Category: Automation

Install/Setup and configure Chef Server/Workstation/Node on CentOS/RHEL 6.4

Posted on by ranjithcec

What is chef :-

Chef is a powerful configuration management utility that turns infrastructure into code. With the Chef users can easily manage, configure and deploy the resources across the network from the centralized location irrespective of the environment (cloud, on-premises, or hybrid)

It acts as a hub, ensuring that the right cookbooks are used, that the right policies are applied, that all of the node objects are up-to-date, and that all of the nodes that will be maintained are registered and known to the Chef Server. The Chef Server distributes configuration details (such as recipes, templates, and file distributions) to every node within the organization. Chef then does as much of the configuration work as possible on the nodes themselves (and not on the Chef Server).

Components of Chef:

Chef is consist of a Chef server, one or more workstations, and a node where the chef-client is installed. Components name is based on the roles played by each machine in the Chef ecosystem.

Chef Server: This is the central hub server that stores the cookbooks and recipes uploaded from workstations, which is then accessed by chef-client for configuration deployment.

Chef Workstations: This where recipes, cookbooks, and other chef configuration details are created or edited. All these are then pushed to the Chef server from the workstation, where they will be available to deploy to chef-client nodes.

Chef Client: This the target node where the configurations are deployed in which the chef-client is installed. A node can be any machine (physical, virtual, cloud, network device, etc..)

How To Setup a Chef 12 on CentOS 7 / RHEL 7

I) Prerequisite

  1. Host should have fully configured hostname.
  2. Should have DNS entry in place.
  3. Following package are required.

Install and Configure the Chef Server:

  1. Go to http://www.opscode.com/chef/install.
  2. Click the Chef Server tab.
  3. Select the Operating system, Version, and Architecture.
  4. Select the version of Chef Server 11.x to download, and then click the link that appears to download the package.
  5. Install the downloaded package using the correct method for the operating system on which Chef Server 11.x will be installed. 
    # rpm -ivh https://opscode-omnibus-packages.s3.amazonaws.com/el/6/x86_64/chef-server-11.0.8-1.el6.x86_64.rpm

6. Configure Chef Server 11.x by running the following command:

# chef-server-ctl reconfigure

Check the status of Chef Server components by using the following command.
chef-server-ctl status

Create an Admin user and Organization:

# chef-server-ctl user-create admin admin admin admin@itzgeek.local password -f /etc/chef/admin.pem
# chef-server-ctl user-create USER_NAME FIRST_NAME LAST_NAME EMAIL 'PASSWORD' -f PATH_FILE_NAME

Chef Workstations:

A workstation is a computer that is configured to the author, test and maintain cookbooks. These cookbooks are then uploaded to Chef server. It is also used to bootstrapping a node that installs the chef-client on nodes.

 

Download the latest version of Chef Development Kit (0.19.6 at the time of writing).

wget https://packages.chef.io/stable/el/7/chefdk-0.19.6-1.el7.x86_64.rpm

Install ChefDK.

rpm -ivh chefdk-*.rpm

Verify the components of Chef Development Kit.

chef verify

Some of the users may want to set Ruby version default to Ruby version installed with Chef. Check the current Ruby location.

which ruby

This command will yield you a result if your machine has Ruby installed. Run the below command to load CheDK variables to user profile file.

echo 'eval "$(chef shell-init bash)"' >> ~/.bash_profile

Load the user profile.

. ~/.bash_profile

Now, check the Ruby. You should get the similar output.

# which ruby
/opt/chefdk/embedded/bin/ruby

Install git:

Before generating chef-repo, you must install an open source version control tool called git on the machine.

yum -y install git

One the installation is complete. Generate Chef-Repo using “chef generate repo” command.

cd ~
chef generate repo chef-repo

This command places the basic chef repo structure into a directory called “chef-repo” in your home directory.

ls -al ~/chef-repo/

Output:

total 32
drwxr-xr-x. 8 root root 4096 Nov 12 18:30 .
dr-xr-x---. 5 root root 4096 Nov 12 18:29 ..
-rw-r--r--. 1 root root 1133 Nov 12 18:29 chefignore
-rw-r--r--. 1 root root  255 Nov 12 18:29 .chef-repo.txt
drwxr-xr-x. 3 root root   36 Nov 12 18:29 cookbooks
drwxr-xr-x. 3 root root   36 Nov 12 18:29 data_bags
drwxr-xr-x. 2 root root   41 Nov 12 18:29 environments
drwxr-xr-x. 7 root root 4096 Nov 12 18:29 .git
-rw-r--r--. 1 root root  106 Nov 12 18:29 .gitignore
-rw-r--r--. 1 root root   70 Nov 12 18:29 LICENSE
-rw-r--r--. 1 root root 1499 Nov 12 18:29 README.md
drwxr-xr-x. 2 root root   41 Nov 12 18:29 roles

Add version control:

Setup a user with the email address to begin the git configuration. Replace the “green” colored values according to your environment.

git config --global user.name "admin"
git config --global user.email "admin@itzgeek.local"

Go to the chef-repo directory and initialize it.

cd ~/chef-repo/
git init

Now, let’s create a hidden directory called “.chef” under the chef-repo directory. This hidden directory will hold the RSA keys that we created on the Chef server.

mkdir -p ~/chef-repo/.chef

Since this hidden directory stores the RSA keys, it should not be exposed to the public. To do that we will add this directory to “.gitignore” to prevent uploading the contents to GitHub.

echo '.chef' >> ~/chef-repo/.gitignore

Add and commit all existing files.

cd ~/chef-repo/
git add .
git commit -m "initial commit"

Check the status of the directory.

git status

Output:

nothing to commit, working directory clean

Copy the RSA Keys to the Workstation:

The RSA keys (.pem) generated when setting up the Chef Server will now need to be placed on the workstation. Place it under “~/chef-repo/.chef” directory.

scp -pr root@chefserver:/etc/chef/admin.pem ~/chef-repo/.chef/
scp -pr root@chefserver:/etc/chef/itzgeek-validator.pem ~/chef-repo/.chef/

Create knife.rb File:

Knife is a command line interface for between a local chef-repo and the Chef server. To make the knife to work with your chef environment, we need to configure it by creating knife.rb in the “~/chef-repo/.chef/” directory.

Now, create and edit the knife.rb file using your favorite editor.

vi ~/chef-repo/.chef/knife.rb

In this file, paste the following information:

current_dir = File.dirname(__FILE__)
log_level                :info
log_location             STDOUT
node_name                "admin"
client_key               "#{current_dir}/admin.pem"
validation_client_name   "itzgeek-validator"
validation_key           "#{current_dir}/itzgeek-validator.pem"
chef_server_url          "https://chefserver.itzgeek.local/organizations/itzgeek"
syntax_check_cache_path  "#{ENV['HOME']}/.chef/syntaxcache"
cookbook_path            ["#{current_dir}/../cookbooks"]

Adjust the following items to suit for your infrastructure.

node_name: This the username with permission to authenticate to the Chef server. Username should match with the user that we created on the Chef server.

client_key: The location of the file that contains user key that we copied over from the Chef server.

validation_client_name: This should be your organization’s short name followed by -validator.

validation_key: The location of the file that contains validation key that we copied over from the Chef server. This key is used when a chef-client is registered with the Chef server.

chef_server_url: The URL of the Chef server. It should begin with https://, followed by IP address or FQDN of Chef server, organization name at the end just after /organizations/.

{current_dir} represents ~/chef-repo/.chef/ directory, assuming that knife.rb file is in ~/chef-repo/.chef/. So you don’t have to write the fully qualified path.

 

Testing Knife:

Now, test the configuration by running knife client list command. Make sure you are in ~/chef-repo/ directory.

cd ~/chef-repo/
knife ssl fetch

This command will add the Chef server’s certificate file to trusted certificate directory.

You may get an error like below on your first attempt:

ERROR: SSL Validation failure connecting to host: chefserver.itzgeek.local - SSL_connect returned=1 errno=0 state=error: certificate verify failed
ERROR: Could not establish a secure connection to the server.
Use `knife ssl check` to troubleshoot your SSL configuration.
If your Chef Server uses a self-signed certificate, you can use
`knife ssl fetch` to make knife trust the server's certificates.

Original Exception: OpenSSL::SSL::SSLError: SSL Error connecting to https://chefserver.itzgeek.local/organizations/itzgeek/clients - SSL_connect returned=1 errno=0 state=error: certificate verify failed

To resolve this issue, we need to fetch the Chef server’s SSL certificate on our workstation beforehand running the above command.

knife ssl fetch

This command will add the Chef server’s certificate file to trusted certificate directory.

Once the SSL certificate has been fetched, run the previous command to test the knife configuration.

knife client list

Bootstrapping a New Node with Knife:

Bootstrapping a node is a process of installing chef-client on a target machine so that it can run as a chef-client node and communicate with the chef server.

From the workstation, you can bootstrap the node either by using the node’s root user, or a user with elevated privileges.

# knife bootstrap chefclient.itzgeek.local -x root -P pass --sudo

Important options:

-x: The ssh username

-P: The ssh password

-p: The ssh port

-N: Set your chef-client node name. Leaving this out will usually make hostname being used as the chef-client node name.

–sudo: If the user name on the node will need to use sudo to perform administrative actions, then use this flag. Note: It will prompt you for sudo the sudo password.

Since I didn’t use -N in the command, the hostname will become chef node name.

Output:

Doing old-style registration with the validation key at /root/chef-repo/.chef/itzgeek-validator.pem...
Delete your validation key in order to use your user credentials instead

Connecting to chefclient.itzgeek.local
chefclient.itzgeek.local -----> Installing Chef Omnibus (-v 12)
chefclient.itzgeek.local downloading https://omnitruck-direct.chef.io/chef/install.sh
chefclient.itzgeek.local   to file /tmp/install.sh.2626/install.sh
chefclient.itzgeek.local trying curl...
chefclient.itzgeek.local el 7 x86_64
chefclient.itzgeek.local Getting information for chef stable 12 for el...
.     .     .     .     .     .chefclient.itzgeek.local [2016-11-12T19:24:36-05:00] WARN: Node chefclient.itzgeek.local has an empty run list.
chefclient.itzgeek.local Converging 0 resources
chefclient.itzgeek.local
chefclient.itzgeek.local Running handlers:
chefclient.itzgeek.local Running handlers complete
chefclient.itzgeek.local Chef Client finished, 0/0 resources updated in 05 seconds

Once the bootstrapping is complete, list down the nodes using the following command.

knife node list

Output:

chefclient.itzgeek.local

Get the client node details.

knife client show chefclient.itzgeek.local

Output:

admin:     false
chef_type: client
name:      chefclient.itzgeek.local
validator: false

That’s All for now. We will soon meet again with another post on creating chef cookbooks.

 

Reference : http://www.itzgeek.com/how-tos/linux/centos-how-tos/setup-chef-12-centos-7-rhel-7.html/3

https://sachinsharm.wordpress.com/2013/10/11/installsetup-and-configure-chef-serverworkstationnode-on-centosrhel-6-4/