Go to Cmd
Chef install recipe example
An example Chef recipe that deploys Cmd
Ben Ironside avatar
Written by Ben Ironside. Updated over a week ago

This page shows an example of a Chef recipe that installs a Cmd agent, and explains how it can install different versions of the Cmd Control and Cmd Audit agents.

Chef commonly runs on a client-server model, but this example uses a standalone (solo) model to configure the virtual machine on which it runs. 

Before trying to deploy Cmd with Chef, you should know how to automate agent deployment, and if applicable, how to deploy the agent in containers

Last-tested version of Chef:

This was last tested with Chef Infra Client v16.7.61.

 

The Chef recipe

What the example recipe does:

  • Downloads and installs the  .rpm  version of the Cmd Control agent. (Please note the download URL is subject to change in future releases.)

  • Configures the agent and verifies it's enabled.

  • Removes the installer.

The recipe:

########-CONFIGURATION-#############
api_key = 'KeyFromChefExample'
architecture = 'amd64' #Supported values: amd64
format = 'rpm'         #Supported values: rpm, deb
version = ''           #Supported values: a supported version number, or empty for the latest version
agent_type = 'ccf'     #Supported values: cmd, ccf
sub = 'sub2'           #Your Cmd web app subdomain (e.g. sub1, sub2, sub3)
###################################

# Download the agent package
remote_file "/tmp/#{agent_type}-#{version}.#{format}" do
  only_if { ! ::File.exist?('/sbin/cmd_daemon') }
  source                "https://#{sub}.c-app.cmd.com/download/#{agent_type}?architecture=#{architecture}&format=#{format}&version=#{version}"
  action                :create_if_missing
  headers({'project-key': "#{api_key}"})
end

# Install the package
rpm_package "#{agent_type}-#{version}.#{format}" do
  only_if { ! ::File.exist?('/sbin/cmd_daemon') }
  source               "/tmp/#{agent_type}-#{version}.#{format}"
  action                :install
end

# Clean up the installer
file "/tmp/#{agent_type}-#{version}.#{format}" do
    action :delete
end

# Set the server's Cmd project
file '/etc/cmd/cmd.prj' do
  content "#{api_key}"
  notifies :restart, "service[cmd]"
end

# Configure the server name (displays in the Cmd web app)
file '/etc/cmd/config.ini' do
  content "server_name=#{node['hostname']}\ngroups=\nurl=https://#{sub}.c-app.cmd.com/ws\nsos_url=https://#{sub}.sos-app.cmd.com\n"
  notifies :restart, "service[cmd]"
end

# Start the agent, and enable it on restart.
# (Since awslinux1 2018 uses upstart, this example uses the
# Chef::Provider::Service::Upstart provider.)
service 'cmd' do
    supports        status: true
    action          [:enable, :start]
end

 

How to use the script

Required configuration:

  • api_key — Your Cmd project key.

  • architecture — Currently, the only valid value is amd64 (this includes x86-64).

  • format — Either deb or rpm , depending on the target OS. This example is set up to work for the rpm package, so if you use it with the deb package replace rpm_package with apt_package .

  • version — The version of the agent you wish to download. Use a supported version number, or leave it blank for the latest version.

  • agent_type — Choose whether to install the Cmd Control or Cmd Audit agent. Use ccf for the Cmd Control agent, or cmd for the Cmd Audit agent. (Make sure that the version number you specify matches the agent_type .)

  • sub — Your Cmd instance's subdomain. For example if your Cmd web app is at sub1.app.cmd.com , its value should be "sub1". If it's at sub2.app.cmd.com , it should be "sub2".

Optional configuration:

  • Server group(s) — To add servers to server groups, add the group name(s) in the recipe after  groups= , e.g.:  groups=prod . Valid characters for server groups are: 0-9 , a-z , A-Z , - , and _ . For multiple server groups, use a comma-delimited list with no spaces, e.g.:  groups=Test1,Test2,Test3  

  • Proxy — To use a proxy for downloading the installer, configure an https_proxy value in Chef's client.rb.

The server's Cmd server name gets inherited from the server's node name in Chef.
 

How to test:

To test this, you can: 

  • Use Vagrant to run the Chef recipe against a VM. 

  • Create a new directory, and create this Vagrantfile in that directory:

Vagrant.configure("2") do |config|  
  config.vm.box = "markush81/centos7-vbox-guestadditions"
  config.vm.hostname = "chef-cmd-demo"
  config.vm.provision "chef_solo" do |chef|
    chef.arguments = "--chef-license accept"
    chef.add_recipe "cmd"
  end
end

  • In the same directory, create cookbooks/cmd/recipes/default.rb using the recipe from the top of this page. 

  • Update the required configuration variables.

  • Run the test by executing  vagrant up   in the directory.

You will see a server named "chef-cmd-demo" (see the Vagrantfile above) on the Cmd web app's servers page.

 
 

Did this answer your question?