Contributors1 hour | Key points: - Chef server acts as a central repository for your cookbooks as well as for information about every node it manages.
- You author Chef cookbooks and administer the Chef server from your workstation.
- The
knife command enables you to communicate with the Chef server from your workstation.
|
Now that you have the Chef tools, a text editor, and a working directory set up on your workstation, let's set up your Chef server.
Recall that there are several ways to work with a Chef server.
- Install an instance on your own infrastructure.
- Sign up for hosted Chef, a Chef server that we manage for you.
- Use Chef Automate, which includes Chef server.
For production, the decision depends on your team's requirements and preferences.
Here, you'll bring up a basic Chef server installation on your own infrastructure.
For learning purposes, you'll perform the installation steps manually. Later, you can automate the installation. For example, EC2 user data enables you to run commands when your instance is first launched.
1. Install and configure Chef server
The Chef documentation provides detailed instructions on how to install and configure Chef server. You can follow the procedures in the documentation if you'd like to understand how the process works or you're ready to set up Chef server for production use.
If you'd rather to get started quickly, the following sections describe how to bring up a minimal installation on an Ubuntu 16.04 instance. Although we last tested this module on Amazon EC2, the concepts apply to any environment.
1.1. Bring up an Ubuntu 16.04 instance
Ensure your instance has at least 4GB of memory. If you're running on EC2, you can use a t2.medium instance.
Once your system is running, create an SSH connection to it.
1.2. Enable network access
Ensure your instance provides inbound network access on ports 22, 80, and 443. If you're running Chef server in the cloud, ensure that these ports are open through your security group.
1.3. Set hostname
Your Chef server must have a resolvable hostname. The hostname for the Chef server must be a FQDN, including the domain suffix.
If your system's hostname is not resolvable through DNS, you can assign a hostname to your server and add an entry to your workstation's hosts file.
If you're running on EC2, you can run this command on your instance to ensure your server's hostname matches its public hostname.
Terminal: ~
$ | echo $(curl -s http://169.254.169.254/latest/meta-data/public-hostname) | xargs sudo hostname
|
1.4. Run the install script
For learning purposes, you can run a shell script that we provide that downloads the Chef server package, installs the package, and sets up an initial user and organization. The version number you see is the latest this module was tested with.
Copy the following to /tmp/install-chef-server.sh on your server.
Editor: /tmp/install-chef-server.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
| #!/bin/bash
apt-get update
apt-get -y install curl
# create staging directories
if [ ! -d /drop ]; then
mkdir /drop
fi
if [ ! -d /downloads ]; then
mkdir /downloads
fi
# download the Chef server package
if [ ! -f /downloads/chef-server-core_12.17.33_amd64.deb ]; then
echo "Downloading the Chef server package..."
wget -nv -P /downloads https://packages.chef.io/files/stable/chef-server/12.17.33/ubuntu/16.04/chef-server-core_12.17.33-1_amd64.deb
fi
# install Chef server
if [ ! $(which chef-server-ctl) ]; then
echo "Installing Chef server..."
dpkg -i /downloads/chef-server-core_12.17.33-1_amd64.deb
chef-server-ctl reconfigure
echo "Waiting for services..."
until (curl -D - http://localhost:8000/_status) | grep "200 OK"; do sleep 15s; done
while (curl http://localhost:8000/_status) | grep "fail"; do sleep 15s; done
echo "Creating initial user and organization..."
chef-server-ctl user-create chefadmin Chef Admin admin@4thcoffee.com insecurepassword --filename /drop/chefadmin.pem
chef-server-ctl org-create 4thcoffee "Fourth Coffee, Inc." --association_user chefadmin --filename 4thcoffee-validator.pem
fi
echo "Your Chef server is ready!" |
In addition to installing Chef server, this script:
- creates the chefadmin user who's password is insecurepassword.
- creates an organization named 4thcoffee. An organization provides scope for authorization rules.
- copies an RSA private key to
/drop/chefadmin.pem. You'll learn more about this file and copy it to your workstation in the next part.
Next, make the script executable.
Terminal: ~
$ | sudo chmod u+x /tmp/install-chef-server.sh
|
Finally, run the script.
Terminal: ~
$ | sudo /tmp/install-chef-server.sh
|
The process takes a few minutes to complete.
2. Configure your workstation
knife is the command-line tool that provides an interface between your workstation and the Chef server. knife enables you to upload your cookbooks to the Chef server and work with nodes, the servers that you manage.
knife requires two files to authenticate with the Chef server.
an RSA private key
Every request to the Chef server is authenticated through an RSA public key pair. The Chef server holds the public part; you hold the private part.
a knife configuration file
The configuration file is typically named knife.rb. It contains information such as the Chef server's URL, the location of your RSA private key, and the default location of your cookbooks.
Both of these files are typically located in a directory named .chef. By default, every time knife runs, it looks in the current working directory for the .chef directory. If the .chef directory does not exist, knife searches up the directory tree for a .chef directory. This process is similar to how tools such as Git work.
One way to set up these files is to download what's called the starter kit from the web interface. The starter kit contains an RSA private key and knife configuration file. However, downloading the starter kit resets the keys for all users in your account. Here, you'll set up these files manually to see how the process works in a way that's safe for anyone on your team to repeat.
If you followed the Chef documentation to set up your Chef server, follow one of these procedures to set up your RSA private key and knife configuraiton file on your workstation. We recommend you use the ~/learn-chef directory instead of ~/chef-repo to help keep learning materials isolated from any other Chef-related work on your workstation.
If you get stuck or need help troubleshooting, Discourse is a great place to ask the community for help.
If you used our minimal installation script, copy the RSA private key file, chefadmin.pem, from your Chef server to your workstation. Here's an example that uses scp.
| The scp utility is included with Chef Workstation on Windows. |
Terminal: ~
$ | scp -i ~/.ssh/private_key ubuntu@ec2-54-235-228-159.compute-1.amazonaws.com:/drop/chefadmin.pem ~/learn-chef/.chef/chefadmin.pem
|
Next, add this to your knife configuration file, ~/learn-chef/.chef/knife.rb. Then replace the value for chef_server_url with your Chef server's FQDN.
Editor: ~/learn-chef/.chef/knife.rb
1
2
3
4
5
6
7
| current_dir = File.dirname(__FILE__)
log_level :info
log_location STDOUT
node_name "chefadmin"
client_key "#{current_dir}/chefadmin.pem"
chef_server_url "https://ec2-34-207-124-26.compute-1.amazonaws.com/organizations/4thcoffee"
cookbook_path ["#{current_dir}/../cookbooks"] |
3. Verify your setup
Your ~/learn-chef/.chef directory should contain two files:
- your
knife configuration file, knife.rb - your RSA private key
Your knife configuration file should resemble this one.
Editor: ~/learn-chef/.chef/knife.rb
1
2
3
4
5
6
7
| current_dir = File.dirname(__FILE__)
log_level :info
log_location STDOUT
node_name "chefadmin"
client_key "#{current_dir}/chefadmin.pem"
chef_server_url "https://ec2-34-207-124-26.compute-1.amazonaws.com/organizations/4thcoffee"
cookbook_path ["#{current_dir}/../cookbooks"] |
Your RSA private key should resemble this one.
Terminal: ~
$ | cat ~/learn-chef/.chef/chefadmin.pem-----BEGIN RSA PRIVATE KEY-----MIIEowIBAAKCAQEAqJCxFv1BoqlTJeK5zTZ6vX6hvQuDzlaN0v+Fo5R2zobP72GaN8GUOhaYSM0Zkg+epchPS9JX81Euv847g662BBneuT4+W6ImqtHtoqB2iEw9vJbZUoIpYRzVCMLpCc3hf3St5FcIz/t55VIAOML8O33CZMkY3o+EUHQx65aI3IDFVcmzxIFF+ziLbYc7Q1YHumXzv1pOP9o6QqFCcl/r4x5g9sj0eeYwYQBNppy9oELsrBuu/SEKs41X+tm1nP/sDrxOeI5ybytcN3MZN0SjniMTP+7Knh6xnfeFbmaC9Hp/bpbdlmaWv4iNJIhLBy/4LUkTh9jpC2knzJnq/bG4wQIDAQABAoIBAEbSXAUrrLr551xgkO3+eL1LCgtSXjOAPCAtiWl8BBqrm4uY92F7rJpnSd40hgzPETnYGjDiFF+/eSPPM0QVUJYShHhSBYMccqCMiQot3v9PARVOT8qRs28A3STMN3dkeK9761mPQX2Yy9Mki8FNcwpPwS/1KcTAibf/ycWQvrndlflL3KCl/Nnv//Das3dn41npkAB6sGySOPirrajRuVR9REieRfx/vAGeOFkmWzuizBAxb+GXmYRy/Z+H+daEuqNd7QHAue4xg1s+7yPB4V+EobpQVVssNkidX5SUcMvu+pU5l7OF9PP1zNMhvQItmhi77VXOj61fVeKPJTaeHQECgYEA0lH6gVZRpmimoPJ5bNFeBKax/BzK1D7p7rD/z/i1qkiG3yCWYvQ/1T4pl9kVndhubxaTUug/DcCpSp+va8vnQ3jS7LvDfS2SxNySH/g8XZ/EyO8ZvbfklqkpAdh3agKP310jB+dxqjbEwvdG9CdZyXK1ottXTzN07s0tCFcL7nECgYEAzS0XOTs0FNSLc667Nq99NdcuoHkKsqxYn7zpoyaslqc4o9tABBXCimQJzIWbY3u477B/1VrP8Ortepp0kev1ythYOGCAXBpukADLgw/1ygxVL51R+K6wbWDJyggMXvpOAhZXWT0RiVeyOE2tyLERlIV4Q3t7lyXiLJ1irdhBN1ECgYA7FmT2aTXPNp95oCWU+M0dKWffmIczUemO8ZMs7oa7LF0X2qPlcRFt62TsEEUOb3u3IfSJ2k28o1/sYyh5dHOodQ53jk2108asH/u9l5P+CaDTgrkMn9lMqoGmzxXdZpLdAeGRmuhIFdL5o1b/yP5kpiF5e33v9ljnriT0rt/fQQKBgGT9ZsrzzzXdoG2ublaFidnwerDeI1dk35JwqAd4R8c3s/djOdVI6KK5ruEOenezNEo2dBWOR3/sAswwLmSM4kTfzDyjs0qib/1Nht6SAodbHqr7IpfnVEviMjDRWVV+mtsIKCJynqkdk0mHYpzAG0khkRqWMzUonnUbWrD7Gs6hAoGBAKrv2c3/42gSNu8MZFG8r8xmLehRg/Rj6nfFizTu9FH+ph8B4HgECBnV1aHXvOsOaSDkjyPKa5hHCX145xWjme7blrSJfbsKiAAswSOJytc+PAPIULeocBr6hW6cD7rMrt5D/6Ofxts8nQnNQ5Z3UJOtB6V3CFzlvw5oRXw1sIE0-----END RSA PRIVATE KEY-----
|
Make sure you're in the ~/learn-chef directory.
Next, ensure that you can fetch and validate the SSL certificate from your Chef server. Here's an example.
Terminal: ~/learn-chef
$ | knife ssl fetchAdding certificate for ec2-34-207-124-26_compute-1_amazonaws_com in /home/ubuntu/learn-chef/.chef/trusted_certs/ec2-34-207-124-26_compute-1_amazonaws_com.crt
|
Terminal: ~/learn-chef
$ | knife ssl checkConnecting to host ec2-34-207-124-26.compute-1.amazonaws.com:443Successfully verified certificates from `ec2-34-207-124-26.compute-1.amazonaws.com'
|
At this point, you have two of the three parts of a typical Chef setup. Your workstation is set up and you have access to the Chef server. You'll set up the third part, a node to manage, later in this module.
Chef server gives you a persistent location to store your cookbooks and information about your nodes. The knife command enables you to communicate with the Chef server.
