Monday, September 16, 2013
OpsCode, the creators of Chef, offers a hosted Chef Server solution. However, I have always preferred to setup my own severs, and OpsCode also offers an open source Chef Server that you can install and host yourself.
The following install steps for Ubuntu and RHEL/CentOS are a very quick way to get the open source Chef Server 11.0.8-1 version installed. If you want Chef Server for a different operating system, version, or architecture then go to the OpsCode Download page.
The following steps assume you already have a Ubuntu Server 12.04 LTS server setup somewhere. A minimal install will work just fine.
wget https://opscode-omnibus-packages.s3.amazonaws.com/ubuntu/12.04/x86_64/chef-server_11.0.8-1.ubuntu.12.04_amd64.deb sudo dpkg -i chef-server_11.0.8-1.ubuntu.12.04_amd64.deb sudo chef-server-ctl reconfigure
The following steps assume you already have a RHEL 6 or CentOS 6 server setup somewhere. A minimal install will work just fine.
wget https://opscode-omnibus-packages.s3.amazonaws.com/el/6/x86_64/chef-server-11.0.8-1.el6.x86_64.rpm sudo yum localinstall chef-server-11.0.8-1.el6.x86_64.rpm sudo chef-server-ctl reconfigure
Regardless of which operating system you install on, if you have a firewall running (iptables, ufw, etc.), be sure to open port 443.
I will be working on an OS X workstation within the Development directory of my home folder. The following steps should work just as well on a Linux distribution with the necessary directory path changes.
Download the Chef Omnibus installer:
curl -O -L http://www.opscode.com/chef/install.sh
Begin the install:
sudo sh install.sh
Clone the Chef Repo skeleton directory to work in:
cd ~/Development git clone https://github.com/opscode/chef-repo.git
Open a web browser, navigate to your open source Chef Server via its FQDN or IP address, login as the admin user (the default password is shown on the right hand side), and change the default admin password.
Next, regenerate the chef-validator Private Key by going to Clients > chef-validator > Edit, check the Regenerate Private Key box, and click Save Client. Copy the new Private Key to ~/Development/chef-repo/.chef/chef-validator.pem on your workstation.
Create a new user on your open source Chef Server by going to Users > Create, check the Admin box, fill out the necessary fields (I will use user jthorne in this example), and click Create User. Copy the Private Key to ~/Development/chef-repo/.chef/jthorne.pem.
Finally, open your console application and run
knife configure. Fill out the fields as follows (knife will try and guess some of the values, overwrite them as necessary):
WARNING: No knife configuration file found Where should I put the config file? [/Users/jthorne/.chef/knife.rb] /Users/jthorne/Development/chef-repo/.chef/knife.rb Please enter the chef server URL: [https://macbookpro.local:443] https://chef-server.example.com:443 Please enter an existing username or clientname for the API: [jthorne] Please enter the validation clientname: [chef-validator] Please enter the location of the validation key: [/etc/chef-server/chef-validator.pem] /Users/jthorne/Development/chef-repo/.chef/chef-validator.pem Please enter the path to a chef repository (or leave blank): /Users/jthorne/Development/chef-repo You must place your client key in: /Users/jthorne/Development/chef-repo/.chef/jthorne.pem Before running commands with Knife! You must place your validation key in: /Users/jthorne/Development/chef-repo/.chef/chef-validator.pem Before generating instance data with Knife! Configuration file written to /Users/jthorne/Development/chef-repo/.chef/knife.rb
At this point knife is setup to interface with the open source Chef Server you installed earlier. Commands such as
knife client list or
knife node list should return lists of your registered clients and nodes, respectively.
Be aware, you will need to be in the ~/Development/chef-repo directory, or whatever directory you used, when using the knife command to interface with your open source Chef Server. It is entirely possible to follow the same steps above to create another directory on your workstation that interfaces with a different open source Chef Server. The knife command will look for .chef/knife.rb in whatever directory you are currently in to figure out what Chef Server it is suppose to interface with. If you only plan on using one open source Chef Server, you can also place .chef in your home directory, so you will be able to interface with your open source Chef Server using the knife command from any directory.
With knife installed on your workstation and the skeleton Chef repo directory in place, you are ready to bootstrap your first client server. Bootstrapping a client server will install the chef-client onto the client server and configure it to talk back to your open source Chef Server you installed earlier.
Assuming you already have a client server ready to go, to bootstrap it use the following command:
knife bootstrap -u root $FQDN_OF_CLIENT_SERVER
If the root user is unavailable, you can pass the sudo command line switch:
knife bootstrap -u $USERNAME --sudo $FQDN_OF_CLIENT_SERVER
After a couple of minutes the client server will be registered to your open source Chef Server and you can begin applying roles and recipes to it.