Not only a good tool, but a complete toolkit to build your devops dreams: CM, CMDB, inventory, ...
Recently, Opscode guys change the way on they distribute their product, using Omnibus. I'll try to install and configure Chef Server, using chef-solo method.
curl -L http://www.opscode.com/chef/install.sh | sudo bash
Checkout install dir:
ls -l /opt/chef
Type chef-client. You must see something similar to this
[Thu, 30 Aug 2012 07:57:53 +0000] WARN: *****************************************
[Thu, 30 Aug 2012 07:57:53 +0000] WARN: Did not find config file: /etc/chef/client.rb, using command line options.
[Thu, 30 Aug 2012 07:57:53 +0000] WARN: *****************************************
[Thu, 30 Aug 2012 07:57:53 +0000] INFO: *** Chef 10.12.0 ***
[Thu, 30 Aug 2012 07:57:55 +0000] INFO: Client key /etc/chef/client.pem is not present - registering
[Thu, 30 Aug 2012 07:57:55 +0000] WARN: Failed to read the private key /etc/chef/validation.pem: #
[Thu, 30 Aug 2012 07:57:55 +0000] FATAL: Stacktrace dumped to /var/chef/cache/chef-stacktrace.out
[Thu, 30 Aug 2012 07:57:55 +0000] FATAL: Chef::Exceptions::PrivateKeyMissing: I cannot read /etc/chef/validation.pem, which you told me to use to sign requests!
Don't worry. It's OK. Simply we don't have a working chef API server to register our chef server (recursive error ahead! :P )
Every Chef installation needs a Chef Repository. This is the place where cookbooks, roles, config files and other artifacts for managing systems with Chef will live.
I'd prefer use GIT to manage Chef's repo, but my projects mates are currently using subversion, so we'll go to the "unsupported" way of life :D
wget https://github.com/opscode/chef-repo/tarball/master
tar zxf master
mv opscode-chef-repo-a3bec38/ chef-repo
svn add chef-repo
Create /etc/chef/chef-solo.rb file:
file_cache_path "/tmp/chef-solo"
cookbook_path "/tmp/chef-solo/cookbooks"
recipe_url "http://s3.amazonaws.com/chef-solo/bootstrap-latest.tar.gz"
Create /etc/chef/chef-solo.json:
{
"bootstrap": {
"chef-server": {
"init_style": "init",
"server_fqdn": "vm-chef-server.example.es",
"webui_enabled": true
}
},
"run_list": [ "recipe[chef-server::rubygems-install]" ]
}
If you are using Vagrant, note that Vagrant includes a fully functional ruby environment, located at /opt/vagrant_ruby, who makes chef-solo's install fails, because Omnibus installer use this Ruby path instead the Omnibus provided. As a simple solution, launch chef-solo with explicit ruby PATH
mv /opt/vagrant_ruby /opt/vagrant_ruby_old
export PATH=/opt/bin:$PATH
sudo chef-solo -c /etc/chef/solo.rb -j /etc/chef/chef.json
Previously, we must install build-essential package, that installs g++, make and other tools of the trade. If not,
--without-/opt/chef/embedded/lib/ruby/1.9.1/mkmf.rb:368:in `try_do': The complier failed to generate an executable file. (RuntimeError)
You have to install development tools first.
If everything goes fine, you must have a fully functional Chef server, with the webUI listening on port defined. Just fire sudo ss -lnp or sudo lsof -i -nto see port number
Next step: managing Chef.
The system where you are doing development and maintaining a cookbook repository we can call a workstation or your management workstation. It is where you run knife commands. Let's create a knife.rb file that works with our new shiny server
sudo knife configure -i
WARNING: No knife configuration file found
Where should I put the config file? [/home/sadiel/.chef/knife.rb]
Please enter the chef server URL: [http://vm-chef-server:4000]
Please enter a clientname for the new client: [sadiel] root
Please enter the existing admin clientname: [chef-webui]
Please enter the location of the existing admin client's private key: [/etc/chef/webui.pem]
Please enter the validation clientname: [chef-validator]
Please enter the location of the validation key: [/etc/chef/validation.pem]
Please enter the path to a chef repository (or leave blank):
Creating initial API user...
Created client[root]
Configuration file written to /home/sadiel/.chef/knife.rb
We use sudo command, because we need read-write access to /etc/chef directory.
In /home/sadiel/.chef we can found two files:
- knife.rb: tells knife how to interact with the server API
- root.pem: RSA certificate that identifies node_name "root" user defined on knife.rb
You must copy to your management workstation. Adapt file paths and URL to reflect your settings. Don't forget to chmod 600 files. These are chef-repo/.chef/knife.rb contents:
current_dir = File.dirname(__FILE__)
log_level :info
log_location STDOUT
node_name 'root'
client_key "#{current_dir}/root.pem"
validation_client_name 'chef-validator'G
validation_key '/etc/chef/validation.pem'
chef_server_url 'http://vm-chef-server:4000'
cache_type 'BasicFile'
cache_options( :path => '#{current_dir}/checksums' )
Test your settings with knife client list.
OK, you are the proud father of a chef server.
