Contributors20 minutes | Key points: - Chef server acts as a central repository for your cookbooks as well as for information about every node it manages.
- You author Chef cookbooks and administer the Chef server from your workstation.
- The
knife command enables you to communicate with the Chef server from your workstation.
|
Now that you have the Chef tools, a text editor, and a working directory set up on your workstation, let's set up your Chef server.
Recall that there are several ways to work with a Chef server.
- Sign up for hosted Chef, a Chef server that we manage for you.
- Install an instance on your own infrastructure.
- Use Chef Automate, which includes Chef server.
For production, the decision to use hosted Chef or manage your own Chef server depends on your team's requirements and preferences. If you're interested in setting up your own Chef server, you might want to first complete this module using hosted Chef to see how Chef server works. Then you can set up a Chef server in your environment.
Here you'll sign up for hosted Chef and set up your workstation to communicate with the Chef server.
1. Sign up for hosted Chef
| If your team already has a Chef server that you can use, request an invitation from your Chef server's administrator and then move to the next step. |
From your workstation, fill out the form on our sign-up page.
Sign up for free tier access to hosted Chef
After you sign up, you'll receive an email to confirm your account. Click the link in that email to verify your account and set your password.
After that, navigate to https://manage.chef.io/login and sign in. Then follow these steps to create an organization.
- Click Create New Organization.
- Enter a full name and short name for your organization. An organization is typically a company name or a department within a company. These names can be whatever you want but the short name must be unique.
- Click Create Organization.
2. Configure your workstation
knife is the command-line tool that provides an interface between your workstation and the Chef server. knife enables you to upload your cookbooks to the Chef server and work with nodes, the servers that you manage.
knife requires two files to authenticate with the Chef server.
an RSA private key
Every request to the Chef server is authenticated through an RSA public key pair. The Chef server holds the public part; you hold the private part.
a knife configuration file
The configuration file is typically named knife.rb. It contains information such as the Chef server's URL, the location of your RSA private key, and the default location of your cookbooks.
Both of these files are typically located in a directory named .chef. By default, every time knife runs, it looks in the current working directory for the .chef directory. If the .chef directory does not exist, knife searches up the directory tree for a .chef directory. This process is similar to how tools such as Git work.
One way to set up these files is to download what's called the starter kit from the web interface. The starter kit contains an RSA private key and knife configuration file. However, downloading the starter kit resets the keys for all users in your account. Here, you'll set up these files manually to see how the process works in a way that's safe for anyone on your team to repeat.
Create the ~/learn-chef/.chef directory, like this. You'll add your RSA private key and knife configuration files in the next steps.
Terminal: ~/learn-chef
$ | mkdir ~/learn-chef/.chef
|
| Because knife searches up the directory tree for a .chef directory, you can have multiple .chef directories in your tree. The ~/learn-chef/.chef directory gives you a default knife configuration for most projects, but you can also create a .chef directory lower in the tree to configure other projects to work with another Chef server. |
3. Generate your knife configuration file
Here's how to create your knife configuration file. Your file will be located at ~/learn-chef/.chef/knife.rb.
- Sign in to https://manage.chef.io/login.
- From the Administration tab, select your organization.
- From the menu on the left, select Generate Knife Config and save the file.
From the command line, copy knife.rb to your ~/learn-chef/.chef directory. For example:
Terminal: ~
$ | cp ~/Downloads/knife.rb ~/learn-chef/.chef
|
Your knife configuration file should resemble this one. (Your user and organization names will appear instead of "chef-user-1" and "learn-chef-2".)
Editor: ~/learn-chef/.chef/knife.rb
1
2
3
4
5
6
7
8
9
| # See http://docs.chef.io/config_rb_knife.html for more information on knife configuration options
current_dir = File.dirname(__FILE__)
log_level :info
log_location STDOUT
node_name "chef-user-1"
client_key "#{current_dir}/chef-user-1.pem"
chef_server_url "https://api.chef.io/organizations/learn-chef-2"
cookbook_path ["#{current_dir}/../cookbooks"] |
4. Generate your RSA private key
Here's how to create your RSA private key. Your file will be located at ~/learn-chef/.chef/<username>.pem, where <username> is the name you chose when you created your hosted Chef account.
- Sign in to https://manage.chef.io/.
- From the Administration tab, select Users from the menu on the left.
- Select your user name, select Reset key from the menu on the left.
1. Select Reset key from the window that appears.
1. A second window appears that displays your private key. From the bottom of that window, click Download to download your private key file.
1. From the command line, copy your private key file to your ~/learn-chef/.chef directory. For example:
Terminal: ~
$ | cp ~/Downloads/username.pem ~/learn-chef/.chef
|
Your RSA private key should resemble this one.
Terminal: ~
$ | cat ~/learn-chef/.chef/username.pem-----BEGIN RSA PRIVATE KEY-----MIIEowIBAAKCAQEAqJCxFv1BoqlTJeK5zTZ6vX6hvQuDzlaN0v+Fo5R2zobP72GaN8GUOhaYSM0Zkg+epchPS9JX81Euv847g662BBneuT4+W6ImqtHtoqB2iEw9vJbZUoIpYRzVCMLpCc3hf3St5FcIz/t55VIAOML8O33CZMkY3o+EUHQx65aI3IDFVcmzxIFF+ziLbYc7Q1YHumXzv1pOP9o6QqFCcl/r4x5g9sj0eeYwYQBNppy9oELsrBuu/SEKs41X+tm1nP/sDrxOeI5ybytcN3MZN0SjniMTP+7Knh6xnfeFbmaC9Hp/bpbdlmaWv4iNJIhLBy/4LUkTh9jpC2knzJnq/bG4wQIDAQABAoIBAEbSXAUrrLr551xgkO3+eL1LCgtSXjOAPCAtiWl8BBqrm4uY92F7rJpnSd40hgzPETnYGjDiFF+/eSPPM0QVUJYShHhSBYMccqCMiQot3v9PARVOT8qRs28A3STMN3dkeK9761mPQX2Yy9Mki8FNcwpPwS/1KcTAibf/ycWQvrndlflL3KCl/Nnv//Das3dn41npkAB6sGySOPirrajRuVR9REieRfx/vAGeOFkmWzuizBAxb+GXmYRy/Z+H+daEuqNd7QHAue4xg1s+7yPB4V+EobpQVVssNkidX5SUcMvu+pU5l7OF9PP1zNMhvQItmhi77VXOj61fVeKPJTaeHQECgYEA0lH6gVZRpmimoPJ5bNFeBKax/BzK1D7p7rD/z/i1qkiG3yCWYvQ/1T4pl9kVndhubxaTUug/DcCpSp+va8vnQ3jS7LvDfS2SxNySH/g8XZ/EyO8ZvbfklqkpAdh3agKP310jB+dxqjbEwvdG9CdZyXK1ottXTzN07s0tCFcL7nECgYEAzS0XOTs0FNSLc667Nq99NdcuoHkKsqxYn7zpoyaslqc4o9tABBXCimQJzIWbY3u477B/1VrP8Ortepp0kev1ythYOGCAXBpukADLgw/1ygxVL51R+K6wbWDJyggMXvpOAhZXWT0RiVeyOE2tyLERlIV4Q3t7lyXiLJ1irdhBN1ECgYA7FmT2aTXPNp95oCWU+M0dKWffmIczUemO8ZMs7oa7LF0X2qPlcRFt62TsEEUOb3u3IfSJ2k28o1/sYyh5dHOodQ53jk2108asH/u9l5P+CaDTgrkMn9lMqoGmzxXdZpLdAeGRmuhIFdL5o1b/yP5kpiF5e33v9ljnriT0rt/fQQKBgGT9ZsrzzzXdoG2ublaFidnwerDeI1dk35JwqAd4R8c3s/djOdVI6KK5ruEOenezNEo2dBWOR3/sAswwLmSM4kTfzDyjs0qib/1Nht6SAodbHqr7IpfnVEviMjDRWVV+mtsIKCJynqkdk0mHYpzAG0khkRqWMzUonnUbWrD7Gs6hAoGBAKrv2c3/42gSNu8MZFG8r8xmLehRg/Rj6nfFizTu9FH+ph8B4HgECBnV1aHXvOsOaSDkjyPKa5hHCX145xWjme7blrSJfbsKiAAswSOJytc+PAPIULeocBr6hW6cD7rMrt5D/6Ofxts8nQnNQ5Z3UJOtB6V3CFzlvw5oRXw1sIE0-----END RSA PRIVATE KEY-----
|
5. Verify your connection to the Chef server
Make sure you're in the ~/learn-chef directory.
Next, validate that your ~/learn-chef/.chef contains your knife.rb file and your private key file. (Your user name will appear instead of "chef-user-1.pem".)
Terminal: ~/learn-chef
$ | ls ~/learn-chef/.chefchef-user-1.pemknife.rb
|
Now, run the knife ssl check command to validate your connection to the Chef server.
Terminal: ~/learn-chef
$ | knife ssl checkConnecting to host api.chef.io:443Successfully verified certificates from `api.chef.io'
|
At this point, you have two of the three parts of a typical Chef setup. Your workstation is set up and you have access to the Chef server.
