Chef Server & Client Install and configuration how to

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

Below is an example configuration, using Ubuntu as the Chef server, as well as Ubuntu or Solaris (11/12) as the Chef Client.

Chef Server Installation and Configuration

First lets download the the Chef Ubuntu pkg.

Once the installation is completed, the official docs stat to issue a re-configure (I am not sure why a fresh install requires a reconfigure 🙂 ).

Next, will create/add an administrator.

Next, will create/add an organization.

In order to use the Chef Web GUI the below needs to be run.

Now the we need to reconfigure the main program to work with the new web GUI.

Note: In order the use Chef Push Jobs and Reporting additional steps are needed described here

Next will move on to the client installation and configuration

Note: In most cases the client can be pushed out from the server, however in my case I am using a Solaris client which might/will not work with that install method, so a simple pkg install was used to do the instillation.

Solaris Client installation

Note: Make sure to configure ntp (client and server must have the same time to work).

Modify /etc/inet/ntp.conf

Enable the ntp service

Download the Solaris package (p5p) install file.
Now lets verify the Solaris Chef pkg name.

Now lets install the Chef package.

Now, lets complete the chef-client related configuration, so the client can register with the server for the first time.

We need the chef validation name as was configured initially to be add in the client.rb below.
You can get the name in the Chef Web GUI/Manager go to Policy->Clients->Create.

Next, create the client.rb file and trust directory.

Below is a sample client.rb file example.

Now lets try to register the client, this process will generate and download the clients certificate in the /etc/chef/trusted_certs.

knife ssl fetch -c /etc/chef/client.rb

If all worked correct we are now ready to run chef-client for the first time.
Now run chef-client, carefully inspect the output, make sure it completed without errors.

Once the run is completed the client should now be fully registered.
Note: Successful registration can be verified in the Web GUI or bu using knife client list (Knife configuration is below)

Proxy/firewall notes

If the install is on a computer behind a proxy/firewall, you might see the errors below by trying to run chef-client.
To address this issue, make sure to add the chef server ip or fqdn to your no_proxy list.

Knife Client Configuration

Note: All examples ran on the Chef server itself. if knife has to run on one of the clients, the knife.rb should be changed to use a certificate that has access.

To use the knife utility additional configuration is needed which is outlined below.
First create a .chef directory.

Now, lets create the knife.rb

Now, knife should work nicely, to test just run.

Cookbooks and Recipes configuration

In Chef Cookbooks and Recipes define what client configurations to modify, then run-list’s define which client should run what.

To use Cookbooks, first of, you can create your own, or use one of the ready Chef supermarket Cookbook’s – available at the Chef Supermarket.
Note: In the recent versions of Chef, there are multiple options to create your own Cookbook.

Using pre canned supermarket Cookbook / Recipes

For the examples below I am using /var/chef which seems to be the default in Ubuntu.

The example below is using the dns supermarket Cookbook.
The steps to use a Supermarket Cookbook is summarized below.

  • Download the Cookbook
  • Extract the Cookbook (and or modify)
  • Upload the Cookbook
  • Add the Cookbook to a node run_list

Note: I am using /var/chef/cookbooks_src to save the supermarket source Cookbook, but you can use your own.

Next, lets extract the source cookbook for use (or modify as needed).

Lastly, lets upload the code to the Chef server for actual use.
Note: You will most likely get dependency errors (like I got), just make sure to download and extract all other dependency cookbook’s in the cookbook directory (follow the same process as dns).

Creating your own cookbook’s

First we need to generate the cookbook file & directory structure.
For older versions the simplest way is/was to use knife cookbook create..

Note: There are other options to generate a cookbook, more on that latter.

After the cookbook is generated, first thing we need to do is configure the general version, I am using the environame json format.
Create an environame.json file.

Next, lets configure a test cookbook, the cookbook name is testCookbook.
The testCookbook is configured to do two actions.

  • update the system with apt-get
  • install apache

To run apt-get we will added this to the default.rb.
There are two ways to configure any additional actions like install apache.

  • Use the default.rb just keep on adding actions (or call an include file), more below
  • Create separate actions file like apache.rb, just added the action to the run list, this gives you an additional flexibility

Note: The default cookbook will always use/run what is configured in the default.rb file.

Now, Lets get to actual the configuration.
First example uses the default.rb to update the system with apt-get, then calls an include to install & enable apache.

And the apache.rb

Next, to use the new cookbook, we need to upload the cookbook to the Chef server and finally add it to the run list.

Now we are ready to test the new cookbook, just run chef-client, if all is configured correctly, you should see the system update and apache being installed.

The second option is to call the apache.rb direct, and not with the default.rb.
Note: The include_recipe is commend out (or omit the line)

Now in the run list lets call both actions

Now to execute both actions, just run chef-client same as in option one.

To update the cookbook version change the version number in metadata.json and metadata.rb

Note: The options to generate a cookbook file & directory structure was changed in recent versions covered below, the rest of the process is mostly similar.

In the recent versions of Chef the recommend way to generate a cookbook has changed, giving you more flexibility.


To upload your own cookbook to the public supermarket, read here Chef Supermarket upload

helpful Chef commends

cookbook commends

Working with the public cookbooks

Note: if making changes to packages, change version in metadata.json and metadata.rb

Generate your own cookbook

knife cookbook create mycookbook
chef generate cookbook mycookbook
chef generate repo mycookbook
chef generate app mycookbook

Adding and removing recipe from run list

Manipulate client ACL

Default grant access was assigned to first admin user create
knife user list –user user1 –key /tmp/user1.pem
Note: to use anther user, it can easily be done in the Web GUI, create the new user then download certificate (pem) file, then use the pem key to access the Chef server.

Chef general

Chef restart / status

Chef backup

Interested in Puppet check out one of this posts

how to install configure puppet server – part one
How to install and configure puppet server – part two

References

Chef Server – Install
How to manually set up a Chef node?

Leave a Reply

avatar
300
  Subscribe  
Notify of