Setup Chef-Workstation and Chef-Server
How To Setup Chef-Workstation and Chef-Server
Video Tutorial showing how to setup workstation and chef-server:
Chef
Chef is an open source automation tool to manage your infrastructure as code. Provision, orchestrate and do configuration management without worrying about the type of cloud and scale of your infrastructure.
Chef Architecture
Setup Chef workstation
Chef workstation is your local machine/laptop where you write chef code.
On your local machine follow the below steps:
- Install Chef development kit
- Get a good text editor (Sublime/Atom/)
- Create a working directory
mkdir ~/mychef
Chef Server
Chef server is a cetral point which manages all nodes and the nodes pulls the configuation from chef server.
There are two ways of managing chef-server
- Community Hosted chef-server
- Self Hosted chef-server
Setup Self Hosted Chef-server
System Requirement
Considering Red Hat Enterprise Linux system, ensure that the system have:
- 4GB total memory
- A hostname or server name
- is connected to NTP.
- Apache Qpid disabled.
- provides inbound access (including firewall) on port 443 (HTTPS).
- has SELinux disabled or set to permissive mode.
Install chef-server
- SSH the instance on which you want to setup chef server and run the following command
curl -L https://omnitruck.chef.io/install.sh | sudo bash -s -- -P chef-server
- Get a text editor (VIM)
- Create chef server configuration file /etc/opscode/chef-server.rb (if not present) and add the following settings with a proper domain
server_name = "chef_server_domain"
api_fqdn server_name
bookshelf['vip'] = server_name
nginx['url'] = "https://#{server_name}"
nginx['server_name'] = server_name
nginx['ssl_certificate'] = "/var/opt/opscode/nginx/ca/#{server_name}.crt"
nginx['ssl_certificate_key'] = "/var/opt/opscode/nginx/ca/#{server_name}.key"
- Now apply the configuration by running the following command
sudo chef-server-ctl reconfigure
Install the management console and reporting features
- The management console is the web-based interface into Chef server
- Chef reporting tracks what happens when chef-client runs on your nodes. Chef server uses this information to build reports.
Run the following commands on your Chef server to install the management console.
sudo chef-server-ctl install chef-manage
sudo chef-server-ctl reconfigure
sudo chef-manage-ctl reconfigure
Then run these commands to install the reporting feature
sudo chef-server-ctl install opscode-reporting
sudo chef-server-ctl reconfigure
sudo opscode-reporting-ctl reconfigure
Create admin user
Syntax command:
sudo chef-server-ctl user-create ADMIN_USER_NAME ADMIN_FIRST_NAME ADMIN_LAST_NAME ADMIN_EMAIL ADMIN_PASSWORD --filename ADMIN_USER_NAME.pem
Actual command:
sudo chef-server-ctl user-create jsmith Joe Smith [email protected] p4ssw0rd --filename jsmith.pem
This will generate an RSA private key (.pem) file in the current directory, which allows us to run knife commands against chef server as an authenticated user.
In the coming step we will copy this file to our workstation.
Create the organization
command syntax:
sudo chef-server-ctl org-create ORG_SHORT_NAME "ORG_LONG_NAME" --association_user ADMIN_USER_NAME
Actual command:
sudo chef-server-ctl org-create 4thcoffee "Fourth Coffee, Inc." --association_user jsmith
Setup knife on workstation by downloading starter kit from chef server
Knife is a command line tool to interact with chef server and nodes for example uploading the chef code i.e. cookbooks to chef server.
From your workstation:
- In web browser, hit the domain for which chef server was configured
- Login with the username and password you provided in the previous step.
- From the Administration tab, select your organization.
- Select Starter Kit from the menu on the left.
- Click the Download Starter Kit button.
- Click Proceed. Save the file chef-starter.zip to your computer.
- Extract chef-starter.zip to your ~/mychef directory.
You are free to choose a directory other than ~/mychef
Now verify that the ~/mychef/chef-repo/.chef directory on your workstation contains the knife configuration file and your RSA key.
ls ~/mychef/chef-repo/.chef
Download SSL certificate
The communication between node and chef server is done over HTTPS(port 443) .
During bootstrap process knife copies SSL certificate from workstation to node. To be able to copy certificate, the workstation should have the copy of SSL certificate.
From your ~/mychef/chef-repo directory, run the knife ssl fetch command to retrieve a copy of the certificate.
knife ssl fetch
Test the connection to Chef server
Run on workstation to check the connection with chef-server
knife client list