Reputation: 1396
Chef - delete unused cookbooks from server
Over time we have developed multiple cookbooks and uploaded to our chef server. These cookbooks are used by multiple teams. Is there a way to check for a given cookbook which other cookbooks depend on it or which nodes use it in their run list? If it is not being used I should be able delete the cookbook from chef server. This will help us to clean up and not let new users use a deprecated cookbook.
Note: I want to run it against chef server (I even have Berkshelf api server) and not on local copies.
Thanks
Regards Amod
Upvotes: 1
Views: 2171
Answers (2)
Reputation: 1
Install Knife Audit
- We need to have .chef/plugins/knife directory inside chef-repo. If you don’t have it then please make it using mkdir or any other method
- Now create a file named audit.rb inside .chef/plugins/knife directory
- visit https://raw.githubusercontent.com/jbz/knife-audit/master/lib/chef/knife/audit.rb
- Copy the content and paste it in newly created audit.rb file
- Install gem if not present ->
sudo yum install gem -y - Install knife audit ->
gem install knife-audit
Bash Script to delete unused cookbooks:-
- Create a file
deleteUnusedCookbook.shinside chef-repo directory. Now paste the following code indeleteUnusedCookbook.sh
#!/bin/bash
knife audit | tail -n +2 | awk '{ if($2 == 0) print $1;}'>unusedCookbook.txt
file=unusedCookbook.txt
for i in `cat $file`
do
knife cookbook delete "$i" -y
done
Here unusedCookbook.txt will contain the name of all unused cookbook on chef server. As a result In the script $2==0 will give the list of all unused cookbook. To get all used cookbook names change it to $2!=0 but please test it once without deleting otherwise it will delete all cookbooks which are currently in use.
- Now, to make it executable please do ->
chmod +x deleteUnusedCookbook.sh - Now run the script->
./deleteUnusedCookbook.sh
Upvotes: 0
Reputation: 33
https://github.com/jbz/knife-audit
Install helper cookbook
"The helper cookbook (knife_audit) consists of a single recipe (default) with a single resource in it - a ruby_block which saves node.run_state.seen_recipes to the attribute node[:knife_audit][:seen_recipes]. This preserves the complete runlist information from seen_recipes, which chef-client does not save to the chef server after constructing it in the compile phase."
Ensure helper cookbook is run on all nodes to populate the attribute.
Only then will a knife-audit -a find everything inside nested dependencies.
Upvotes: 3
Related Questions
- Removing packages in Chef, from a generated list
- Deleting configuration items with chef
- chef run_list remove all recipes
- remove chef cookbook_file if not exist in cookbook
- Best practices for cleaning up "old" versions of Chef resources
- How to remove the recipes from the Node for Chef
- Where is the cookbook_file stored on Chef Server
- Where are the cookbooks stored in Chef Server?
- Remove obviously unwanted cookbooks in chef
- Can Chef detect unused Cookbooks?