Chef server, client, and workstation setup:
root@chef_server:~#
# sudo apt-get upgrade # use this command to update software first on ubuntu linux
Install ruby and verify before Chef Env setup:
# sudo apt-get install ruby-full
# which ruby ## verify if ruby get install
# ruby -v
# wget https://opscode-omnibus-packages.s3.amazonaws.com/ubuntu/12.04/x86_64/chef-server_11.0.8-1.ubuntu.12.04_amd64.deb
# which ruby
/bin/ruby
reset ruby path: ( after the Chef development kit is installed to/opt/chefdk/ on UNIX and Linux systems )
https://docs.chef.io/install_dk.html
# echo ‘eval “$(chef shell-init bash)”‘ >> ~/.bash_profile
# which ruby
/opt/chefdk/embedded/bin/ruby
Chef server download and install
# wget https://opscode-omnibus-packages.s3.amazonaws.com/ubuntu/12.04/x86_64/chef-server_11.0.8-1.ubuntu.12.04_amd64.deb
# sudo dpkg -i chef-server_11.0.8-1.ubuntu.12.04_amd64.deb
# sudo chef-server-ctl reconfigure
# root@chef_server:~# dpkg –list | grep chef ### list chef pkg installed
# root@chef_server:~# dpkg -P chef-server chef-zero ### remove chef after install on ubountu linux if you don’t need it any more
Recipe: chef-server::erchef
* service[erchef] action restart
– restart service service[erchef]
Chef Client finished, 270 resources updated
chef-server Reconfigured!
Chef_server running status check:
# chef-server-ctl status
run: bookshelf: (pid 995) 2262767s; run: log: (pid 993) 2262767s
run: chef-expander: (pid 990) 2262767s; run: log: (pid 989) 2262767s
run: chef-server-webui: (pid 996) 2262767s; run: log: (pid 994) 2262767s
run: chef-solr: (pid 1644) 2262430s; run: log: (pid 987) 2262767s
run: erchef: (pid 998) 2262767s; run: log: (pid 997) 2262767s
run: nginx: (pid 1000) 2262767s; run: log: (pid 999) 2262767s
run: postgresql: (pid 1007) 2262767s; run: log: (pid 1004) 2262767s
run: rabbitmq: (pid 992) 2262767s; run: log: (pid 991) 2262767s
Chef_Server running Status UI login:
https://192.168.1.2/users/login ### you may login to web ui, to play with…as you do in command line.
192.168.1.2 –-> chef_server
username: admin
password: p@ssw0rd1 #### change to WHAT YOUR WANT then SAVE to somewhere !!!!!
Please change the default password immediately after logging in!
Public and Private Key created from chef server admin:
Client: chef-validator
chef-validator.pub.pem
—–BEGIN PUBLIC KEY—–
—–END PUBLIC KEY—–
root@chef_server:/etc/chef-server# cat chef-validator.pem
—–BEGIN RSA PRIVATE KEY—–
—–END RSA PRIVATE KEY—–
default admin user and passed:
login: admin
passwd:
added admin user:
login:
passwd:
admin key for ADDED USER ### save the key to some where for later use….
—–BEGIN PUBLIC KEY—–
—–END PUBLIC KEY—–
—–BEGIN RSA PRIVATE KEY—–
—–END RSA PRIVATE KEY—–
For Chef server:
admin key:
—–BEGIN PUBLIC KEY—–
—–END PUBLIC KEY——
—–BEGIN RSA PRIVATE KEY—–
—–END RSA PRIVATE KEY—–
Remove & uninstall not worked Chef installed:
[root@chef_server ~]# rpm -qa *chef*
chef-server-11.1.5-1.el6.x86_64
chef-12.2.0-1.el6.x86_64
root@chef_server ~]# yum remove *chef* ### this is for Chef clean up on Centos Linux, if chef was instlled with yum….
===========================================================================================================================
root@chef_ws:~# #### you may assign IP as 192.168.1.3 for this host
Workstation Setup:
[root@chef_ws]#
Install ruby as what have been done in chef server, then download and install “chefdk”:
# sudo dpkg -i chefdk_0.4.0-1_amd64.deb
root@chef_ws:/tmp/chef_pkgs# ls -ltr
total 328324
-rw-r–r– 1 root root 197934506 Apr 23 2013 chef-server_11.0.8-1.ubuntu.12.04_amd64.deb
-rw-r—– 1 root root 138265262 Mar 30 17:52 chefdk_0.4.0-1_amd64.deb
root@chef_ws:/tmp/chef_pkgs# sudo dpkg -i chefdk_0.4.0-1_amd64.deb
Selecting previously unselected package chefdk.
(Reading database … 82743 files and directories currently installed.)
Preparing to unpack chefdk_0.4.0-1_amd64.deb …
Unpacking chefdk (0.4.0-1) …
Setting up chefdk (0.4.0-1) …
Thank you for installing Chef Development Kit!
=========================================================================================
root@chef_ws:/tmp/chef_pkgs# curl -O -L http://www.opscode.com/chef/install.sh
root@chef_ws:/tmp/chef_pkgs# ls -l
total 328344
-rw-r—– 1 root root 138265262 Mar 30 17:52 chefdk_0.4.0-1_amd64.deb
-rw-r–r– 1 root root 197934506 Apr 23 2013 chef-server_11.0.8-1.ubuntu.12.04_amd64.deb
-rw-r–r– 1 root root 18373 Mar 31 10:42 install.sh
root@chef_ws:/tmp/chef_pkgs# sudo sh install.sh
Downloading Chef for ubuntu…
downloading http://www.opscode.com/chef/metadata?v=&prerelease=false&nightlies=false&p=ubuntu&pv=14.04&m=x86_64
to file /tmp/install.sh.15425/metadata.txt
trying wget…
url http://opscode-omnibus-packages.s3.amazonaws.com/ubuntu/13.04/x86_64/chef_12.2.1-1_amd64.deb
md5 84119f54115d754373c9891b8759497c
sha256 8e0a8a2477c11615f86ffe686a68fa6636112ba82ebe6bb22daa5dd416f3c13e
downloaded metadata file looks valid…
downloading http://opscode-omnibus-packages.s3.amazonaws.com/ubuntu/13.04/x86_64/chef_12.2.1-1_amd64.deb
to file /tmp/install.sh.15425/chef_12.2.1-1_amd64.deb
trying wget…
Comparing checksum with sha256sum…
Installing Chef
installing with dpkg…
Selecting previously unselected package chef.
(Reading database … 125291 files and directories currently installed.)
Preparing to unpack …/chef_12.2.1-1_amd64.deb …
Unpacking chef (12.2.1-1) …
Setting up chef (12.2.1-1) …
Thank you for installing Chef!
root@chef_ws:/tmp/chef_pkgs#
==============================================
http://thornelabs.net/2013/09/16/install-the-open-source-chef-server-setup-knife-on-your-workstation-and-bootstrap-your-first-client-server.html
root@chef_ws:/tmp/chef_pkgs# mkdir ~/Development
root@chef_ws:/tmp/chef_pkgs# cd ~/Development
root@chef_ws:~/Development# git clone https://github.com/opscode/chef-repo.git
Cloning into ‘chef-repo’…
remote: Counting objects: 250, done.
remote: Total 250 (delta 0), reused 0 (delta 0), pack-reused 250
Receiving objects: 100% (250/250), 49.55 KiB | 0 bytes/s, done.
Resolving deltas: 100% (70/70), done.
Checking connectivity… done.
root@chef_ws:~/Development#
# cd ~/Development/chef-repo
# mkdir .chef
# cd .chef
root@chef_ws:~/Development/chef-repo/.chef#
# vi chef-validator.pem
# vi chef-client-validator.pub.pem
# vi admin.pem
# vi admin.pub.pem
# cd ~/Development/chef-repo/.chef/
root@chef_ws:~/Development/chef-repo/.chef/
# knife configure
Overwrite /root/Development/chef-repo/.chef/knife.rb? (Y/N) Y
Please enter the chef server URL: [https://192.168.1.2:443] https://192.168.1.2:443
Please enter an existing username or clientname for the API: [root] admin
Please enter the validation clientname: [chef-validator] chef-validator
Please enter the location of the validation key: [/etc/chef-server/chef-validator.pem] ~/Development/chef-repo/.chef/chef-validator.pem
Please enter the path to a chef repository (or leave blank):
*****
You must place your client key in:
/root/Development/chef-repo/.chef/admin.pem
Before running commands with Knife!
*****
You must place your validation key in:
/root/Development/chef-repo/.chef/chef-validator.pem
Before generating instance data with Knife!
*****
Configuration file written to /root/Development/chef-repo/.chef/knife.rb
=========================================================================
# knife configure
# cat chef-validator.pem >> /root/Development/chef-repo/.chef/admin.pem
# cat /root/Development/chef-repo/.chef/chef-validator.pem
# cat /root/Development/chef-repo/.chef/knife.rb
# knife client list
# knife ssl check
# mkdir /root/Development/chef-repo/.chef/trusted_certs
# cd trusted_certs
Copy “192.168.1.2.crt” from server to client for SSL communication:
# scp 192.168.1.2:/var/opt/chef-server/nginx/ca/192.168.1.2.crt /root/Development/chef-repo/.chef/trusted_certs/
========================================================================
Test knife from client to server via SSL check:
root@chef_ws:~/Development/chef-repo/.chef
# knife ssl check
Connecting to host 192.168.1.2:443
Successfully verified certificates from `192.168.1.2’
root@chef_ws:~/Development/chef-repo/.chef#
root@chef_ws:~# cd ~/Development/chef-repo/.chef
root@chef_ws:~/Development/chef-repo/.chef# ls -l
total 36
-rw-r–r– 1 root root 1675 Mar 31 12:24 admin.pem
-rw-r–r– 1 root root 451 Mar 31 12:19 admin.pub.pem
-rw-r–r– 1 root root 451 Mar 31 12:35 chef-client-validator.pub.pem
-rw-r–r– 1 root root 1675 Mar 31 12:34 chef-validator.pem
-rw-r–r– 1 root root 423 Mar 31 15:31 knife.rb
-rw-r–r– 1 root root 1675 Mar 31 13:11 root.pem
drwxr-xr-x 2 root root 4096 Mar 31 15:28 trusted_certs
root@chef_ws:~/Development/chef-repo/.chef#
root@chef_ws:~# chef verify
Running verification for component ‘berkshelf’
Running verification for component ‘test-kitchen’
Running verification for component ‘chef-client’
Running verification for component ‘chef-dk’
Running verification for component ‘chefspec’
Running verification for component ‘rubocop’
Running verification for component ‘fauxhai’
Running verification for component ‘knife-spork’
Running verification for component ‘kitchen-vagrant’
Running verification for component ‘package installation’
…..
———————————————
Verification of component ‘chef-dk’ succeeded.
Verification of component ‘rubocop’ succeeded.
Verification of component ‘knife-spork’ succeeded.
Verification of component ‘berkshelf’ succeeded.
Verification of component ‘chef-client’ succeeded.
Verification of component ‘fauxhai’ succeeded.
Verification of component ‘test-kitchen’ succeeded.
Verification of component ‘kitchen-vagrant’ succeeded.
Verification of component ‘chefspec’ succeeded.
Verification of component ‘package installation’ succeeded.
root@chef_ws:~#
root@chef_ws:~# which ruby
/opt/chefdk/embedded/bin/ruby
Refer online docs:
http://thornelabs.net/2013/09/16/install-the-open-source-chef-server-setup-knife-on-your-workstation-and-bootstrap-your-first-client-server.html
http://gettingstartedwithchef.com/first-steps-with-chef.html
http://www.linuxfunda.com/2014/02/04/how-to-install-and-configure-chef-client/
http://tcotav.github.io/chefdk_getting_started.html
http://docs.chef.io/client/install_workstation.html
Thank you for installing Chef!
Setup git :
root@chef_ws:~# which git
/usr/bin/git
root@chef_ws:~# git config –global user.name “Benjamin Lu” ###### Please replace my name with yours to create your github account
root@chef_ws:~# git config –global user.email “benlu369@yahoo” ###### Please replace my e-mail with yours to setup your github contact
root@chef_ws:~#
root@chef_ws:~# which knife
/opt/chefdk/bin/knife
root@chef_server:~# scp 192.168.1.3:/root/Development/chef-repo/.chef/chef-validator.pem /etc/chef/chef-validator
Install chef_client from chef_work_station on “chef_ws on 192.168.1.3” to chef_server on “192.168.1.2”:
root@chef_ws:~/Development/chef-repo/.chef#
# knife bootstrap -u root 192.168.1.4 #### thsi will add your 3rd host as chef_client with IP: 192.168.1.4 to Chef_server on 192.168.1.2 from your chef_ws on 192.168.1.3
Connecting to 192.168.1.4
root@192.168.1.4’s password:
192.168.1.4 Installing Chef Client…
…..
100%[======================================>] 18,378 –.-K/s in 0.002s
….
192.168.1.4o Chef Client finished, 0/0 resources updated in 1.795916082 seconds
root@chef_ws:~/Development/chef-repo/.chef
root@chef_server:/etc/chef# chmod 644 client.pem
root@chef_server:/etc/chef# ls -ltr
total 20
-rw——- 1 root root 1676 Mar 31 16:03 validation.pem
drwxr-xr-x 2 root root 4096 Mar 31 16:03 trusted_certs
-rw-r–r– 1 root root 192 Mar 31 16:03 client.rb
-rw-r–r– 1 root root 16 Mar 31 16:03 first-boot.json
-rw-r–r– 1 root root 1675 Mar 31 16:03 client.pem
Test client/workstation ====> server talk from listing chef_client created on chef_server:
root@chef_ws:~/Development/chef-repo# knife client list
chef-validator
chef-webui
192.168.1.4
root@chef_ws:~/Development/chef-repo#
example of add “client” as “chef_client_01.XYZ.com” from workstation chef_ws to CHEF server remotely:
root@chef_ws:~/Development/chef-repo# knife bootstrap -u root chef_client_01.XYZ.com
example of create/detete “environment” from workstation chef_ws on CHEF server remotely:
# knife environment create development -d “The development environment”
# knife environment delete development -d “The development environment”
# knife environment list # this is to list “environment” created on server side, the same view can be see from web ui at: https://192.168.1.2/environments
troubleshooting:
root@chef_ws:~/Development/chef-repo# knife cookbook create my_test_cookbook
# cd /var/chef/cookbooks/my_test_cookbook
root@chef_ws:# ls
attributes CHANGELOG.md definitions files libraries metadata.rb providers README.md recipes resources templates
root@chef_ws:/var/chef/cookbooks/my_test_cookbook# cd recipes
root@chef_ws:/var/chef/cookbooks/my_test_cookbook/recipes# ls
default.rb
===================================================================
#### start chef_client to deploy cookbook on host:
root@192.168.1.4:~/Development/chef-repo# sudo chef-client
Starting Chef Client, version 12.2.1
resolving cookbooks for run list: []
Synchronizing Cookbooks:
Compiling Cookbooks…
[2015-04-14T14:23:17+00:00] WARN: Node 192.168.1.4 has an empty run list.
Converging 0 resources
Running handlers:
Running handlers complete
Chef Client finished, 0/0 resources updated in 1.132211206 seconds
root@chef_ws:~/Development/chef-repo#
====================================
### add “run list” to “192.168.1.4” for “recipe[motd]” :
root@chef_ws:~/Development/chef-repo# knife node run_list add 192.168.1.4 recipe[motd]
192.168.1.4:
run_list: recipe[motd]
Removed “run list” added:
root@chef_ws:~/Development/chef-repo# knife node run_list remove 192.168.1.4 recipe[motd]
https://docs.chef.io/knife_cookbook.html
root@chef_ws:~/Development/chef-repo/roles# knife cookbook bulk delete motd
All versions of the following cookbooks will be deleted:
motd
Do you really want to delete these cookbooks? (Y/N) Y
Deleted cookbook motd [0.1.0]
root@chef_ws:~/Development/chef-repo# knife cookbook create motd
** Creating cookbook motd in /var/chef/cookbooks
** Creating README for cookbook: motd
** Creating CHANGELOG for cookbook: motd
** Creating metadata for cookbook: motd
root@chef_ws:~/Development/chef-repo# knife cookbook upload -a /var/chef/cookbooks/motd -E production
Uploading motd [0.1.0]
Uploaded all cookbooks.
***************************************************************************************************
Examples:
Chef: step_to_deply_new_host_and_Remove_user_from_data_bag
root@ws:~/Development/chef-repo# cat step_2_deply_new_host_for_chef
## go to chef workstation, do following:
cd ~/Development/chef-repo/
# knife bootstrap -u root
# knife node list | grep
# knife client list | grep
## transfer the new added host to production ENV:
# knife exec -E ‘nodes.transform(“chef_environment:_default”) { |n| n.chef_environment(“production”) }’
# add host to run list:
# for most host not as DNS and NTP server, they only need apply the role below:
# knife node run_list set HOST_NAME ‘role[dns_ntp_client_role]’
# example: knife node run_list set
# verify runlist to see if the host has been added:
# knife search node ‘run_list:recipe\[roles\]’
# example: knife search node ‘run_list:role\[dns_ntp_client_role\]’
# example: knife search node
# if all above are running successfilly, go to the client host to run “sudo chef-client” or run from anyware from cli.
===================================================================================================================
# on some CentOS 7 linux, add node and client from WS does not work with error about NTP, need to go to that box to intall NTP then restart services:
$ sudo yum install ntp ntpdate ntp-doc;
$ sudo chkconfig ntpd on;
$ sudo ntpdate pool.ntp.org;
$ sudo /etc/init.d/ntpd start;
$ sudo yum install bind-utils ##### install nslookup from this command, optional
$ sudo yum install ruby; ruby –version; #### install ruby as chef needed
or
$ sudo yum install ntp ntpdate ntp-doc; sudo chkconfig ntpd on; sudo ntpdate pool.ntp.org; sudo /etc/init.d/ntpd start; sudo yum install bind-utils; sudo yum install ruby; ruby –version;
============================================================================
# upload cookbook to production:
$ sudo knife cookbook upload -E production -o cookbooks -a
$ chef-client -v
# upgrade chef-client on node
$ curl -L https://www.opscode.com/chef/install.sh | sudo bash
================================================================================================================
Example to remove user from data bag steps:
step 1:
Edit the user json file to set action to remove:
root@ws:~/Development/chef-repo/data_bags/
{
“id”: “blu”, #### the USER_ID could be
“comment”: “Benjamin Lu”, #### the comment for
“groups”: [ “sysadmin”],
“shell”: “/bin/bash”,
“uid”: 3000, #### this example is a fake, 3000 should the the real “uid” for
“action”: “remove” #### this line of “remove” should be added here for remove !
}
Step 2:
Update data bag in chef server from command :
“knife data bag from file YOUR_sysadmin_group
root@ws:~/Development/chef-repo/data_bags# ls -ltr
total 8
-rw-r–r– 1 root root 1876 Mar 31 10:48 README.md
drwxr-xr-x 2 root root 4096 Jun 26 19:16 YOUR_sysadmin_group
root@ws:~/Development/chef-repo/data_bags# knife data bag from file YOUR_sysadmin_group YOUR_sysadmin_group/blu.json
Updated data_bag_item[YOUR_sysadmin_group::blu]
Step 3:
Go to any host has the user installed from chef, rerun “sudo chef-client” to remove the user.
step 4:
Repeat step 3 on all host has the user installed.
step 5:
Delete this user as “blu” from data bag in chef server from command as below:
# knife data bag delete YOUR_sysadmin_group blu
root@ws:~/Development/chef-repo/data_bags/YOUR_sysadmin_group#
# knife data bag delete YOUR_sysadmin_group blu
Do you really want to delete blu? (Y/N) Y
Deleted data_bag_item[blu]
Done !
==============================================================================================
Troubleshooting :
Some host has no FQDN in /etc/hosts, cause chef deploy NOT work, need fix as below:
Step 1: remove “/etc/chef/client.pem”, then edit “/etc/hosts “ to have FQDN, them remove “/etc/chef”
[root@
$ rm /etc/chef/client.pem
$ hostname
$ vi /etc/hosts ( the host name has to be FQDN )
$ rm -rf /etc/chef
Step 2: go to chef working station to add it again: at
root@ws:~/Development/chef-repo#
example:
$ knife bootstrap -u root
Step 3, Apply role again:
$ knife node run_list set
Step 4, deploy chef again on the client host:
[root@
Done;