It’s a short introduction on how to use CHEF on AIX. It’s mainly targeted at people wondering what is actually possible to do with CHEF on AIX. The official client is really good but it’s features are not well known. So I thought about showing them here.

introduction

I will mainly focus on this post on what is possible to do with the CHEF client package. So I will only use chef-solo which allow us to work without a chef server. So I will skip a lot of the great features of CHEF but it will simplify a lot the explanations.

CHEF installation

You need to download the CHEF client on the official website :

The client is the same for AIX 6.1 and AIX 7.1.

It’s a bff package named chef-12.4.1-1.powerpc.bff.

You install it like any standard package :

inutoc .
installp -acXYd . chef
...
+-----------------------------------------------------------------------------+
                                Summaries:
+-----------------------------------------------------------------------------+

Installation Summary
--------------------
Name                        Level           Part        Event       Result
-------------------------------------------------------------------------------
chef                        12.4.1.1        USR         APPLY       SUCCESS
chef                        12.4.1.1        ROOT        APPLY       SUCCESS
It has no dependency :)

Binaries are installed in /opt/chef/bin. It’s a good idea to add it in your PATH :

export PATH=$PATH:/opt/chef/bin

environment setup

Let’s setup a directory where to store the cookbooks and recipes used by CHEF.

Here it will be a directory in /tools filesystem. The first cookbook will be named aixtest :

mkdir -p /tools/chef/cookbooks/aixtest/recipes

chef-solo

chef-solo will be used to run in standalone mode on the AIX system.

chef-solo needs a configuration file to know where are the cookbooks. So let’s create a file named /tools/chef/solo.rb with this configuration :

cookbook_path "/tools/chef/cookbooks"

It need a json file to specify what tasks will be performed.Create a file firstrun.json :

{
  "run_list": [ "recipe[aixtest]" ]
}

So to run the first recipe, the command will be :

chef-solo -c /tools/chef/solo.rb -j /tools/chef/firstrun.json

first recipe

The first recipe will be named /tools/chef/cookbooks/aixtest/recipes/default.rb.

In the following sections, we will add actions to see the different resources available in standard in the chef package.

adding a user

It’s a good first step :) The user account will be created using the user resource:

user 'adejoux' do
  comment 'Alain Dejoux'
  uid 1234
  gid 'sys'
  home '/home/adejoux'
  shell '/usr/bin/ksh'
  password 'zbpkcVZ.1okhk'
  supports :manage_home => true
end

Note: In this example, I kept the crypt method for password encryption but you should definitely use something better like sha.

Note2: Thanks to Donal to inform I forgot supports to create the user home directory :)

So let’s run chef-solo and see what happens :

root@adxlpar2(/root)#  chef-solo -c /tools/chef/solo.rb -j /tools/chef/firstrun.json
Starting Chef Client, version 12.4.1
Compiling Cookbooks...
Converging 1 resources
Recipe: aixtest::default
  * user[adejoux] action create
    - create user adejoux

Running handlers:
Running handlers complete
Chef Client finished, 1/1 resources updated in 5.154866 seconds

no LVM management ?

Nice modules for managing aix LVM are still not available but it’s not mandatory at all.

We have the execute resource which allow us to run any commands we want.

So let’s create a logical volume :

execute 'Create tools2lv LV' do
  command 'mklv -t jfs2 -y tools2lv rootvg 1G'
  creates '/dev/tools2lv'
end

And the output :

Starting Chef Client, version 12.4.1
Compiling Cookbooks...
Converging 2 resources
Recipe: aixtest::default
  * user[adejoux] action create (up to date)
  * execute[Create tools2lv LV] action run
    - execute mklv -t jfs2 -y tools2lv rootvg 1G

Running handlers:
Running handlers complete
Chef Client finished, 1/2 resources updated in 5.608437 seconds

It’s really important to have a recipe which can be run multiple times on one system with the same result. It’s what means to be idempotent.

So here we added the creates attribute. It will check if the “file” /dev/tools2lv exists and will run the command only if this file is not already existing.

So the output when running chef-solo again is :

Starting Chef Client, version 12.4.1
Compiling Cookbooks...
Converging 2 resources
Recipe: aixtest::default
  * user[adejoux] action create (up to date)
  * execute[Create tools2lv LV] action run (up to date)

Running handlers:
Running handlers complete
Chef Client finished, 0/2 resources updated in 4.935229 seconds

To create the filesystem, we use the same resource :

execute 'Create /tools2 FS' do
  command 'crfs -v jfs2 -A yes -m /tools2 -d tools2lv'
  creates '/tools2'
end

mount a filesystem

To mount a filesystem, it’s possible to use the execute resource but it’s not so convenient to have to choose a file to check with creates.

Luckily the mount resource work well on AIX :

mount '/tools2' do
  device '/dev/tools2lv'
  fstype 'jfs2'
end

install a bff package

Here again the package resource fully support AIX :

package 'install vopt_manager' do
  package_name 'vopt_manager.rte'
  source '/tools/vopt_manager.1.0.0.0.bff'
end

In source you can specify a directory where a .toc file was generated or directly the bff file itself. It’s the standard installp command.

install a rpm package

For rpm format, it’s almost the same but you need to use rpm_package instead.

rpm_package 'fio' do
  source '/tools/fio-2.1.12-1.aix5.3.ppc.rpm'
end

managing AIX services

Let guess what ? Yes, the service resource fully support AIX too.

A simple example where sshd is restarted :

service 'sshd' do
  action :restart
end

recipe execution

When runnning it the first time :

 chef-solo -c solo.rb -j test.json
Starting Chef Client, version 12.4.1
Compiling Cookbooks...
Converging 8 resources
Recipe: aixtest::default

  * user[adejoux] action create
    - create user adejoux
  * execute[Create tools2lv LV] action run
    - execute mklv -t jfs2 -y tools2lv rootvg 1G
  * execute[Create /tools2 FS] action run
    - execute crfs -v jfs2 -A yes -m /tools2 -d tools2lv
  * mount[/tools2] action mount
    - mount /dev/tools2lv to /tools2
  * rpm_package[zlib] action install
    - install version 1.2.7-1 of package zlib
  * rpm_package[fio] action install
    - install version 2.1.12-1 of package fio
  * package[install vopt_manager] action install
    - install version 1.0.0.0 of package vopt_manager.rte
  * service[sshd] action restart
    - restart service service[sshd]
Running handlers:
Running handlers complete
Chef Client finished, 8/8 resources updated in 7.990516 seconds

When running it again :

Starting Chef Client, version 12.4.1
Compiling Cookbooks...
Converging 8 resources
Recipe: aixtest::default
  * user[adejoux] action create (up to date)
  * execute[Create tools2lv LV] action run (up to date)
  * execute[Create /tools2 FS] action run (up to date)
  * mount[/tools2] action mount (up to date)
  * rpm_package[zlib] action install (up to date)
  * rpm_package[fio] action install (up to date)
  * package[install vopt_manager] action install (up to date)
  * service[sshd] action restart
    - restart service service[sshd]

Running handlers:
Running handlers complete
Chef Client finished, 1/8 resources updated in 6.843585 seconds

It’s important to be able to run multiple times the same recipe.

Note: only ssh restart is performed again because no condition was set on this task execution.

the end

I hope this short introduction make you want to test CHEF on AIX. And showed you than it’s not so complex to use.

To go further on automation with AIX, I recommend to check the AIX cookbook :

It’s adding a lot of new resources to manage AIX.

Another great example of automation on AIX with CHEF is :

It will give you a good idea of what the capabilities of CHEF. Hope you will have fun :)