Chef Crash Course

From ICO wiki
Revision as of 04:30, 13 June 2016 by Azolotar (talk | contribs)
Jump to navigationJump to search

Chef Crash Course

Introduction

Chef is a suite of tools that belong to the desired state configuration tools, and basically functions as a client-server type application, with the server continuously checking whether the clients meet certain criteria and adjusting them as necessary when they do not meet them. It can be adapted for use for a wide range of infrastructure, and can control such machines as Windows, Linux, Mac OS X as well as more specialized devices like Cisco ASA and Juniper network devices, and additionally to manage cloud based resources. Tools like Chef are becoming increasingly popular for managing computer infrastructure nowadays, and its rivals are Puppet and Ansible, as well as numerous others. Below is a quick tutorial on how to install chef server, configure it to to control a Windows node, and get Chef to install a specific software package on a client Windows machine. Glossary Node – a client machine, i.e. machine to be configured. Recipe – a configuration element, used to define what to configure and how.

The workflow for getting a working Chef set up is:

  • Install the Chef server
  • Install the Chef clients on machines to be controlled
  • (Optional, but highly recommended) Install the Chef development kit to simplify management

Install the Chef server

At the moment, the Chef server can be installed only 64-bit Linux machines, as well as on Amazon Web Services and Microsoft Azure, which are outside the scope of this article. For the purposes of this article, the Chef server will be installed on an machine running Ubuntu. The standalone installation of Chef server creates a working installation on a single server. This installation is also useful when you are installing Chef server in a virtual machine, for proof-of-concept deployments, or as a part of a development or testing loop.

To install Chef server 12:

Download the package from http://downloads.chef.io/chef-server/.

Upload the package to the machine that will run the Chef server, and then record its location on the file system. The rest of these steps assume this location is in the /tmp directory.

As a root user, install the Chef server package on the server, using the name of the package provided by Chef.

$ dpkg -i /tmp/chef-server-core-<version>.deb

After a few minutes, the Chef server will be installed.

Run the following to start all of the services:

$ chef-server-ctl reconfigure

Because the Chef server is composed of many different services that work together to create a functioning system, this step may take a few minutes to complete.

Run the following command to create an administrator:

$ chef-server-ctl user-create USER_NAME FIRST_NAME LAST_NAME EMAIL 'PASSWORD' --filename FILE_NAME

An RSA private key is generated automatically. This is the user’s private key and should be saved to a safe location. The --filename option will save the RSA private key to a specified path.

For example:

$ chef-server-ctl user-create tonymctony Tony McTony tony@mctony.ee 'hodor' --filename /path/to/tonymctony.pem

Run the following command to create an organization:

$ chef-server-ctl org-create short_name 'full_organization_name' --association_user user_name --filename ORGANIZATION-validator.pem

The name must begin with a lower-case letter or digit, may only contain lower-case letters, digits, hyphens, and underscores, and must be between 1 and 255 characters. For example: familyinc.

The full name must begin with a non-white space character and must be between 1 and 1023 characters. For example: 'Family, Inc.'.

The --association_user option will associate the user_name with the admins security group on the Chef server.

An RSA private key is generated automatically. This is the chef-validator key and should be saved to a safe location. The --filename option will save the RSA private key to a specified path.

For example:

$ chef-server-ctl org-create familyinc 'Family, Inc.' --association_user tonymctony --filename /path/to/familyinc-validator.pem