1. 前提

・ VirtualBoxのインストール
　https://www.virtualbox.org/wiki/Downloads
・Vagrantのインストール
　http://www.vagrantup.com/downloads.html
・Vagrantのインストール確認

$ vagrant -v
Vagrant 1.4.3

・RubyバージョンとGem確認

$ ruby -v
ruby 2.0.0p247 (2013-06-27 revision 41674) [universal.x86_64-darwin13]
$ gem list | grep chef
chef (11.8.2)
$ gem list | grep knife
knife-solo (0.4.1)
$ gem list | grep berks
berkshelf (2.0.13)

2. セットアップ

$ knife solo init sandbox-chef-cookbooks 
$ cd sandbox-chef-cookbooks 
$ berks init

3. site-cookbooksの作成

・iptablesの設定をするcookbookeを作成する

$ knife cookbook create site_simple_iptables -o site-cookbooks/

・設定

$ vim site-cookbooks/site_simple_iptables/recipes/default.rb

-- default.rb
# Reject packets other than those explicitly allowed
simple_iptables_policy "INPUT" do
  policy "DROP"
end

# The following rules define a "system" chain; chains
# are used as a convenient way of grouping rules together,
# for logical organization.

# Allow all traffic on the loopback device
simple_iptables_rule "system" do
  rule "--in-interface lo"
  jump "ACCEPT"
end

# Allow any established connections to continue, even
# if they would be in violation of other rules.
simple_iptables_rule "system" do
  rule "-m conntrack --ctstate ESTABLISHED,RELATED"
  jump "ACCEPT"
end

# Allow SSH
simple_iptables_rule "system" do
  rule "--proto tcp --dport 22"
  jump "ACCEPT"
end

# Allow HTTP, HTTPS
simple_iptables_rule "http" do
  rule [ "--proto tcp --dport 80",
         "--proto tcp --dport 443" ]
  jump "ACCEPT"
end

# Allow MySQL
simple_iptables_rule "mysql" do
  rule "--proto tcp --dport 3306"
  jump "ACCEPT"
end

# Allow Rails
simple_iptables_rule "mysql" do
  rule "--proto tcp --dport 3000"
  jump "ACCEPT"
end

4. Berksfile

・サードパーティのcookbook（iptable + Ruby + MySQL）を使う設定を追加する

$ vim Berksfile

site :opscode
cookbook 'simple_iptables', git:"git://github.com/dcrosta/cookbook-simple-iptables.git"
cookbook 'site_simple_iptables', path: './site-cookbooks/site_simple_iptables'
cookbook 'ruby_build'
cookbook 'rbenv', github: "fnichol/chef-rbenv"
cookbook 'mysql'

・iptable設定のcookboosとサードパーティのcookbookをインストール

$ berks install --path cookbooks

5. Vagrantfile

・mysqlパスワード、rubyバージョンの設定

    chef.json = {
        :mysql => {
            :server_root_password => 'rootpass',
            :server_debian_password => 'debpass',
            :server_repl_password => 'replpass'
        },
        :rbenv => {
            :user_installs => [{
                                   :user => "vagrant",
                                   :rubies => ["2.0.0-p353"],
                                   :global => "2.0.0-p353",
                                   :gems => {
                                       "2.0.0-p353" => [
                                           {:name => "bundler"}
                                       ]
                                   }
                               }]
        }
    }

・vagrantの起動

$ vagrant up

5. サンプル

t-taira/sandbox-chef-cookbooks · GitHub

6. 参考サイト

さくらVPSの初期設定をChef Soloでやってみた〜サードパーティcookbookの使い方〜 | tsuchikazu blog