Setup Chef-Workstation and Chef-Server

How To Setup Chef-Workstation and Chef-Server

Video Tutorial showing how to setup workstation and chef-server:

Chef

Chef is an open source automation tool to manage your infrastructure as code. Provision, orchestrate and do configuration management without worrying about the type of cloud and scale of your infrastructure.

Chef Architecture

Setup Chef workstation

Chef workstation is your local machine/laptop where you write chef code.
On your local machine follow the below steps:

• Install Chef development kit
• Get a good text editor (Sublime/Atom/)
• Create a working directory

mkdir ~/mychef

Chef Server

Chef server is a cetral point which manages all nodes and the nodes pulls the configuation from chef server.

There are two ways of managing chef-server

• Community Hosted chef-server
• Self Hosted chef-server

Setup Self Hosted Chef-server

System Requirement

Considering Red Hat Enterprise Linux system, ensure that the system have:

• 4GB total memory
• A hostname or server name
• is connected to NTP.
• Apache Qpid disabled.
• provides inbound access (including firewall) on port 443 (HTTPS).
• has SELinux disabled or set to permissive mode.

Install chef-server

• SSH the instance on which you want to setup chef server and run the following command

curl -L https://omnitruck.chef.io/install.sh | sudo bash -s -- -P chef-server

• Get a text editor (VIM)

• Create chef server configuration file  /etc/opscode/chef-server.rb (if not present) and add the following settings with a proper domain

server_name = "chef_server_domain"
api_fqdn server_name
bookshelf['vip'] = server_name
nginx['url'] = "https://#{server_name}"
nginx['server_name'] = server_name
nginx['ssl_certificate'] = "/var/opt/opscode/nginx/ca/#{server_name}.crt"
nginx['ssl_certificate_key'] = "/var/opt/opscode/nginx/ca/#{server_name}.key"

• Now apply the configuration by running the following command

sudo chef-server-ctl reconfigure

Install the management console and reporting features

• The management console is the web-based interface into Chef server
• Chef reporting tracks what happens when chef-client runs on your nodes. Chef server uses this information to build reports.

Run the following commands on your Chef server to install the management console.

sudo chef-server-ctl install chef-manage
sudo chef-server-ctl reconfigure
sudo chef-manage-ctl reconfigure

Then run these commands to install the reporting feature

sudo chef-server-ctl install opscode-reporting
sudo chef-server-ctl reconfigure
sudo opscode-reporting-ctl reconfigure

Create admin user

Syntax command:

sudo chef-server-ctl user-create ADMIN_USER_NAME ADMIN_FIRST_NAME ADMIN_LAST_NAME ADMIN_EMAIL ADMIN_PASSWORD --filename ADMIN_USER_NAME.pem

Actual command:

sudo chef-server-ctl user-create jsmith Joe Smith joe.smith@example.com p4ssw0rd --filename jsmith.pem

This will generate an RSA private key (.pem) file in the current directory, which allows us to run knife commands against chef server as an authenticated user.

In the coming step we will copy this file to our workstation.

Create the organization

command syntax:

sudo chef-server-ctl org-create ORG_SHORT_NAME "ORG_LONG_NAME" --association_user ADMIN_USER_NAME

Actual command:

sudo chef-server-ctl org-create 4thcoffee "Fourth Coffee, Inc." --association_user jsmith

Setup knife on workstation by downloading starter kit from chef server

Knife is a command line tool to interact with chef server and nodes for example uploading the chef code i.e. cookbooks to chef server.

From your workstation:

• In web browser, hit the domain for which chef server was configured 
• Login with the username and password you provided in the previous step. 
• From the Administration tab, select your organization. 
• Select Starter Kit from the menu on the left. 
• Click the Download Starter Kit button. 
• Click Proceed. Save the file chef-starter.zip to your computer. 
• Extract chef-starter.zip to your ~/mychef directory.

You are free to choose a directory other than ~/mychef

Now verify that the ~/mychef/chef-repo/.chef directory on your workstation contains the knife configuration file and your RSA key.

ls ~/mychef/chef-repo/.chef

Download SSL certificate

The communication between node and chef server is done over HTTPS(port 443) .
During bootstrap process knife copies SSL certificate from workstation to node. To be able to copy certificate, the workstation should have the copy of SSL certificate.

From your ~/mychef/chef-repo directory, run the knife ssl fetch command to retrieve a copy of the certificate.

knife ssl fetch

Test the connection to Chef server

Run on workstation to check the connection with chef-server

knife client list

In the next post we will create a sample cookbook and will bootstrap a node to interact with chef-server