David - Musings of an SRE

Setting up Chef

2015-03-24

Prerequisite: Chef 12.1.x

Setting up Chef-Server

Download Chef on your Chef-Server

  $ wget https://web-dl.packagecloud.io/chef/stable/packages/ubuntu/trusty/chef-server-core_12.0.5-1_amd64.deb
  $ sudo dpkg -i chef-server-core_*.deb
  $ sudo chef-server-ctl reconfigure

Install Opscode-Manage

Web interface for Chef management (highly recommended)

Note: Opscode-Manage will run on port 80 so keep that free.

  # On Chef-server 
  $ chef-server-ctl install opscode-manage
  $ opscode-manage-ctl reconfigure
  $ chef-server-ctl reconfigure

Setup your User and Organization

Users are an account that will be used to connect to Chef-server. You can have a user account for every sysadmin you have in your team.

Organization are a grouping of user.

Create your user

  $ chef-server-ctl user-create USERNAME FIRST_NAME LAST_NAME EMAIL PASSWORD -f
USERNAME.pem

Create your organization

  $ chef-server-ctl org-create SHORTNAME LONGNAME --association_user USERNAME -f
SHORTNAME-validator.pem

These 2 commands will create a USERNAME.pem and SHORTNAME-validator.pem file on your chef-server which you will need to copy over later.

Setting up Chef-Workstation

Workstations are what you setup locally on your development machine. A workstation is a machine that interfaces with the chef-server.

Clone your chef-repo.

  $ git clone http://github.com/chef/chef-repo.git

Install Chef’s Development Kit (the meat of your Workstation)

  $ wget
https://opscode-omnibus-packages.s3.amazonaws.com/ubuntu/12.04/x86_64/chefdk_0.4.0-1_amd64.deb
  $ sudo dpkg -i chefdk_*.deb

Verify

Verify that you have everything there

  $ chef verify

Copying your keys to your workstation

Create a .chef/ directory in your chef-repo directory

  $ mkdir ~/chef-repo/.chef

Copy the 2 .pem files from your chef-server to the .chef/ director

  $ scp root@server_domain_or_IP:/root/USERNAME.pem ~/chef-repo/.chef
  $ scp root@server_domain_or_IP:/root/SHORTNAME-validator.pem ~/chef-repo/.chef

Note: Make sure you can connect to your chef-server from your workstation without having to fill in a password. If you haven’t set it up already, put your workstation’s public key to your chef’s root/.ssh/authorized_keys directory.

Create a Knife file

Knife is a toolkit that you will be using to interact with your chef-workstation.

Remember your ~/chef-repo/.chef/?

Create a knife.rb

  current_dir = File.dirname(__FILE__)
  log_level                :info
  log_location             STDOUT
  node_name                "USERNAME"
  client_key               "#{current_dir}/USERNAME.pem"
  validation_client_name   "ORG_SHORTNAME"
  validation_key           "#{current_dir}/SHORTNAME_validator_key"
  chef_server_url
  "https://server_domain_or_IP/organizations/SHORTNAME"
  syntax_check_cache_path  "#{ENV['HOME']}/.chef/syntaxcache"
  cookbook_path            ["#{current_dir}/../cookbooks"]

Fetch SSL cert from Chef-Server

  $ knife ssl fetch

Now verify that everything is a-ok.

  $ knife client list

This should return “SHORTNAME-validator”

You’re all setup!

Remember you can access http://server_ip/ to access your Opscode-manage for easier web interfacing.