Chef Crash Course

Introduction

Chef is a suite of tools that belong to the desired state configuration tools, and basically functions as a client-server type application, with the server continuously checking whether the clients meet certain criteria and adjusting them as necessary when they do not meet them. It can be adapted for use for a wide range of infrastructure, and can control such machines as Windows, Linux, Mac OS X as well as more specialized devices like Cisco ASA and Juniper network devices, and additionally to manage cloud based resources. Tools like Chef are becoming increasingly popular for managing computer infrastructure nowadays, and its rivals are Puppet and Ansible, as well as numerous others. Below is a quick tutorial on how to install chef server, configure it to to control a Windows node, and get Chef to add a specific file to be displayed when a user logs in to the computer. ^[1]

Glossary

Node – a client machine, i.e. machine to be configured. Recipe – a configuration element, used to define what to configure and how. Cookbook - a collection of recipes.

The workflow for getting a working Chef set up is:

• Install the Chef server
• Install the Chef Workstation
• Install the Chef clients on machines to be controlled

This article assumes that the reader is experienced with the command line of Linux.

Install the Chef server

At the moment, the Chef server can be installed only 64-bit Linux machines, as well as on Amazon Web Services and Microsoft Azure, which are outside the scope of this article. For the purposes of this article, the Chef server will be installed on an machine running Ubuntu. The standalone installation of Chef server creates a working installation on a single server. This installation is also useful when you are installing Chef server in a virtual machine, for proof-of-concept deployments, or as a part of a development or testing loop.

To install Chef server 12:

Download the package from http://downloads.chef.io/chef-server/.

Upload the package to the machine that will run the Chef server, and then record its location on the file system. The rest of these steps assume this location is in the /tmp directory.

As a root user, install the Chef server package on the server, using the name of the package provided by Chef.

dpkg -i /tmp/chef-server-core-<version>.deb

After a few minutes, the Chef server will be installed.

Run the following to start all of the services:

chef-server-ctl reconfigure

Because the Chef server is composed of many different services that work together to create a functioning system, this step may take a few minutes to complete.

Run the following command to create an administrator:

chef-server-ctl user-create USER_NAME FIRST_NAME LAST_NAME EMAIL 'PASSWORD' --filename FILE_NAME

An RSA private key is generated automatically. This is the user’s private key and should be saved to a safe location. The --filename option will save the RSA private key to a specified path.

For example:

chef-server-ctl user-create tonymctony Tony McTony tony@mctony.ee 'hodor' --filename /path/to/tonymctony.pem

Run the following command to create an organization:

chef-server-ctl org-create short_name 'full_organization_name' --association_user user_name --filename ORGANIZATION-validator.pem

The name must begin with a lower-case letter or digit, may only contain lower-case letters, digits, hyphens, and underscores, and must be between 1 and 255 characters. For example: familyinc.

The full name must begin with a non-white space character and must be between 1 and 1023 characters. For example: 'Family, Inc.'.

The --association_user option will associate the user_name with the admins security group on the Chef server.

An RSA private key is generated automatically. This is the chef-validator key and should be saved to a safe location. The --filename option will save the RSA private key to a specified path.

For example:

chef-server-ctl org-create familyinc 'Family, Inc.' --association_user tonymctony --filename /path/to/familyinc-validator.pem^[2]

Install the Chef Workstation

Now that our Chef server is up and running, our next action is to configure a workstation. The actual infrastructure coordination and configuration does not take place on the Chef server. This work is done on a workstation which then uploads the data to the server to influence the Chef environment. Once again, we assume that the machine in question is running Ubuntu.

Clone the Chef Repo

The Chef configuration for your infrastructure is maintained in a hierarchical file structure known collectively as a Chef repo. The general structure of this can be found in a GitHub repository provided by the Chef team. We will use git to clone this repo onto our workstation to work as a basis for our infrastructure's Chef repository.

First, we need to install git through the apt packaging tools. Update your packaging index and install the tool by typing:

sudo apt-get update

sudo apt-get install git

Once you have git installed, you can clone the Chef repository onto your machine. For this guide, we will simply clone it to our home directory:

cd ~

git clone https://github.com/chef/chef-repo.git

This will pull down the basic Chef repo structure into a directory called chef-repo in your home directory. Then, download the actual Chef Development Kit:

1) Visit this page: http://downloads.chef.io/chef-dk/.

2) Select a platform, and then a package.

3) Click the download button.

4) Follow the steps in the installer and install the Chef development kit to your machine. The Chef development kit is installed to /opt/chefdk/ on UNIX and Linux systems.

5) When finished, open a command window and enter the following:

chef verify This will verify the main components of the Chef development kit: the chef-client, the Chef development kit library, and the tools that are built into the Chef development kit. The output should be similar to:

Verification of component '...' succeeded.

Download the Authentication Keys to the Workstation

At this point, your workstation has all of the software needed to interact with a Chef server and compose infrastructure configurations. However, it is not yet configured to interact with your Chef server and your environment. In this section, we'll download the credentials we created on the Chef server.

We will use the scp utility to download the user key and the organization validator key that we created on the Chef server. Before doing so, we will create the hidden directory where we will store these files:

mkdir ~/chef-repo/.chef

The method that you use to connect to the Chef server will determine how exactly we go about downloading the keys. Follow the method below that matches your setup:

If you connect to your Chef server through SSH using password-based authentication, the scp command will work without significant modification.

On your workstation, specify the username and domain name or IP address used to connect to the Chef server. Follow this immediately with a colon (:) and the path to the file you wish to download. After adding a space, indicate the directory on the local computer where you wish the download the files to be placed (~/chef-repo/.chef in our case):

scp username@server_domain_or_IP:/path/to/tonymctony.pem ~/chef-repo/.chef

scp username@server_domain_or_IP:/path/to/familyinc-validator.pem ~/chef-repo/.chef

Configuring Knife to Manage your Chef Environment

Now that you have your Chef credentials available on your workstation, we can configure the knife command with the information it needs to connect to and control your Chef infrastructure. This is done through a knife.rb file that we will place in the ~/chef-repo/.chef directory along with our keys.

Open up a file called knife.rb in that directory in your text editor:

nano ~/chef-repo/.chef/knife.rb In this file, paste the following information:

current_dir = File.dirname(__FILE__)

log_level                :info

log_location             STDOUT

node_name                "name_for_workstation"

client_key               "#{current_dir}/tonymctony.pem"

validation_client_name   "familyinc-validator"

validation_key           "#{current_dir}/familyinc-validator.pem"

chef_server_url          "https://server_domain_or_IP/organizations/familyinc"

syntax_check_cache_path  "#{ENV['HOME']}/.chef/syntaxcache"

cookbook_path            ["#{current_dir}/../cookbooks"]

Testing

Before we can begin testing this, we need to fetch the SSL key from the server. This is done with the following command:

knife ssl fetch

After the SSL certificate has been fetched, the following command should now work:

knife client list

With the output being:

familyinc-validator

If the above command correctly returns, your workstation is now set up to control your Chef environment.^[3]

Install Chef client

A Microsoft Installer Package (MSI) is available for installing the chef-client on a Microsoft Windows machine.

To install the chef-client on Microsoft Windows, do the following:

Go to http://www.chef.io/chef/install.

Click the Chef Client tab.

Select Windows, a version, and an architecture.

Under Downloads, select the version of the chef-client to download, and then click the link that appears below to download the package.

Ensure that the MSI is on the target node.

Run the MSI package and use all the default options, clicking "Next" at each installation step.

Run Chef Client as a service

To run the chef-client at periodic intervals (so that it can check in with the Chef server automatically), configure the chef-client to run as a service or as a scheduled task. This can be done via the MSI, by selecting the Chef Client Service option on the Custom Setup page or by running the following command in the command prompt after the chef-client is installed:

chef-service-manager -a install

and then start the chef-client as a service:

chef-service-manager -a start

After the chef-client is configured to run as a service, the default file path is: c:\chef\chef-client.log ^[4]

Adding a specific file to to a computer

Now we'll proceed to add a simple notepad file to be displaying when a user logs in to the computer. Some prior knowledge is required: files and applications to be launched automatically are placed in the startup folder of Windows, with the typical location being C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp. So we will simply instruct Chef to put a simple text file in that location, with the contents This computer is now managed by Chef.

Create Cookbook

First, we will instruct the Chef Workstation to create a new Cookbook:

knife cookbook create fileToStartup

Then browse to the created cookbook recipes folder:

cd ~/chef-repo/fileToStartup/recipes

Listing the contents of this folder reveals a default recipe:

ls

default.rb

Replace the contents of that file with the following:

file 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\notification.txt' do
  content 'This computer is now managed by Chef'
end

To elaborate on what is prescribed above: we set the file location and using the content section fill the file with the specified string. If the file does not exist, it will be created automatically. If it exists, but has a different content, it's content will be overwritten. ^[5]

Upload Cookbook

Now that our basic cookbook is complete, we can upload it to our chef server.

We can do that by typing:

knife cookbook upload fileToStartup

Or, we can upload everything by typing:

knife cookbook upload -a

Now, we can modify the run-list of our nodes. We can do this easily by typing:

knife node edit name_of_node ^[6]

Conclusion

That's it! The next time the Chef client checks for changes from the Chef server, it will see that a new cookbook has been assigned to it, and will apply the necessary changes. While the procedure described here is certainly more lengthy than simply putting the file on the machine manually, this was just an example - Chef can be used to manage applications, specific machine settings, scheduled tasks, and many other infrastructure configuration items. Plus, it scales well to a large number of managed machines, both physical and virtual.

Metadata

Author: Anton Zolotarjov

Group: CSE 15

Date: 2016-06-12

References