I’m writing a book!

It’s been a quiet month on here! Between doing lots of work around Chef Provisioning, Openstack and automated environment creation at DataSift and doing something different pretty much every night of the week I’ve been trying to find the time to write a book.

It’s (tentatively) called Ansible: Beginner to Pro and will be published by Apress publishing. As of this evening the first draft of every chapter is complete, and it’s time to pick up the editing work to convert it from a collection of thoughts to a book that you can actually work through.

If you’re interested, here’s the pitch for the book. Hopefully we should be seeing it in the next few months.

Ansible: From beginner to pro is a step-by-step guide to Ansible, taking you on a journey from knowing nothing about configuration management to being an Ansible professional. This book starts by explaining what configuration management is and how it’s useful, and ends with you creating an entire cluster of virtualized machines, all of which have your applications and all their dependencies installed automatically.

Using this book, you will learn how to create an Ansible playbook to automatically set up an environment ready to install an open source project. You’ll be able to extract common tasks into roles that you can reuse across all your projects, and build your infrastructure on top of existing open source roles and modules that are available for you to use. We’ll take a look at building our own modules to perform actions specific to your business. Finally, we’ll cover how to test your Ansible playbooks – at the end of the day it’s still code, and code needs to be tested.

Ansible can do as much or as little as you want it to. Ansible: From beginner to pro will take you through all the steps you need to know to be an Ansible professional. You’ll be writing roles and modules and creating entire environments without human intervention in no time at all!

gpg: connecting dirmngr failed: IPC connect call failed

When trying to run --recv-key I was running into issues where dirmngr didn’t exist. As it turns out, it’s the same issue I was having where gpg-agent couldn’t start/

Given the following error message:

$ gpg --recv-key 0xDEADBEEF
gpg: DBG: locking for '/home/michael/.gnupg/gnupg_spawn_dirmngr_sentinel.lock' done via O_EXCL
gpg: connecting dirmngr at '/home/michael/.gnupg/S.dirmngr' failed: IPC connect call failed
gpg: keyserver receive failed: No dirmngr

The fix is to redirect the socket to somewhere writeable.

$ printf '%%Assuan%%\nsocket=/dev/shm/S.dirmngr\n' > ~/.gnupg/S.dirmngr

Decrypt Chef encrypted data bag without Knife

I found myself in the strange situation where I had an encrypted data bag and the secret key but no way to decrypt it without my friendly operations coworkers.

This script solved all my issues, writing the decrypted data to stdout.

require 'chef/encrypted_data_bag_item'
require 'json'

keyfile = "./secret_environment.key"
encrypted_path = "./my-secret-file.json"

secret = Chef::EncryptedDataBagItem.load_secret(keyfile)
encrypted_data = JSON.parse(File.read(encrypted_path))
plain_data = Chef::EncryptedDataBagItem.new(encrypted_data, secret).to_hash
puts JSON.generate(plain_data)

Make sure to change keyfile and encrypted_path to match your files.

Invoke the script using Chef’s built in Ruby to make sure that the Chef gem is available

/opt/chefdk/embedded/bin/ruby script.rb > decrypted.json