Chef is an automation platform that configures and manages your infrastruture. It transforms the infrastruture into code. It is a Ruby based configuration management tool. This automation platform consists of a Chef workstation, a Chef server and chef clients which are the nodes managed by the Chef server. All the chef configuration files, recipes, cookbooks, templates etc are created and tested on the Chef workstation and are uploaded to the Chef Server, then it distributes these across every possible nodes registered within the organisations. It is an ideal automation framework for the Ceph and OpenStack. Not only it gives us complete control but it's super easy to work with.
In this article, I'm explaining the steps I followed for implementing a Chef automation environment on my CentOS 7 servers.
Pre-requisites
- It is recommended to have a FQDN hostname
- Chef supports only 64 bit architecture
- Proper network/Firewall/hosts configurations are recommended
How Chef works?
Chef comprises of a workstation which is configured to develop the recipes and cookbooks. It is also configured to run the knife and synchronizes with the chef-repo to keep it up-to-date. It helps in configuring organizational policy, including defining roles & environments and ensuring that critical data is being stored in data bags. Once these recipes/cookbooks are tested in the workstations, we can upload it to our Chef server. Chef server stores these recipes and assigns on to the nodes depending on their requirements. Basically nodes communicates with only the chef server and takes instructions and recipes from there.
In my demo setup, I'm having three servers namely
- chefserver.test20.com - Chef Server
- chefwork.test20.com - Chef Workstation
- chefnode.test20.com - Chef Node
Let's us start with building Workstation.
Setup a Workstation
First of all, login to our server chefwork, then download the Chef development package. Once the package is downloaded, we can install the package using rpm command.
root@chefwork ~]# wget https://packages.chef.io/stable/el/7/chefdk-0.14.25-1.el7.x86_64.rpm --2016-05-20 03:47:31-- https://packages.chef.io/stable/el/7/chefdk-0.14.25-1.el7.x86_64.rpm Resolving packages.chef.io (packages.chef.io)... 75.126.118.188, 108.168.243.150 Connecting to packages.chef.io (packages.chef.io)|75.126.118.188|:443... connected. HTTP request sent, awaiting response... 302 Location: https://akamai.bintray.com/87/879656c7736ef2a061937c1f45c623e99fd57aaa2f6d802e9799d333d7e5342f?__gda__=exp=1463716772~hmac=ef9ce287129ab2f035449b76a1adc32b7bf8cae37f018f59da5a642d3e2650fc&response-content-disposition=attachment%3Bfilename%3D%22chefdk-0.14.25-1.el7.x86_64.rpm%22&response-content-type=application%2Foctet-stream [following] --2016-05-20 03:47:32-- https://akamai.bintray.com/87/879656c7736ef2a061937c1f45c623e99fd57aaa2f6d802e9799d333d7e5342f?__gda__=exp=1463716772~hmac=ef9ce287129ab2f035449b76a1adc32b7bf8cae37f018f59da5a642d3e2650fc&response-content-disposition=attachment%3Bfilename%3D%22chefdk-0.14.25-1.el7.x86_64.rpm%22&response-content-type=application%2Foctet-stream Resolving akamai.bintray.com (akamai.bintray.com)... 104.123.250.232 Connecting to akamai.bintray.com (akamai.bintray.com)|104.123.250.232|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 143927478 (137M) [application/octet-stream] Saving to: ‘chefdk-0.14.25-1.el7.x86_64.rpm’ 100%[====================================================================================================>] 14,39,27,478 2.52MB/s in 55s 2016-05-20 03:48:29 (2.49 MB/s) - ‘chefdk-0.14.25-1.el7.x86_64.rpm’ saved [143927478/143927478] [root@chefwork ~]# rpm -ivh chefdk-0.14.25-1.el7.x86_64.rpm warning: chefdk-0.14.25-1.el7.x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID 83ef826a: NOKEY Preparing... ################################# [100%] Updating / installing... 1:chefdk-0.14.25-1.el7 ################################# [100%] Thank you for installing Chef Development Kit!
What is ChefDK?
The Chef Development Kit contains everything to start with Chef, along with the tools essential for code managing.
- It contains a new command-line tool, "chef"
- The cookbook dependency manager Berkshelf
- The Test Kitchen integration testing framework.
- ChefSpec for testing the cookbook syntax
- Foodcritic, a tool for doing static code analysis on cookbooks.
- It also has all the Chef tools like Chef Client, Knife, Ohai and Chef Zero
Let's start with creating a some recipes in the Workstation and test it locally to ensure its working.
Create a folder named chef-repo on /root/ and inside that folder we can create our recipes.
[root@chefwork ~]# mkdir chef-repo [root@chefwork ~]# cd chef-repo Creating a recipe called hello.rb. [root@chefwork chef-repo]# vim hello.rb [root@chefwork chef-repo]# [root@chefwork chef-repo]# cat hello.rb file '/etc/motd' do content 'Welcome to Chef' end
This recipe hello.rb creates a file named /etc/motd with content "Welcome to Chef". This recipe make use of the resource file to enhance this task. Now we can run this recipe to check its working.
[root@chefwork chef-repo]# chef-apply hello.rb Recipe: (chef-apply cookbook)::(chef-apply recipe) * file[/etc/motd] action create (up to date) Confirm the recipe execution: [root@chefwork chef-repo]# cat /etc/motd Welcome to Chef
Deleting the file
We can modify our recipe file to delete the created file and run using the command chef-apply as below:
[root@chefwork chef-repo]# cat hello.rb file '/etc/motd' do action :delete end [root@chefwork chef-repo]# chef-apply hello.rb Recipe: (chef-apply cookbook)::(chef-apply recipe) * file[/etc/motd] action delete - delete file /etc/motd
Installing a package
We're modifying our recipe file to install httpd package on our server and copy an index.html file to the default document root to confirm the installation. The package and the service resources are used to implement this. Default action for a package resource is installation, hence we needn't specify that action separately.
[root@chefwork chef-conf]# cat hello.rb package 'httpd' service 'httpd' do action [:enable, :start] end file '/var/www/html/index.html' do content 'Welcome to Apache in Chef' end [root@chefwork chef-conf]# chef-apply hello.rb Recipe: (chef-apply cookbook)::(chef-apply recipe) * yum_package[httpd] action install - install version 2.4.6-40.el7.centos.1 of package httpd * service[httpd] action enable - enable service service[httpd] * service[httpd] action start - start service service[httpd] * file[/var/www/html/index.html] action create (up to date)
The command execution clearly describes each instance in the recipe. It installs the Apache package , enables and starts the httpd service on the server. And it creates an index.html file in the default document root with the content "Welcome to Apache in Chef". So we can verify it by running the server IP in the browser.
Creating Cookbooks
Now we can create our first cookbook, create a folder called chef-repo under the /root directory and execute the command "chef generate cookbook [cookbook name]" to generate our cookbook.
root@chefwork chef-repo]# mkdir cookbooks [root@chefwork chef-repo]# cd cookbooks/ [root@chefwork cookbooks]# chef generate cookbook httpd_deploy Installing Cookbook Gems: Compiling Cookbooks... Recipe: code_generator::cookbook * directory[/root/chef-repo/cookbook/httpd_deploy] action create - create new directory /root/chef-repo/cookbook/httpd_deploy
This is the file structure of the created cookbook, let's see the use of these files/folders inside the cookbook one by one.
Berksfile : It is the configuration file, which mainly tells BerkShelf what are the cookbook's dependencies, which can be specified directly inside this file or indirectly through metadata.rb. It also tells Berkshelf where it should look for those dependencies.
Chefignore : It tells Chef which all files should be ignored while uploading a cookbook to the Chef server.
metadata.rb : It contains meta information about you cookbook, such as name, contacts or description. It can also state the cookbook’s dependencies.
README.md : It contains documentation entry point for the repo.
Recipes : Contains the cookbook's recipes. It starts with executing the file default.rb.
default.rb : The default recipe format.
specs : It will be storing the unit test cases of your libraries.
test : It will be storing the unit test cases of your recipes.
Creating a template
Next we are going to create a template file for ourselves. Earlier, we created a file with some contents, but that can't be fit in with our recipes and cookbook structures. so let's see how we can create a template.
[root@chefwork cookbook]# chef generate template httpd_deploy index.html Installing Cookbook Gems: Compiling Cookbooks... Recipe: code_generator::template * directory[./httpd_deploy/templates/default] action create - create new directory ./httpd_deploy/templates/default * template[./httpd_deploy/templates/default/index.html.erb] action create - create new file ./httpd_deploy/templates/default/index.html.erb - update content in file ./httpd_deploy/templates/default/index.html.erb from none to e3b0c4 (diff output suppressed by config)
Now if you see our cookbook file structure, there is a folder created with the name template with index.html.erb file. We can edit our index.html.erb template file and add to our recipe as below:
root@chefwork default]# cat index.html.erb Welcome to Chef Apache Deployment [root@chefwork default]# pwd /root/chef-repo/cookbook/httpd_deploy/templates/default
Creating the recipe with this template
[root@chefwork recipes]# pwd /root/chef-repo/cookbook/httpd_deploy/recipes [root@chefwork recipes]# cat default.rb # # Cookbook Name:: httpd_deploy # Recipe:: default # # Copyright (c) 2016 The Authors, All Rights Reserved. package 'httpd' service 'httpd' do action [:enable, :start] end template '/var/www/html/index.html' do source 'index.html.erb' end
Now go back to our chef-repo folder and run/test our recipe on our Workstation.
[root@chefwork chef-repo]# chef-client --local-mode --runlist 'recipe[httpd_deploy]' [2016-05-20T05:44:40+00:00] WARN: No config file found or specified on command line, using command line options. Starting Chef Client, version 12.10.24 resolving cookbooks for run list: ["httpd_deploy"] Synchronizing Cookbooks: - httpd_deploy (0.1.0) Installing Cookbook Gems: Compiling Cookbooks... Converging 3 resources Recipe: httpd_deploy::default * yum_package[httpd] action install - install version 2.4.6-40.el7.centos.1 of package httpd * service[httpd] action enable - enable service service[httpd] * service[httpd] action start - start service service[httpd] * template[/var/www/html/index.html] action create - update content in file /var/www/html/index.html from 152204 to 748cbd --- /var/www/html/index.html 2016-05-20 04:18:38.553231745 +0000 +++ /var/www/html/.chef-index.html20160520-20425-1bez4qs 2016-05-20 05:44:47.344848833 +0000 @@ -1,2 +1,2 @@ -Welcome to Apache in Chef +Welcome to Chef Apache Deployment Running handlers: Running handlers complete Chef Client finished, 4/4 resources updated in 06 seconds [root@chefwork chef-repo]# cat /var/www/html/index.html Welcome to Chef Apache Deployment
According to our recipe, Apache is installed on our workstation, service is being started and enabled on boot. And a template file has been created on our default document root.
Now we've tested our Workstation. It's time for the Chef server setup.
Setting up the Chef Server
First of all login to our Chef server "chefserver.test20.com" and download the chef server package combatible with our OS version.
[root@chefserver ~]# wget https://packages.chef.io/stable/el/7/chef-server-core-12.6.0-1.el7.x86_64.rpm --2016-05-20 07:23:46-- https://packages.chef.io/stable/el/7/chef-server-core-12.6.0-1.el7.x86_64.rpm Resolving packages.chef.io (packages.chef.io)... 75.126.118.188, 108.168.243.150 Connecting to packages.chef.io (packages.chef.io)|75.126.118.188|:443... connected. HTTP request sent, awaiting response... 302 Location: https://akamai.bintray.com/5a/5a36d0ffa692bf788e90315171582a758d4c5d8033a892dca9a81d3c03c44d14?__gda__=exp=1463729747~hmac=86e28bf2d5197154c84b571330b4c897006c2cb7f14cc9fc386c62d8b6e34c2d&response-content-disposition=attachment%3Bfilename%3D%22chef-server-core-12.6.0-1.el7.x86_64.rpm%22&response-content-type=application%2Foctet-stream [following] --2016-05-20 07:23:47-- https://akamai.bintray.com/5a/5a36d0ffa692bf788e90315171582a758d4c5d8033a892dca9a81d3c03c44d14?__gda__=exp=1463729747~hmac=86e28bf2d5197154c84b571330b4c897006c2cb7f14cc9fc386c62d8b6e34c2d&response-content-disposition=attachment%3Bfilename%3D%22chef-server-core-12.6.0-1.el7.x86_64.rpm%22&response-content-type=application%2Foctet-stream Resolving akamai.bintray.com (akamai.bintray.com)... 23.15.249.68 Connecting to akamai.bintray.com (akamai.bintray.com)|23.15.249.68|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 481817688 (459M) [application/octet-stream] Saving to: ‘chef-server-core-12.6.0-1.el7.x86_64.rpm’ 100%[====================================================================================================>] 48,18,17,688 2.90MB/s in 3m 53s [root@chefserver ~]# rpm -ivh chef-server-core-12.6.0-1.el7.x86_64.rpm warning: chef-server-core-12.6.0-1.el7.x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID 83ef826a: NOKEY Preparing... ################################# [100%] Updating / installing... 1:chef-server-core-12.6.0-1.el7 ################################# [100%]
Now our Chef server is installed. But we need to reconfigure the Chef server to enable and start all the services which is composed in the Chef server. We can run this command to reconfigure.
root@chefserver ~]# chef-server-ctl reconfigure Starting Chef Client, version 12.10.26 resolving cookbooks for run list: ["private-chef::default"] Synchronizing Cookbooks: - enterprise (0.10.0) - apt (2.9.2) - yum (3.10.0) - openssl (4.4.0) - chef-sugar (3.3.0) - packagecloud (0.0.18) - runit (1.6.0) - private-chef (0.1.0) Installing Cookbook Gems: Compiling Cookbooks... [2016-05-19T02:38:37+00:00] WARN: Chef::Provider::AptRepository already exists! Cannot create deprecation class for LWRP provider apt_repository from cookbook apt Chef Client finished, 394/459 resources updated in 04 minutes 05 seconds Chef Server Reconfigured!
Please confirm the service status and their pids by running this command.
[root@chefserver ~]# chef-server-ctl status run: bookshelf: (pid 6140) 162s; run: log: (pid 6156) 162s run: nginx: (pid 6051) 165s; run: log: (pid 6295) 156s run: oc_bifrost: (pid 5987) 167s; run: log: (pid 6022) 167s run: oc_id: (pid 6038) 165s; run: log: (pid 6042) 165s run: opscode-erchef: (pid 6226) 159s; run: log: (pid 6214) 161s run: opscode-expander: (pid 6102) 162s; run: log: (pid 6133) 162s run: opscode-solr4: (pid 6067) 164s; run: log: (pid 6095) 163s run: postgresql: (pid 5918) 168s; run: log: (pid 5960) 168s run: rabbitmq: (pid 5876) 168s; run: log: (pid 5869) 169s run: redis_lb: (pid 5795) 290s; run: log: (pid 6280) 156s
Hurray!! Our Chef Server is ready :). Now we can install the management console to get an web interface to manage our Chef server.
Installing Management Console for Chef Server
We can install the management console by just running this command "chef-server-ctl install chef-manage" from the chef server.
[root@chefserver ~]# chef-server-ctl install chef-manage Starting Chef Client, version 12.10.26 resolving cookbooks for run list: ["private-chef::add_ons_wrapper"] Synchronizing Cookbooks: - enterprise (0.10.0) - apt (2.9.2) - yum (3.10.0) - openssl (4.4.0) - runit (1.6.0) - chef-sugar (3.3.0) - packagecloud (0.0.18) - private-chef (0.1.0) Installing Cookbook Gems: Compiling Cookbooks... Converging 4 resources Recipe: private-chef::add_ons_wrapper * ruby_block[addon_install_notification_chef-manage] action nothing (skipped due to action :nothing) * remote_file[/var/opt/opscode/local-mode-cache/chef-manage-2.3.0-1.el7.x86_64.rpm] action create - create new file /var/opt/opscode/local-mode-cache/chef-manage-2.3.0-1.el7.x86_64.rpm - update content in file /var/opt/opscode/local-mode-cache/chef-manage-2.3.0-1.el7.x86_64.rpm from none to 098cc4 (file sizes exceed 10000000 bytes, diff output suppressed) * ruby_block[locate_addon_package_chef-manage] action run - execute the ruby block locate_addon_package_chef-manage * yum_package[chef-manage] action install - install version 2.3.0-1.el7 of package chef-manage * ruby_block[addon_install_notification_chef-manage] action create - execute the ruby block addon_install_notification_chef-manage Running handlers: -- Installed Add-On Package: chef-manage - #<Class:0x00000006032b80>::AddonInstallHandler Running handlers complete Chef Client finished, 4/5 resources updated in 02 minutes 39 seconds
After installing the management console, we need to reconfigure the chef server to restart the chef server and its services to update these changes.
[root@chefserver ~]# opscode-manage-ctl reconfigure To use this software, you must agree to the terms of the software license agreement. Press any key to continue. Type 'yes' to accept the software license agreement, or anything else to cancel. yes Starting Chef Client, version 12.4.1 resolving cookbooks for run list: ["omnibus-chef-manage::default"] Synchronizing Cookbooks: - omnibus-chef-manage - chef-server-ingredient - enterprise Recipe: omnibus-chef-manage::default * private_chef_addon[chef-manage] action create (up to date) Recipe: omnibus-chef-manage::config Running handlers: Running handlers complete Chef Client finished, 62/79 resources updated in 44.764229437 seconds chef-manage Reconfigured! [root@chefserver ~]# chef-server-ctl reconfigure
Now our Management console is ready, we need to setup our admin user to manage our Chef Server.
Creating Admin user/Organization
I've created the admin user named chefadmin with an organization linox on my chef server to manage it. We can create the user using the chef command chef-server-ctl user-create and organization using the command chef-server-ctl org-create.
root@chefserver ~]# chef-server-ctl user-create chefadmin saheetha shameer saheetha@gmail.com 'chef123' --filename /root/.chef/chefadmin.pem [root@chefserver ~]# [root@chefserver .chef]# chef-server-ctl org-create linox Chef Linoxide --association_user chefadmin --filename /root/.chef/linoxvalidator.pem
Our keys are saved inside the folder /root/.chef folder. We need to copy these keys from the Chef server to the Work station to initiate the communication between our Chef server and workstation.
Copying the Keys
I'm copying my user and validator keys from the Chef server to the workstation to enhance the connection between the servers.
[root@chefserver .chef]# scp chefadmin.pem root@139.162.35.39:/root/chef-repo/.chef/ The authenticity of host '139.162.35.39 (139.162.35.39)' can't be established. ECDSA key fingerprint is 5b:0b:07:85:9a:fb:b6:59:51:07:7f:14:1b:07:07:f0. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '139.162.35.39' (ECDSA) to the list of known hosts. root@139.162.35.39's password: chefadmin.pem 100% 1678 1.6KB/s 00:00 [root@chefserver .chef]# [root@chefserver .chef]# scp linoxvalidator.pem root@139.162.35.39:/root/chef-repo/.chef/ The authenticity of host '139.162.35.39 (139.162.35.39)' can't be established. ECDSA key fingerprint is 5b:0b:07:85:9a:fb:b6:59:51:07:7f:14:1b:07:07:f0. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '139.162.35.39' (ECDSA) to the list of known hosts. root@139.162.35.39's password: linoxvalidator.pem 100% 1678 1.6KB/s 00:00 [root@chefserver .chef]# Now login to our Management console for our Chef server with the user/password "chefadmin" created.
It'll ask to create an organization from the Panel on Sign up. Just create a different one.
Download the Starter Kit for WorkStation
Choose any of your organization and download the Starter Kit from the Chef Server to our Work Station.
After downloading this kit. Move it your Workstation /root folder and extract. This provides you with a default Starter Kit to start up with your Chef server. It includes a chef-repo.
root@chefwork ~]# ls chef-starter.zip hello.rb [root@chefwork~]# unzip chef-starter.zip Archive: chef-starter.zip creating: chef-repo/cookbooks/ creating: chef-repo/cookbooks/starter/ creating: chef-repo/cookbooks/starter/recipes/ inflating: chef-repo/cookbooks/starter/recipes/default.rb creating: chef-repo/cookbooks/starter/files/ creating: chef-repo/cookbooks/starter/files/default/ inflating: chef-repo/cookbooks/starter/files/default/sample.txt creating: chef-repo/cookbooks/starter/templates/ creating: chef-repo/cookbooks/starter/templates/default/ inflating: chef-repo/cookbooks/starter/templates/default/sample.erb inflating: chef-repo/cookbooks/starter/metadata.rb creating: chef-repo/cookbooks/starter/attributes/ inflating: chef-repo/cookbooks/starter/attributes/default.rb inflating: chef-repo/cookbooks/chefignore inflating: chef-repo/README.md inflating: chef-repo/.gitignore creating: chef-repo/.chef/ creating: chef-repo/roles/ inflating: chef-repo/.chef/knife.rb inflating: chef-repo/roles/starter.rb inflating: chef-repo/.chef/chefadmin.pem inflating: chef-repo/.chef/ln_blog-validator.pem
This is the file structure for the downloaded Chef repository. It contains all the required file structures to start with.
Cookbook SuperMarket
Chef cookbooks are available in the Cookbook Super Market, we can go to the Chef SuperMarket here. Download the required cookbooks from there. I'm downloading one of the cookbook to install Apache from there.
root@chefwork chef-repo]# knife cookbook site download learn_chef_httpd Downloading learn_chef_httpd from Supermarket at version 0.2.0 to /root/chef-repo/learn_chef_httpd-0.2.0.tar.gz Cookbook saved: /root/chef-repo/learn_chef_httpd-0.2.0.tar.gz Extract this cookbook inside the "cookbooks" folder. [root@chefwork chef-repo]# tar -xvf learn_chef_httpd-0.2.0.tar.gz
All the required files are automatically created under this cookbook. We didn't require to make any modifications. Let's check our recipe description inside our recipe folder.
[root@chefwork recipes]# cat default.rb # # Cookbook Name:: learn_chef_httpd # Recipe:: default # # Copyright (C) 2014 # # # package 'httpd' service 'httpd' do action [:enable, :start] end template '/var/www/html/index.html' do source 'index.html.erb' end service 'iptables' do action :stop end [root@chefwork recipes]# [root@chefwork recipes]# pwd /root/chef-repo/cookbooks/learn_chef_httpd/recipes [root@chefwork recipes]#
So we just need to upload this cookbook to our Chef server as it looks perfect.
Validating the Connection b/w Server and Workstation
Before uploading the cookbook, we need to check and confirm the connection between our Chef server and Workstation. First of all, make sure you've proper Knife configuration file.
[root@chefwork .chef]# cat knife.rb current_dir = File.dirname(__FILE__) log_level :info log_location STDOUT node_name "chefadmin" client_key "#{current_dir}/chefadmin.pem" validation_client_name "linox-validator" validation_key "#{current_dir}/linox-validator.pem" chef_server_url "https://chefserver.test20.com:443/organizations/linox" cookbook_path ["#{current_dir}/../cookbooks"]
This configuration file is location at /root/chef-repo/.chef folder. The highlighted portions are the main things to take care. Now you can run this command to check the connections.
root@chefwork .chef]# knife client list ERROR: SSL Validation failure connecting to host: chefserver.test20.com - SSL_connect returned=1 errno=0 state=error: certificate verify failed ERROR: Could not establish a secure connection to the server. Use `knife ssl check` to troubleshoot your SSL configuration. If your Chef Server uses a self-signed certificate, you can use `knife ssl fetch` to make knife trust the server's certificates. Original Exception: OpenSSL::SSL::SSLError: SSL Error connecting to https://chefserver.test20.com/clients - SSL_connect returned=1 errno=0 state=error: certificate verify failed
You can see an SSL error reporting. In order to rectify this error, we need to fetch the SSL certificate for our Chef Server and store it inside the /root/.chef/trusted_certs folder. We can do this by running this command.
root@chefwork .chef]# knife ssl fetch WARNING: Certificates from chefserver.test20.com will be fetched and placed in your trusted_cert directory (/root/chef-repo/.chef/trusted_certs). Knife has no means to verify these are the correct certificates. You should verify the authenticity of these certificates after downloading. Adding certificate for chefserver.test20.com in /root/chef-repo/.chef/trusted_certs/chefserver_test20_com.crt Verifying the SSL: [root@chefwork .chef]# knife ssl check Connecting to host chefserver.test20.com:443 Successfully verified certificates from `chefserver.test20.com' [root@chefwork .chef]# knife client list chefnode linox-validator [root@chefwork .chef]# knife user list chefadmin
Uploading the Cookbook
We can upload our cookbook to our chef server from the workstation using the knife command as below:
#knife cookbook upload learn_chef_httpd
[root@chefwork cookbooks]# knife cookbook upload learn_chef_httpd Uploading learn_chef_httpd [0.2.0] Uploaded 1 cookbook.
Verify the cookbook from the Chef Server Management console.
Adding a Node
This is the final step in the Chef implementation. We've setup a workstation, a Chef server and then now we need to add our clients to the Chef server for automation. I'm adding my chefnode to the server using the knife bootstrap command as below:
[root@chefwork cookbooks]# knife bootstrap 45.33.76.60 --ssh-user root --ssh-password dkfue@321 --node-name chefnode Creating new client for chefnode Creating new node for chefnode Connecting to 45.33.76.60 45.33.76.60 -----> Installing Chef Omnibus (-v 12) 45.33.76.60 downloading https://omnitruck-direct.chef.io/chef/install.sh 45.33.76.60 to file /tmp/install.sh.5457/install.sh 45.33.76.60 trying wget... 45.33.76.60 el 7 x86_64 45.33.76.60 Getting information for chef stable 12 for el... 45.33.76.60 downloading https://omnitruck-direct.chef.io/stable/chef/metadata?v=12&p=el&pv=7&m=x86_64 45.33.76.60 to file /tmp/install.sh.5466/metadata.txt 45.33.76.60 trying wget... 45.33.76.60 sha1 4def83368a1349959fdaf0633c4d288d5ae229ce 45.33.76.60 sha256 6f00c7bdf96a3fb09494e51cd44f4c2e5696accd356fc6dc1175d49ad06fa39f 45.33.76.60 url https://packages.chef.io/stable/el/7/chef-12.10.24-1.el7.x86_64.rpm 45.33.76.60 version 12.10.24 45.33.76.60 downloaded metadata file looks valid... 45.33.76.60 downloading https://packages.chef.io/stable/el/7/chef-12.10.24-1.el7.x86_64.rpm 45.33.76.60 to file /tmp/install.sh.5466/chef-12.10.24-1.el7.x86_64.rpm 45.33.76.60 trying wget... 45.33.76.60 Comparing checksum with sha256sum... 45.33.76.60 Installing chef 12 45.33.76.60 installing with rpm... 45.33.76.60 warning: /tmp/install.sh.5466/chef-12.10.24-1.el7.x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID 83ef826a: NOKEY 45.33.76.60 Preparing... ################################# [100%] 45.33.76.60 Updating / installing... 45.33.76.60 1:chef-12.10.24-1.el7 ################################# [100%] 45.33.76.60 Thank you for installing Chef! 45.33.76.60 Starting the first Chef Client run... 45.33.76.60 Starting Chef Client, version 12.10.24 45.33.76.60 resolving cookbooks for run list: [] 45.33.76.60 Synchronizing Cookbooks: 45.33.76.60 Installing Cookbook Gems: 45.33.76.60 Compiling Cookbooks... 45.33.76.60 [2016-05-20T15:36:41+00:00] WARN: Node chefnode has an empty run list. 45.33.76.60 Converging 0 resources 45.33.76.60 45.33.76.60 Running handlers: 45.33.76.60 Running handlers complete 45.33.76.60 Chef Client finished, 0/0 resources updated in 08 seconds [root@chefwork chef-repo]#
This command will also initialize the installation of the Chef-client in the Chef node. You can verify it from the CLI on the workstation using the knife commands below:
[root@chefwork chef-repo]# knife node list chefnode [root@chefwork chef-repo]# knife node show chefnode Node Name: chefnode Environment: _default FQDN: chefnode.test20.com IP: 45.33.76.60 Run List: recipe[learn_chef_httpd] Roles: Recipes: Platform: centos 7.2.1511 Tags:
Verifying it from the Management console.
We can get more information regarding the added node by selecting the node and viewing the Attributes section.
Managing Node Run List
Let's see how we can add a cookbook to the node and manage its runlist from the Chef server. As you see in the screenshot, you can click the Actions tab and select the Edit Runlist option to manage the runlist.
In the Available Recipes, you can see our learn_chef_httpd recipe, you can drag that from the available packages to the current run list and save the runlist.
Now login to your node and just run the command chef-client to execute your runlist.
root@chefnode ~]# chef-client Starting Chef Client, version 12.10.24 resolving cookbooks for run list: ["learn_chef_httpd"] Synchronizing Cookbooks: - learn_chef_httpd (0.2.0) Installing Cookbook Gems: Compiling Cookbooks... Converging 4 resources Recipe: learn_chef_httpd::default * yum_package[httpd] action install
Similarly, we can add any number of nodes to your Chef Server depending on its configuration and hardware. I hope this article provided you with the basic understanding of Chef implementation. I would recommend your valuable comments and suggestions on this. Thank you for reading this :)
Happy Automation with Chef!!
Hi,
Nice article, it help me a lot. But I have a question that can we have to login to every chef node to execute " chef-client " cmd ?
Regards,
Thank you for your feedback :). After adding any new recipes to the Runlist in the Chef server for a node, we need to run chef_client to apply those changes to the node.
Many thanks for the article . Worked as champ .
How to add windows node to chef server .
Great Artical..Saheetha!! Have a great future .
Thank you for your comments :).
Very helpful in implementing on my environment. Keep posting.
Thanks a lot