose and how to use when managing systems

It describes the steps done by the chef-client when it is configuring a node . The below diagram shows the various stages which occur during a chef-client run.

• It is used for validation -  When the chef-client makes a request to the Chef server, the chef-client authenticates each request using a private key located in /etc/chef/client.pem.
• During the initial chef-client run, the chef-client will register with the Chef server using the private key assigned to the chef-validator, after which the chef-client will obtain a client.pem private key for all future authentication requests to the Chef server.

• It is  is used for communication between the chef-client and the Chef server to ensure that each node has access to the appropriate data.
• When chef-client is run on the node, chef-client authenticates to the Chef Server using an RSA Private key and Chef Server API
• SSL_CERT_FILE environment variable is used  to specify the location for the SSL certificate authority (CA) bundle that is used by the chef-client.

• It is used to verify the state of the SSL certificate which is useful for troubleshooting various issues in chef environment.
• When this command is run, the certificate files that are located in the /.chef/trusted_certs directory are checked to see if they have valid X.509 certificate properties. A warning is returned when certificates do not have valid X.509 certificate properties or if the /.chef/trusted_certs directory does not contain any certificates.

     Syntax :  $ knife ssl check (options)

•  Data Bags are global variables stored as JSON data and is accessible from a Chef server. It is indexed for searching and can be loaded by a recipe or accessed during a search.
• Can be created using 2 methods - using knife commands (recommended) and manual.

For example:

$ knife data bag create DATA_BAG_NAME (DATA_BAG_ITEM)

• Recipes are the fundamental part of cookbooks. 
• It is written in Ruby and contains all information which needs to be run, changed, or created on a node. 
• It is a collection of resources (configuration elements) that determine the configuration or policy of a node.
• It has all details which are required to configure a system
• It must be stored in a cookbook and must be added in the run-list and executed in the order as listed in the run-list

It is an  agent which runs on every node that is managed by  Chef.  It is run to ensure the node into the desired state as given below

• Registers and authenticates the node with the Chef server
• Builds the node object
• Synchronizes cookbooks
• Compiles resource collection
• Helps in providing appropriate actions for various exceptions and notifications

A chef_container resource is used to interact with container objects that exist on the Chef server. 

Syntax:

chef_container 'name' do
  attribute 'value' # see properties section below
  ...
  action :action # see actions section below
end

A data bag is a container of related data bag items, where each individual data bag item is a JSON file. The knife can load a data bag item by specifying the name of the data bag to which the item belongs and then the filename of the data bag item.

Syntax:

chef_data_bag 'name' do
  attribute 'value' # see properties section below
  ...
  action :action # see actions section below
end

A Recipe is a collection of Resources which is used for configuring a piece of software. A Cookbook groups together Recipes and other information in a way that is more manageable than having just Recipes alone.

It is used to manage packages on ubuntu and debian platforms

It is used between chef-client and the Chef Server for secure communication and proper access to the data

1.Node's hostname / Public Ip Address

2.Node's userName and Password

3.Also, key details if it is used for authentication

Yes, both are the same. Resource attributes in any specific order as required. want.

• It helps you to specify which recipes to run and the order in which they must be run. It is very important when you have multiple cookbooks to manage it efficiently.
• It is stored as part of the node object on the chef server
• Maintained using a knife and uploaded from the workstation to the Chef Server

  A run-list must be in one of the below following formats:

'role[NAME]'

or

'recipe[COOKBOOK::RECIPE]'

Use a comma to separate roles and recipes when adding more than one item the run-list:

'recipe[COOKBOOK::RECIPE],COOKBOOK::RECIPE,role[NAME]'

Details of the bootstrap process are given below

1.Node downloads and installs chef-client.

2.chef-client registers with Chef Server and does the check-in.

One can validate if the node has successfully bootstrapped by checking the details in Chef Management Console and using commands knife node list and knife node show.

A knife is a command-line tool which provides an interface between a local chef-repo and the Chef server. 

knife helps users to manage:

• Nodes
• Recipes and Cookbooks
• Roles and Data Bags
• Installation of the chef-client onto nodes
• Helps in searching indexed data on the Chef server

knife ec2, knife azure, knife blue box, knife eucalyptus, knife google, knife linode, knife OpenStack, and knife rackspace

It is a tool that comes along with chef-client installation, which can detect attributes on a node which is provided to the chef-client for use within cookbooks. It is run by the chef-client at the beginning of every Chef run to determine system state.

• Run knife Ssh from your workstation.
• SSH directly into your server and run chef-client.
• Update the cookbook to display the node’s hostname, platform, total installed memory, and number of CPUs.
• Upload the cookbook and run it on the node.
• Run chef-client demon process on the node, which will update the node with the changes done on cookbook if the cookbook is part of the runlist.

Set cookbook’s version number to 1.0.0 when it is ready to be used in production.  

Starter Kit will create the necessary configuration files like chef directory, knife.rb, the ORGANIZATION-validator.pem, and USER.pem files etc. which is required to interact with the Chef server.

• Berkshelf is a dependency manager for Chef cookbooks. 
• Easily depend on community cookbooks and have them safely included in your workflow. 
• Ensure that your CI systems reproducibly select the same cookbook versions, and can upload and bundle cookbook dependencies without needing a locally maintained copy. 
• Berkshelf is included in the Chef Development Kit.

Diagnose subcommand is used to see details of computed diagnostic configuration for one or more instances. It has all the details updated in YAML format. 

Syntax – $ kitchen diagnose PLATFORMS (options)

When a chef-client run is executed and if there any issues, Handlers are used to identify situations and remediate the issues. There are 3 types of handlers

• Exception Handler
• Report Handler
• Start Handler

 Vagrant helps Test Kitchen communicate with VirtualBox and configures resources like memory and network settings.