HPE Storage Tech Insiders
Showing results for 
Search instead for 
Did you mean: 

Start cooking with Chef


Here and there I often get an inquiry about using Chef with Nimble arrays. My standard response has been that we have a comprehensive REST API, please use that. It still remains my standard answer but now I have a blog post the inquiries to.

Chef has a built-in http_request resource that lends itself to manipulate remote REST APIs. However, it falls short in the department of retrieving and processing that content. Chef as a class you can call for this purpose, Chef::HTTP, and it lends itself just perfectly for easy retrieval of JSON content from a REST API.

Another caveat is that Nimble arrays serve the REST API over SSL connections with self-signed certificates. Which can be a bit of a pain to deal with in foreign libraries and programming languages (note that the author is a complete Ruby illiterate).

I’ve put together a small cookbook with just enough meat in it to use chef-client. The latest stable version of Chef DK (Chef Downloads) is being used in the below examples.

Sample Cookbook

Assume accounting have asked for a CSV-list of volumes from your array for their number crunching activities. I’m going to create such list for them to pickup at their convenience. Fire and forget. Here's the zipfile

First I need to figure out what attributes are relevant for my cookbook and how I easily can override those if we expand with more Nimble groups. This is my recipe cookbooks/nimble/attributes/default.rb

# Where to reach the API endpoint

default['nimble']['array'] = ''

default['nimble']['scheme'] = 'https'

default['nimble']['api_version'] = 'v1'

# This is the base dir for Chef DK

default['nimble']['certs'] = '/opt/chefdk/embedded/ssl/certs'

# Credentials

default['nimble']['auth'] = {

  'data': {

    'username': 'admin',

    'password': 'admin'



With my attribute layout, I can now craft my first recipe, cookbooks/nimble/recipes/certs.rb

# Download certificate

bash 'download_cert' do

  code <<-EOH

    openssl s_client -connect #{node['nimble']['array']} \

      -showcerts </dev/null 2>/dev/null | openssl x509 -outform PEM \

       > #{node['nimble']['certs']}/#{node['nimble']['array']}.pem

    cat #{node['nimble']['certs']}/#{node['nimble']['array']}.pem >> #{node['nimble']['certs']}/cacert.pem



This allows download of the Nimble array certificate and subsequent Chef connections to the array will be successful.

To download the certificate:

# chef-client --local-mode -r 'nimble::certs’

I can now move on to the more interesting pieces. Assume this recipe for cookbooks/nimble/recipes/volumes::list.rb

# Construct URL from attributes

nimble_array = node['nimble']['scheme'] + '://' + node['nimble']['array'] +

'/' + node['nimble']['api_version']

# My query

nimble_query = '/volumes/detail?fields=name,size,vol_usage_compressed_bytes'

# Get a token

nimble_token = JSON.parse(Chef::HTTP.new(nimble_array).post('/tokens',


# Simply list my volumes

nimble_volumes = JSON.parse(Chef::HTTP.new(nimble_array).get(nimble_query,

  {'X-Auth-Token' => nimble_token['data']['session_token']}))

# Write JSON response to a list with an erb template

template '/tmp/nimble_volumes_list' do

  source 'nimble_volumes_list.erb'

  owner 'root'

  group 'root'

  mode '0644'

  variables :my_volumes => nimble_volumes['data']


Very easy to follow recipe and for clarity, this is what my cookbooks/nimble/templates/nimble_volumes_list.erb looks like:


<% @my_volumes.each do |object| %>

<%= "#{object['name']},#{object['size']},#{object['vol_usage_compressed_bytes']/1024/1024}" %>

<% end %>

Now, for the entrée:

$ chef-client --local-mode -r 'nimble::volumes::list’

This will create /tmp/nimble_volumes_list, in my case this is what it contains:




















Now accounting can crunch their numbers all they want!

To run this recipe on a array other than my default hardcoded array a custom JSON attribute file may be used to override the defaults in the recipe. Something like this (same logical structure as the attribute file):


  "nimble": {

    "array": "sjc-array875.lab.nimblestorage.com:5392",

    "auth": {

      "data": {

        "username": "admin",

        "password": "admin"





So, for dessert:

# chef-client --local-mode -r 'nimble::volumes::list' -j nimble.json

That will however overwrite the contents of /tmp/nimble_volumes_list.

Chef has been around for a very long time. There’s countless resources available online to learn from. I’m a Chef apprentice and these examples may not represent the best practice pattern for creating cookbooks but demonstrates the principle that we have a REST API and you may manipulate it from anything, including Chef.

Dive into the NimbleOS REST API: Nimble Storage InfoSight

Learn more about Chef: Deploy new code faster and more frequently. Automate infrastructure and applications | Chef

About the Author


Data & Storage Nerd, Containers, DevOps, IT Automation

See posts for
HPE at 2018 Technology Events
Learn about the technology events where Hewlett Packard Enterprise will have a presence in 2018.
Read more
See posts for dates/locations
Reimagine 2018
Join us at one of the Reimagine 2018 stops and see how we Simplify Hybrid IT, innovate at the Intelligent Edge and bring it all together with HPE Poin...
Read more
View all