Install and Configure Chef Server on Ubuntu-14.04

Want your very own server? Get our 1GB memory, Xeon V4, 25GB SSD VPS for £10.00 / month. Get a Cloud Server

Introduction

Chef is an open source configuration management and automation tool writen in Ruby and Erlang that is used to manage your IT infrastructure from centralized location.

As today's IT infrastructure requirements, managing and administrating server by hand becomes very difficult task for the system administrator. Chef is specially designed to resolve these issues by turning your infrastructure administration into a code base. Chef allows DevOps engineers to manage and deploy resources accross multiple nodes.

You can easily integrate Chef with major cloud providers such as Rackspace, Google Cloud, Openstack, and Amazon EC2. Chef can be used to speed up your application development, and manage hundreds of thousands of servers easily.

Many companies use Chef to manage their IT infrastructure like Mozilla, Facebook, HP Cloud, Diney, Rackspace, Citi and many more.

Features:

Manage each node from central location.

Support for Linux, Windows, Mac OS and many more.

Easily integrates with most cloud providers.

This tutorial explains step by step instruction to install and configure Chef server on Ubuntu-14.04 server.

Requirements

A server machine running Ubuntu-14.04.

A connection to NTP server.

A resolvable hostname that can be accessed from your machine and nodes.

A non-root user account with sudo privilege set up on your server.

Minimum 4GB memory installed on your server.

Install Chef Server

Before installing Chef server, it is recommended you update your server.

To update your server local package cache, run the following command:

sudo apt-get update

Once your server is up to date, download the latest version of chef server from https://downloads.chef.io/chef-server/ubuntu.

You can easily download the Chef package using the following wget command:

wget https://packages.chef.io/stable/ubuntu/14.04/chef-server-core_12.8.0-1_amd64.deb

Once download is complete, run the following command to install Chef server:

sudo dpkg -i chef-server-core_12.8.0-1_amd64.deb

Alternatively, you can install Chef server using following curl command:

sudo curl -L https://omnitruck.chef.io/install.sh | sudo bash -s -- -P chef-server

Configure Chef Server

Once the chef server is installed, you will need to configure chef server. The chef server main configuration file /etc/opscode/chef-server.rb contains additional settings. You can leave this file empty, but it is important to to configure chef server with hostname that's accessible from outside network.

Now, make the following changes by editing this file:

sudo nano /etc/opscode/chef-server.rb

Make the changes as shown below:

server_name = "CHEF_SERVER_FQDN" api_fqdn server_name bookshelf['vip'] = server_name nginx['url'] = "https://#{server_name}" nginx['server_name'] = server_name nginx['ssl_certificate'] = "/var/opt/opscode/nginx/ca/#{server_name}.crt" nginx['ssl_certificate_key'] = "/var/opt/opscode/nginx/ca/#{server_name}.key"

Save the file and run the following command to apply the configuration settings and start the server.

sudo chef-server-ctl reconfigure

Next, check the chef server status by running the following command:

sudo chef-server-ctl status

You should see the following output:

run: bookshelf: (pid 4486) 39s; run: log: (pid 4526) 30s run: nginx: (pid 4269) 44s; run: log: (pid 4679) 31s run: oc_bifrost: (pid 4199) 46s; run: log: (pid 4246) 23s run: oc_id: (pid 4253) 45s; run: log: (pid 4258) 46s run: opscode-erchef: (pid 4591) 36s; run: log: (pid 4580) 35s run: opscode-expander: (pid 4367) 41s; run: log: (pid 4469) 40s run: opscode-expander-reindexer: (pid 4435) 40s; run: log: (pid 4475) 42s run: opscode-solr4: (pid 4308) 42s; run: log: (pid 4344) 41s run: postgresql: (pid 4151) 46s; run: log: (pid 4174) 48s run: rabbitmq: (pid 1685) 136s; run: log: (pid 4138) 42s run: redis_lb: (pid 4086) 64s; run: log: (pid 4673) 31s

The chef server is now installed and started.

Install the Management Console and Features

The management console is the web-based interface used to manage Chef server from web. It is not necessary for large deployments, it is very useful because it enables you to interact with nodes and understand how Chef server works.

You can easily install the management console on your chef server by running the following command:

sudo chef-server-ctl install chef-managesudo sudo chef-server-ctl reconfigure sudo chef-manage-ctl reconfigure

Next, install reporting features by running the following command:

sudo chef-server-ctl install opscode-reporting sudo chef-server-ctl reconfigure sudo opscode-reporting-ctl reconfigure

Create an Administrator Account and Organization

Next, you will need to create an administrator account and an organization, that will have access to make changes to the infrastructure components in the organization we will be creating.

You can do this by using the user-create subcommand of the chef-server-ctl command. The command requires other fields to be passed in during the creation process.

Now, let's create user account with the following information:

Username : admin First Name : admin Last Name : admin Email: admin@hostpresto.com Password: password FIlename : admin.pem

Also, create an organization with the following information:

Short Name: hostpresto Long Name: hostpresto.com Association User: admin Filename: hostpresto.pem

Also, you will need to create a .chef directory to store the keys in home directory. In order to link workstations and nodes to the Chef server, an administrator and an organization need to be created with associated RSA private keys.

sudo mkdir .chef

Now, create an admin user account by running the following command:

sudo chef-server-ctl user-create admin admin admin admin@hostpresto.com password -f ~/.chef/admin.pem

Next, create an organization with the org-create subcommand:

sudo chef-server-ctl org-create hostpresto "hostpresto.com" --association_user admin -f ~/.chef/hostpresto.pem

Now, you should see two .pem key files in ~/.chef/ directory by running the following command:

ls

Output:

admin.pem hostpresto.pem

Now, Chef server installation is complete. It's time to install the GUI plugin for the Chef.

You can install it by running the following command:

sudo chef-server-ctl install opscode-manage sudo opscode-manage-ctl reconfigure sudo chef-server-ctl reconfigure

Once installation is complete, you can access the web interface by typing the URL http://chef-server-ip from your web browser, you should see a warning because the SSL certificate is signed by an authority not recognized by your browser. Click on the "Proceed anyway" button.

You should see the login page as below:

After entering your login credentials, you should get "Chef Manage" page:

If you want to install additional Chef plugins such as Opscode Push Jobs plugin and Analytics plugin, run the following commands:

sudo chef-server-ctl install opscode-push-jobs-server

sudo opscode-push-jobs-server-ctl reconfigure

sudo chef-server-ctl reconfigure

sudo chef-server-ctl install opscode-analytics

echo 'analytics_fqdn "FQDN"' | sudo tee -a /etc/opscode-analytics/opscode-analytics.rb

sudo opscode-analytics-ctl reconfigure

sudo chef-server-ctl reconfigure

##Configure Workstation on Chef server

Your Chef server is up and running. Next, we are going to setup its workstation to create and configure any recipes, cookbooks, attributes, and other changes.

First, you will need to create a new user and an organization in order to setup a workstation.

Run the following command to create user and organization.

sudo chef-server-ctl user-create hostpresto Hostpresto hitesh hitesh@gmail.com hostpresto123 --filename hitesh.pem

sudo chef-server-ctl org-create blogs Hostpresto_Inc Blogs Inc. --association_user hostpresto --filename blogs.pem

On Chef workstation, access your Chef server management console by typing the URL http://chef-server-ip, and download starter-kit from the chef manage web console on a workstation and use it to work with Chef server as shown below:

Next, you need to download and setup Chef development kit.

You can download chef development kit from its official web by running the following command:

wget https://opscode-omnibus-packages.s3.amazonaws.com/ubuntu/12.04/x86_64/chefdk_0.6.2-1_amd64.deb

Install it by using the dpkg command:

sudo dpkg -i chefdk_0.6.2-1_amd64.deb

Once installation is complete, you can verify it by running the following command:

sudo chef verify

The output looks like the following:

Running verification for component 'berkshelf' Running verification for component 'test-kitchen' Running verification for component 'chef-client' Running verification for component 'chef-dk' Running verification for component 'chefspec' Running verification for component 'rubocop' Running verification for component 'fauxhai' Running verification for component 'knife-spork' Running verification for component 'kitchen-vagrant' Running verification for component 'package installation' Running verification for component 'openssl' .............. --------------------------------------------- Verification of component 'rubocop' succeeded. Verification of component 'knife-spork' succeeded. Verification of component 'openssl' succeeded. Verification of component 'berkshelf' succeeded. Verification of component 'chef-dk' succeeded. Verification of component 'fauxhai' succeeded. Verification of component 'test-kitchen' succeeded. Verification of component 'kitchen-vagrant' succeeded. Verification of component 'chef-client' succeeded. Verification of component 'chefspec' succeeded. Verification of component 'package installation' succeeded.

Next, you will need to create chef directory and copy the two user and organization pem files to this folder from chef server.

You can do this by running the following command:

mkdir ~/.chef

On the chef server, run the following command:

sudo scp hostpresto.pem blogs.pem admin.pem hitesh.pem root@workstation:/.chef/

Configure Knife to Manage Chef Environment

On chef workstation, you will need to create file "~/.chef/knife.rb":

sudo nano ~/.chef/knife.rb

add the following content:

current_dir = File.dirname(__FILE__) log_level :info log_location STDOUT node_name "admin" client_key "#{current_dir}/admin.pem" validation_client_name "admin-hostpresto" validation_key "#{current_dir}/hostpresto.pem" chef_server_url "https://chef-server-ip/organizations/hostpresto" cache_type 'BasicFile' cache_options( :path => "#{ENV['HOME']}/.chef/checksums" ) cookbook_path ["#{current_dir}/../cookbooks"]

The following directive should be adjusted as per your infrastructure:

node_name: This should be your username that knife will use to connect to your Chef server.

client_key: This is the name and path of the user key that you copied over from the Chef server.

validation_client_name: This is the name of the validation client that knife will use to bootstrap new nodes.

validation_key: This is the name and path of the validation key that you copied over from the Chef server.

chef_server_url: This is the full URL of the Chef server.

Next, create ~/cookbooks folder for cookbooks as specified knife.rb file.

sudo mkdir cookbooks

Next, run the following commands to verify whether knife configuration is working or not:

sudo knife user list

You should see the following error, because you do not have your Chef server's SSL certificate on your workstation.

ERROR: SSL Validation failure connecting to host: chef-server-ip - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed ERROR: Could not establish a secure connection to the server. Use `knife ssl check` to troubleshoot your SSL configuration. If your Chef Server uses a self-signed certificate, you can use `knife ssl fetch` to make knife trust the server's certificates.

To resolve above error, you need to fetch the ssl certs and run the above command again:

sudo knife ssl fetch

Output:

WARNING: Certificates from chef-server-ip will be fetched and placed in your trusted_cert directory (/.chef/trusted_certs). Knife has no means to verify these are the correct certificates. You should verify the authenticity of these certificates after downloading. Adding certificate for ubuntu-14-chef.test.com in /.chef/trusted_certs/ubuntu-14-chef_test_com.crt

After fetching ssl certs, run the following command:

sudo knife client list

Output:

admin-hostpresto

Configure New Nodes to Interact with Chef Server

After configuring chef-server and the knife workstation, it's time to add new servers to our chef environment by Configuring a new node to interact with chef server.

Run the following command to configure a new node to work with chef server on Workstation:

sudo knife bootstrap chef-server-ip --ssh-user root --ssh-password password --node-name newnode

You should see the following output:

Doing old-style registration with the validation key at /.chef/hostpresto.pem... Delete your validation key in order to use your user credentials instead Connecting to chef-server-ip chef-server-ip Installing Chef Client... chef-server-ip --2016-09-22 22:21:16-- https://www.opscode.com/chef/install.sh chef-server-ip Resolving www.opscode.com (www.opscode.com)... 184.106.28.91 chef-server-ip Connecting to www.opscode.com (www.opscode.com)|184.106.28.91|:443... connected. chef-server-ip HTTP request sent, awaiting response... 200 OK chef-server-ip Length: 18736 (18K) [application/x-sh] chef-server-ip Saving to: ‘STDOUT’ chef-server-ip 100%[======================================>] 18,736 --.-K/s in 0s chef-server-ip chef-server-ip 2016-09-22 22:21:17 (200 MB/s) - written to stdout [18736/18736] chef-server-ip chef-server-ip Downloading Chef 12 for ubuntu... chef-server-ip downloading https://www.opscode.com/chef/metadata?v=12&prerelease=false&nightlies=false&p=ubuntu&pv=14.04&m=x86_64 chef-server-ip to file /tmp/install.sh.26024/metadata.txt chef-server-ip trying wget...

You can list node created above by running the following command:

sudo knife node list

Output:

newnode

Similarly you can add multiple nodes to your chef infrastructure by providing ssh credentials with the same above knofe bootstrap command.