https://sachinsharm.wordpress.com/2013/10/11/installsetup-and-configure-chef-serverworkstationnode-on-centosrhel-6-4/
PART 1: INSTALL/SETUP AND CONFIGURE CHEF SERVER/WORKSTATION/NODE ON CENTOS/RHEL 6.4
This article will guide you through the installation and configuration steps of Chef Server/Workstation/Node on CentOS/RHEL 6.4.
The procedure mentioned in this tutorial is tested on:
The procedure mentioned in this tutorial is tested on:
| OS | CentOS 6.4 |
| Chef Server | 11.0.8 |
| Knife | 11.6.0 |
What is Chef?
Chef is a Ruby-based configuration management engine. It acts as a hub, ensuring that the right cookbooks are used, that the right policies are applied, that all of the node objects are up-to-date, and that all of the nodes that will be maintained are registered and known to the Chef Server. The Chef Server distributes configuration details (such as recipes, templates, and file distributions) to every node within the organization. Chef then does as much of the configuration work as possible on the nodes themselves (and not on the Chef Server). This scalable approach distributes the configuration effort throughout the organization.
Chef Server:
The server acts as a hub for configuration data. The server stores cookbooks, the policies that are applied to nodes, and metadata that describes each registered node that is being managed by the chef-client. Nodes use the chef-client to ask the server for configuration details, such as recipes, templates, and file distributions. Starting with the release of Chef 11.x, the front-end for the server is written using Erlang.
Workstations:
A workstation is a computer that is configured to run Knife, to synchronize with the chef-repo, and interact with a single server. The workstation is the location from which most users will do most of their work, including:
A workstation is a computer that is configured to run Knife, to synchronize with the chef-repo, and interact with a single server. The workstation is the location from which most users will do most of their work, including:
- Developing cookbooks and recipes (and authoring them using Ruby).
- Keeping the chef-repo synchronized with version source control.
- Using Knife to upload items from the chef-repo to the server.
- Configuring organizational policy, including defining roles and environments and ensuring that critical data is stored in data bags.
- Interacting with nodes, as (or when) required, such as performing a bootstrap operation.
Node:
A node is any server or virtual server that is configured to be maintained by a chef-client. A node can be any physical, virtual, or cloud machine that can run the chef-client. A chef-client is an agent that runs locally on every node that is registered with the server. When a chef-client is run, it will perform all of the steps that are required to bring the node into the expected state, including:
A node is any server or virtual server that is configured to be maintained by a chef-client. A node can be any physical, virtual, or cloud machine that can run the chef-client. A chef-client is an agent that runs locally on every node that is registered with the server. When a chef-client is run, it will perform all of the steps that are required to bring the node into the expected state, including:
- Registering and authenticating the node with the server.
- Building the node object.
- Synchronizing cookbooks.
- Compiling the resource collection by loading each of the required cookbooks, including recipes, attributes, and all other dependencies.
- Taking the appropriate and required actions to configure the node.
- Looking for exceptions and notifications, handling each as required.
RSA public key-pairs are used to authenticate the chef-client with the server every time a chef-client needs access to data that is stored on the server. This prevents any node from accessing data that it shouldn’t and it ensures that only nodes that are properly registered with the server can be managed.
I) Prerequisite
1) Host should have fully configured hostname.
2) Should have DNS entry in place.
3) Following package are required.
1) Host should have fully configured hostname.
2) Should have DNS entry in place.
3) Following package are required.
# yum install wget curl -y
II) Chef Server Installation
1) Go to http://www.opscode.com/chef/install.
2) Click the Chef Server tab.
3) Select the operating system, version, and architecture.
4) Select the version of Chef Server 11.x to download, and then click the link that appears to download the package.
5) Install the downloaded package using the correct method for the operating system on which Chef Server 11.x will be installed.
1) Go to http://www.opscode.com/chef/install.
2) Click the Chef Server tab.
3) Select the operating system, version, and architecture.
4) Select the version of Chef Server 11.x to download, and then click the link that appears to download the package.
5) Install the downloaded package using the correct method for the operating system on which Chef Server 11.x will be installed.
# rpm -ivh https://opscode-omnibus-packages.s3.amazonaws.com/el/6/x86_64/chef-server-11.0.8-1.el6.x86_64.rpm
6) Configure Chef Server 11.x by running the following command:
# chef-server-ctl reconfigure
The *chef-server-ctl* command will set up all of the required components, including Erchef, RabbitMQ, PostgreSQL, and all of the cookbooks that are used by chef to maintain Chef Server 11.x.
7) Verify the the hostname for the server by running the *hostname* command. The hostname for the server must be a FQDN.
# hostname
8) Verify the installation of Chef Server 11.x by running the following command:
# chef-server-ctl test
Note: Try to stop apache before running this test.
9) You can explore the Chef Server URL using your favorite browser:
# https://FQDN-OR-IP-OF-CHEF-SERVER
Note: Default UserName/Password is admin/p@ssw0rd1
10) The *chef-server-ctl* command is used on the Chef Server system for management. It has built-in help (-h) that will display the various sub-commands.
II) Chef WorkStation Installation
1) Run the following command that appears (for UNIX and Linux environments):
1) Run the following command that appears (for UNIX and Linux environments):
# curl -L https://www.opscode.com/chef/install.sh | bash
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
101 6790 101 6790 0 0 3826 0 0:00:01 0:00:01 --:--:-- 12190
Downloading Chef for el...
Installing Chef
warning: /tmp/tmp.KnyQTnqz/chef-.x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID 83ef826a: NOKEY
Preparing... ########################################### [100%]
1:chef ########################################### [100%]
Thank you for installing Chef!
2) When the installation is finished enter the *chef-client* command to verify that the chef-client was installed:
# chef-client -v
Chef: 11.6.0
3) Create the “.chef” directory
The .chef directory is used to store three files:
The .chef directory is used to store three files:
- knife.rb
- ORGANIZATION-validator.pem
- USER.pem
a) Copy Cert Keys from Chef Server to your Workstation User Folder:
$ mkdir ~/.chef
$ scp root@chef-server:/etc/chef-server/admin.pem ~/.chef
$ scp root@chef-server:/etc/chef-server/chef-validator.pem ~/.chef
b) Now we will configure the Client setting using *knife* command.
$ knife configure -i
Overwrite /root/.chef/knife.rb? (Y/N) y
Please enter the chef server URL: [https://test.example.com:443] https://chef-server.example.com:443/
Please enter a name for the new user: [root] knife-user1
Please enter the existing admin name: [admin] Enter
Please enter the location of the existing admin's private key: [/etc/chef-server/admin.pem] ~/.chef/admin.pem
Please enter the validation clientname: [chef-validator]
Please enter the location of the validation key: [/etc/chef-server/chef-validator.pem] ~/.chef/chef-validator.pem
Please enter the path to a chef repository (or leave blank):
Creating initial API user...
Please enter a password for the new user:
Created user[knife-user1]
Configuration file written to /root/.chef/knife.rb
c) Your Knife config file (knife.rb) will look like:
$ cat ~/.chef/knife.rb
log_level :info
log_location STDOUT
node_name 'knife-user1'
client_key '/root/.chef/knife-user1.pem'
validation_client_name 'chef-validator'
validation_key '/root/.chef/admin.pem'
chef_server_url 'https://chef-server.example.com:443/'
syntax_check_cache_path '/root/.chef/syntax_check_cache'
d) Verify the install by running the following commands to ensure that every chef-client and user was registered correctly.
$ knife client list
chef-validator
chef-webui
$ knife user list
admin
knife-user1
III) Chef Node Installation
1) Run the following command that appears (for UNIX and Linux environments):
1) Run the following command that appears (for UNIX and Linux environments):
# curl -L https://www.opscode.com/chef/install.sh | bash
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
101 6790 101 6790 0 0 3826 0 0:00:01 0:00:01 --:--:-- 12190
Downloading Chef for el...
Installing Chef
warning: /tmp/tmp.KnyQTnqz/chef-.x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID 83ef826a: NOKEY
Preparing... ########################################### [100%]
1:chef ########################################### [100%]
Thank you for installing Chef!
2) Create the Chef Directory.
# mkdir /etc/chef
3) Copy Chef Server Validation Cert Keys from Chef Server to your Node at “/etc/chef”:
# scp root@chef-server:/etc/chef-server/chef-validator.pem /etc/chef
4) Log in to Chef client and run the following command in order for a client to register itself with Chef Server:
# chef-client -S https://FQDN-OR-IP-OF-CHEF-SERVER -K /etc/chef/chef-validator.pem
5) Once the client is verified, we need to create a “client.rb” file inside “/etc/chef”.
# vi /etc/chef/client.rb
log_level :info
log_location STDOUT
chef_server_url 'https://FQDN-OR-IP-OF-CHEF-SERVER'
6) Verify the Node is successfully registered with Chef Server using:
a) From Workstation Machine:
a) From Workstation Machine:
# knife node list
b) From Chef Server Web UI (Node List):
# https://FQDN-OR-IP-OF-CHEF-SERVER
7) Run the Chef Client to check if the respective cookbook (recipe’s) are pushed to that node:
# chef-client
# chef-client -l debug (In case if you want to debug)
8) Starts the chef-client which will poll the chef-server every 3600 seconds for changes.
# chef-client -i 3600
No comments:
Post a Comment