How to Install Chef Workstation / Server / Node on CentOS 7

Chef is an automation platform that configures and manages your infrastruture. It transforms the infrastruture into code. It is a Ruby based configuration management tool. This automation platform consists of a Chef workstation, a Chef server and chef clients which are the nodes managed by the Chef server. All the chef configuration files, recipes, cookbooks, templates etc are created and tested on the Chef workstation and are uploaded to the Chef Server, then it distributes these across every possible nodes registered within the organisations.  It is an ideal automation framework for the Ceph and OpenStack. Not only it gives us complete control but it's super easy to work with.

In this article, I'm explaining the steps I followed for implementing a Chef automation environment on my CentOS 7 servers.

Pre-requisites

  • It is recommended to have a FQDN hostname
  • Chef supports only 64 bit architecture
  • Proper network/Firewall/hosts configurations are recommended

How Chef works?

work procedure

Chef comprises of a workstation which is configured to develop the recipes and cookbooks. It is also configured to run the knife and synchronizes with the chef-repo to keep it up-to-date.  It helps in configuring organizational policy, including defining roles & environments and ensuring that critical data is being stored in data bags. Once these recipes/cookbooks are tested in the workstations, we can upload it to our Chef server. Chef server stores these recipes and assigns on to the nodes depending on their requirements. Basically nodes communicates with only the chef server and takes instructions and recipes from there.

In my demo setup, I'm having three servers namely

  1. chefserver.test20.com         -     Chef Server
  2. chefwork.test20.com           -     Chef Workstation
  3. chefnode.test20.com           -     Chef Node

Let's us start with building Workstation.

Setup a Workstation

First of all, login to our server chefwork, then download the Chef development package. Once the package is downloaded, we can install the package using rpm command.

root@chefwork ~]# wget https://packages.chef.io/stable/el/7/chefdk-0.14.25-1.el7.x86_64.rpm
--2016-05-20 03:47:31-- https://packages.chef.io/stable/el/7/chefdk-0.14.25-1.el7.x86_64.rpm
Resolving packages.chef.io (packages.chef.io)... 75.126.118.188, 108.168.243.150
Connecting to packages.chef.io (packages.chef.io)|75.126.118.188|:443... connected.
HTTP request sent, awaiting response... 302
Location: https://akamai.bintray.com/87/879656c7736ef2a061937c1f45c623e99fd57aaa2f6d802e9799d333d7e5342f?__gda__=exp=1463716772~hmac=ef9ce287129ab2f035449b76a1adc32b7bf8cae37f018f59da5a642d3e2650fc&response-content-disposition=attachment%3Bfilename%3D%22chefdk-0.14.25-1.el7.x86_64.rpm%22&response-content-type=application%2Foctet-stream [following] --2016-05-20 03:47:32-- https://akamai.bintray.com/87/879656c7736ef2a061937c1f45c623e99fd57aaa2f6d802e9799d333d7e5342f?__gda__=exp=1463716772~hmac=ef9ce287129ab2f035449b76a1adc32b7bf8cae37f018f59da5a642d3e2650fc&response-content-disposition=attachment%3Bfilename%3D%22chefdk-0.14.25-1.el7.x86_64.rpm%22&response-content-type=application%2Foctet-stream
Resolving akamai.bintray.com (akamai.bintray.com)... 104.123.250.232
Connecting to akamai.bintray.com (akamai.bintray.com)|104.123.250.232|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 143927478 (137M) [application/octet-stream] Saving to: ‘chefdk-0.14.25-1.el7.x86_64.rpm’

100%[====================================================================================================>] 14,39,27,478 2.52MB/s in 55s

2016-05-20 03:48:29 (2.49 MB/s) - ‘chefdk-0.14.25-1.el7.x86_64.rpm’ saved [143927478/143927478] [root@chefwork ~]# rpm -ivh chefdk-0.14.25-1.el7.x86_64.rpm
warning: chefdk-0.14.25-1.el7.x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID 83ef826a: NOKEY
Preparing... ################################# [100%] Updating / installing...
1:chefdk-0.14.25-1.el7 ################################# [100%] Thank you for installing Chef Development Kit!

What is ChefDK?

The Chef Development Kit contains everything to start with Chef, along with the tools essential for code managing.

  • It contains a new command-line tool, "chef"
  • The cookbook dependency manager Berkshelf
  • The Test Kitchen integration testing framework.
  • ChefSpec for testing the cookbook syntax
  • Foodcritic, a tool for doing static code analysis on cookbooks.
  • It also has all the Chef tools like Chef Client, Knife, Ohai and Chef Zero

Let's start with creating a some recipes in the Workstation and test it locally to ensure its working.

Create a folder named chef-repo on /root/ and inside that folder we can create our recipes.

[root@chefwork ~]# mkdir chef-repo
[root@chefwork ~]# cd chef-repo

Creating a recipe called hello.rb.
[root@chefwork chef-repo]# vim hello.rb
[root@chefwork chef-repo]#
[root@chefwork chef-repo]# cat hello.rb
file '/etc/motd' do
content 'Welcome to Chef'
end

This recipe hello.rb creates a file named /etc/motd with content "Welcome to Chef". This recipe make use of the resource file to enhance this task. Now we can run this recipe to check its working.

[root@chefwork chef-repo]# chef-apply hello.rb
Recipe: (chef-apply cookbook)::(chef-apply recipe)
* file[/etc/motd] action create (up to date)

Confirm the recipe execution:

[root@chefwork chef-repo]# cat /etc/motd
Welcome to Chef

Deleting the file

We can modify our recipe file to delete the created file and run using the command chef-apply as below:

[root@chefwork chef-repo]# cat hello.rb
file '/etc/motd' do
action :delete
end

[root@chefwork chef-repo]# chef-apply hello.rb
Recipe: (chef-apply cookbook)::(chef-apply recipe)
* file[/etc/motd] action delete
- delete file /etc/motd

Installing a package

We're modifying our recipe file to install httpd package on our server and copy an index.html file to the default document root to confirm the installation. The package and the service resources are used to implement this. Default action for a package resource is installation, hence we needn't specify that action separately.

[root@chefwork chef-conf]# cat hello.rb
package 'httpd'
service 'httpd' do
action [:enable, :start] end

file '/var/www/html/index.html' do
content 'Welcome to Apache in Chef'
end
[root@chefwork chef-conf]# chef-apply hello.rb
Recipe: (chef-apply cookbook)::(chef-apply recipe)
* yum_package[httpd] action install
- install version 2.4.6-40.el7.centos.1 of package httpd
* service[httpd] action enable
- enable service service[httpd]
* service[httpd] action start
- start service service[httpd]
* file[/var/www/html/index.html] action create (up to date)

The command execution clearly describes each instance in the recipe. It installs the Apache package , enables and starts the httpd service on the server. And it creates an index.html file in the default document root with the content "Welcome to Apache in Chef". So we can verify it by running the server IP in the browser.

welcomepage_httpd

Creating Cookbooks

Now we can create our first cookbook, create a folder called chef-repo under the /root directory and execute the command "chef generate cookbook [cookbook name]" to generate our cookbook.

root@chefwork chef-repo]# mkdir cookbooks
[root@chefwork chef-repo]# cd cookbooks/
[root@chefwork cookbooks]# chef generate cookbook httpd_deploy
Installing Cookbook Gems:
Compiling Cookbooks...
Recipe: code_generator::cookbook
* directory[/root/chef-repo/cookbook/httpd_deploy] action create
- create new directory /root/chef-repo/cookbook/httpd_deploy

 

cookbook filestructure

 

This is the file structure of the created cookbook, let's see the use of these  files/folders inside the cookbook one by one.

Berksfile : It is the configuration file, which mainly tells BerkShelf what are the cookbook's dependencies, which can be specified directly inside this file or indirectly through metadata.rb. It also tells Berkshelf where it should look for those dependencies.

Chefignore : It tells Chef which all files should be ignored while uploading a cookbook to the Chef server.

metadata.rb : It contains meta information about you cookbook, such as name, contacts or description. It can also state the cookbook’s dependencies.

README.md : It contains documentation entry point for the repo.

Recipes : Contains the cookbook's recipes. It starts with executing the file default.rb.

default.rb : The default recipe format.

specs : It will be storing the unit test cases of your libraries.

test : It will be storing the unit test cases of your recipes.

Creating a template

Next we are going to create a template file for ourselves. Earlier, we created a file with some contents, but that can't be fit in with our recipes and cookbook structures. so let's see how we can create a template.

[root@chefwork cookbook]# chef generate template httpd_deploy index.html
Installing Cookbook Gems:
Compiling Cookbooks...
Recipe: code_generator::template
* directory[./httpd_deploy/templates/default] action create
- create new directory ./httpd_deploy/templates/default
* template[./httpd_deploy/templates/default/index.html.erb] action create
- create new file ./httpd_deploy/templates/default/index.html.erb
- update content in file ./httpd_deploy/templates/default/index.html.erb from none to e3b0c4
(diff output suppressed by config)

 

template

Now if you see our cookbook file structure, there is a folder created with the name template with index.html.erb file. We can edit our index.html.erb template file and add to our recipe as below:

root@chefwork default]# cat index.html.erb
Welcome to Chef Apache Deployment
[root@chefwork default]# pwd
/root/chef-repo/cookbook/httpd_deploy/templates/default

Creating the recipe with this template

[root@chefwork recipes]# pwd
/root/chef-repo/cookbook/httpd_deploy/recipes
[root@chefwork recipes]# cat default.rb
#
# Cookbook Name:: httpd_deploy
# Recipe:: default
#
# Copyright (c) 2016 The Authors, All Rights Reserved.
package 'httpd'
service 'httpd' do
action [:enable, :start] end

template '/var/www/html/index.html' do
source 'index.html.erb'
end

Now go back to our chef-repo folder and run/test our recipe on our Workstation.

[root@chefwork chef-repo]# chef-client --local-mode --runlist 'recipe[httpd_deploy]'
[2016-05-20T05:44:40+00:00] WARN: No config file found or specified on command line, using command line options.
Starting Chef Client, version 12.10.24
resolving cookbooks for run list: ["httpd_deploy"] Synchronizing Cookbooks:
- httpd_deploy (0.1.0)
Installing Cookbook Gems:
Compiling Cookbooks...
Converging 3 resources
Recipe: httpd_deploy::default
* yum_package[httpd] action install
- install version 2.4.6-40.el7.centos.1 of package httpd
* service[httpd] action enable
- enable service service[httpd]
* service[httpd] action start
- start service service[httpd]
* template[/var/www/html/index.html] action create
- update content in file /var/www/html/index.html from 152204 to 748cbd
--- /var/www/html/index.html 2016-05-20 04:18:38.553231745 +0000
+++ /var/www/html/.chef-index.html20160520-20425-1bez4qs 2016-05-20 05:44:47.344848833 +0000
@@ -1,2 +1,2 @@
-Welcome to Apache in Chef
+Welcome to Chef Apache Deployment

Running handlers:
Running handlers complete
Chef Client finished, 4/4 resources updated in 06 seconds

[root@chefwork chef-repo]# cat /var/www/html/index.html
Welcome to Chef Apache Deployment

According to our recipe, Apache is installed on our workstation, service is being started and enabled on boot. And a template file has been created  on our default document root.

Now we've tested our Workstation. It's time for the Chef server setup.

Setting up the Chef Server

First of all login to our Chef server "chefserver.test20.com" and download the chef server package combatible with our OS version.

[root@chefserver ~]# wget https://packages.chef.io/stable/el/7/chef-server-core-12.6.0-1.el7.x86_64.rpm
--2016-05-20 07:23:46-- https://packages.chef.io/stable/el/7/chef-server-core-12.6.0-1.el7.x86_64.rpm
Resolving packages.chef.io (packages.chef.io)... 75.126.118.188, 108.168.243.150
Connecting to packages.chef.io (packages.chef.io)|75.126.118.188|:443... connected.
HTTP request sent, awaiting response... 302
Location: https://akamai.bintray.com/5a/5a36d0ffa692bf788e90315171582a758d4c5d8033a892dca9a81d3c03c44d14?__gda__=exp=1463729747~hmac=86e28bf2d5197154c84b571330b4c897006c2cb7f14cc9fc386c62d8b6e34c2d&response-content-disposition=attachment%3Bfilename%3D%22chef-server-core-12.6.0-1.el7.x86_64.rpm%22&response-content-type=application%2Foctet-stream [following] --2016-05-20 07:23:47-- https://akamai.bintray.com/5a/5a36d0ffa692bf788e90315171582a758d4c5d8033a892dca9a81d3c03c44d14?__gda__=exp=1463729747~hmac=86e28bf2d5197154c84b571330b4c897006c2cb7f14cc9fc386c62d8b6e34c2d&response-content-disposition=attachment%3Bfilename%3D%22chef-server-core-12.6.0-1.el7.x86_64.rpm%22&response-content-type=application%2Foctet-stream
Resolving akamai.bintray.com (akamai.bintray.com)... 23.15.249.68
Connecting to akamai.bintray.com (akamai.bintray.com)|23.15.249.68|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 481817688 (459M) [application/octet-stream] Saving to: ‘chef-server-core-12.6.0-1.el7.x86_64.rpm’

100%[====================================================================================================>] 48,18,17,688 2.90MB/s in 3m 53s

[root@chefserver ~]# rpm -ivh chef-server-core-12.6.0-1.el7.x86_64.rpm
warning: chef-server-core-12.6.0-1.el7.x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID 83ef826a: NOKEY
Preparing... ################################# [100%] Updating / installing...
1:chef-server-core-12.6.0-1.el7 ################################# [100%]

Now our Chef server is installed. But we need to reconfigure the Chef server to enable and start all the services which is composed in the Chef server. We can run this command to reconfigure.

root@chefserver ~]# chef-server-ctl reconfigure
Starting Chef Client, version 12.10.26
resolving cookbooks for run list: ["private-chef::default"] Synchronizing Cookbooks:
- enterprise (0.10.0)
- apt (2.9.2)
- yum (3.10.0)
- openssl (4.4.0)
- chef-sugar (3.3.0)
- packagecloud (0.0.18)
- runit (1.6.0)
- private-chef (0.1.0)
Installing Cookbook Gems:
Compiling Cookbooks...
[2016-05-19T02:38:37+00:00] WARN: Chef::Provider::AptRepository already exists! Cannot create deprecation class for LWRP provider apt_repository from cookbook apt
Chef Client finished, 394/459 resources updated in 04 minutes 05 seconds
Chef Server Reconfigured!

Please confirm the service status and their pids by running this command.

[root@chefserver ~]# chef-server-ctl status
run: bookshelf: (pid 6140) 162s; run: log: (pid 6156) 162s
run: nginx: (pid 6051) 165s; run: log: (pid 6295) 156s
run: oc_bifrost: (pid 5987) 167s; run: log: (pid 6022) 167s
run: oc_id: (pid 6038) 165s; run: log: (pid 6042) 165s
run: opscode-erchef: (pid 6226) 159s; run: log: (pid 6214) 161s
run: opscode-expander: (pid 6102) 162s; run: log: (pid 6133) 162s
run: opscode-solr4: (pid 6067) 164s; run: log: (pid 6095) 163s
run: postgresql: (pid 5918) 168s; run: log: (pid 5960) 168s
run: rabbitmq: (pid 5876) 168s; run: log: (pid 5869) 169s
run: redis_lb: (pid 5795) 290s; run: log: (pid 6280) 156s

Hurray!! Our Chef Server is ready :). Now we can install the management console to get an web interface to manage our Chef server.

Installing Management Console for Chef Server

We can install the management console by just running this command "chef-server-ctl install chef-manage" from the chef server.

[root@chefserver ~]# chef-server-ctl install chef-manage
Starting Chef Client, version 12.10.26
resolving cookbooks for run list: ["private-chef::add_ons_wrapper"] Synchronizing Cookbooks:
- enterprise (0.10.0)
- apt (2.9.2)
- yum (3.10.0)
- openssl (4.4.0)
- runit (1.6.0)
- chef-sugar (3.3.0)
- packagecloud (0.0.18)
- private-chef (0.1.0)
Installing Cookbook Gems:
Compiling Cookbooks...
Converging 4 resources
Recipe: private-chef::add_ons_wrapper
* ruby_block[addon_install_notification_chef-manage] action nothing (skipped due to action :nothing)
* remote_file[/var/opt/opscode/local-mode-cache/chef-manage-2.3.0-1.el7.x86_64.rpm] action create
- create new file /var/opt/opscode/local-mode-cache/chef-manage-2.3.0-1.el7.x86_64.rpm
- update content in file /var/opt/opscode/local-mode-cache/chef-manage-2.3.0-1.el7.x86_64.rpm from none to 098cc4
(file sizes exceed 10000000 bytes, diff output suppressed)
* ruby_block[locate_addon_package_chef-manage] action run
- execute the ruby block locate_addon_package_chef-manage
* yum_package[chef-manage] action install
- install version 2.3.0-1.el7 of package chef-manage
* ruby_block[addon_install_notification_chef-manage] action create
- execute the ruby block addon_install_notification_chef-manage

Running handlers:
-- Installed Add-On Package: chef-manage
- #<Class:0x00000006032b80>::AddonInstallHandler
Running handlers complete
Chef Client finished, 4/5 resources updated in 02 minutes 39 seconds

After installing the management console, we need to reconfigure the chef server to restart the chef server and its services to update these changes.

[root@chefserver ~]# opscode-manage-ctl reconfigure
To use this software, you must agree to the terms of the software license agreement.
Press any key to continue.
Type 'yes' to accept the software license agreement, or anything else to cancel.
yes
Starting Chef Client, version 12.4.1
resolving cookbooks for run list: ["omnibus-chef-manage::default"] Synchronizing Cookbooks:
- omnibus-chef-manage
- chef-server-ingredient
- enterprise
Recipe: omnibus-chef-manage::default
* private_chef_addon[chef-manage] action create (up to date)
Recipe: omnibus-chef-manage::config
Running handlers:
Running handlers complete
Chef Client finished, 62/79 resources updated in 44.764229437 seconds
chef-manage Reconfigured!

[root@chefserver ~]# chef-server-ctl reconfigure

Now our Management console is ready, we need to setup our admin user to manage our Chef Server.

Creating Admin user/Organization

I've created the admin user named chefadmin with an organization linox on my chef server to manage it. We can create the user using the chef command chef-server-ctl user-create and organization using the command chef-server-ctl org-create.

root@chefserver ~]# chef-server-ctl user-create chefadmin saheetha shameer saheetha@gmail.com 'chef123' --filename /root/.chef/chefadmin.pem
[root@chefserver ~]#

[root@chefserver .chef]# chef-server-ctl org-create linox Chef Linoxide --association_user chefadmin --filename /root/.chef/linoxvalidator.pem

Our keys are saved inside the folder /root/.chef folder. We need to copy these keys from the Chef server to the Work station to initiate the communication between our Chef server and workstation.

Copying the Keys

I'm copying my user and validator keys from the Chef server to the workstation to enhance the connection between the servers.

[root@chefserver .chef]# scp chefadmin.pem root@139.162.35.39:/root/chef-repo/.chef/
The authenticity of host '139.162.35.39 (139.162.35.39)' can't be established.
ECDSA key fingerprint is 5b:0b:07:85:9a:fb:b6:59:51:07:7f:14:1b:07:07:f0.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '139.162.35.39' (ECDSA) to the list of known hosts.
root@139.162.35.39's password:
chefadmin.pem 100% 1678 1.6KB/s 00:00
[root@chefserver .chef]#

[root@chefserver .chef]# scp linoxvalidator.pem root@139.162.35.39:/root/chef-repo/.chef/
The authenticity of host '139.162.35.39 (139.162.35.39)' can't be established.
ECDSA key fingerprint is 5b:0b:07:85:9a:fb:b6:59:51:07:7f:14:1b:07:07:f0.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '139.162.35.39' (ECDSA) to the list of known hosts.
root@139.162.35.39's password:
linoxvalidator.pem 100% 1678 1.6KB/s 00:00
[root@chefserver .chef]#

Now login to our Management console for our Chef server with the user/password  "chefadmin" created.

chef_management console

It'll ask to create an organization from the Panel on Sign up. Just create a different one.

Download the Starter Kit for WorkStation

Choose any of your organization and download the Starter Kit from the Chef Server to our Work Station.

starterdownloadStarter

After downloading this kit. Move it your Workstation /root folder and extract. This provides you with a default Starter Kit to start up with your Chef server. It includes a chef-repo.

root@chefwork ~]# ls
chef-starter.zip hello.rb
[root@chefwork~]# unzip chef-starter.zip
Archive: chef-starter.zip
creating: chef-repo/cookbooks/
creating: chef-repo/cookbooks/starter/
creating: chef-repo/cookbooks/starter/recipes/
inflating: chef-repo/cookbooks/starter/recipes/default.rb
creating: chef-repo/cookbooks/starter/files/
creating: chef-repo/cookbooks/starter/files/default/
inflating: chef-repo/cookbooks/starter/files/default/sample.txt
creating: chef-repo/cookbooks/starter/templates/
creating: chef-repo/cookbooks/starter/templates/default/
inflating: chef-repo/cookbooks/starter/templates/default/sample.erb
inflating: chef-repo/cookbooks/starter/metadata.rb
creating: chef-repo/cookbooks/starter/attributes/
inflating: chef-repo/cookbooks/starter/attributes/default.rb
inflating: chef-repo/cookbooks/chefignore
inflating: chef-repo/README.md
inflating: chef-repo/.gitignore
creating: chef-repo/.chef/
creating: chef-repo/roles/
inflating: chef-repo/.chef/knife.rb
inflating: chef-repo/roles/starter.rb
inflating: chef-repo/.chef/chefadmin.pem
inflating: chef-repo/.chef/ln_blog-validator.pem

chef-repo

This is the file structure for the downloaded Chef repository. It contains all the required file structures to start with.

Cookbook SuperMarket

Chef cookbooks are available in the Cookbook Super Market, we can go to the Chef SuperMarket here. Download the required cookbooks from there. I'm downloading one of the cookbook to install Apache from there.

root@chefwork chef-repo]# knife cookbook site download learn_chef_httpd
Downloading learn_chef_httpd from Supermarket at version 0.2.0 to /root/chef-repo/learn_chef_httpd-0.2.0.tar.gz
Cookbook saved: /root/chef-repo/learn_chef_httpd-0.2.0.tar.gz

Extract this cookbook inside the "cookbooks" folder.

[root@chefwork chef-repo]# tar -xvf learn_chef_httpd-0.2.0.tar.gz

learn

All the required files are automatically created under this cookbook. We didn't require to make any modifications. Let's check our recipe description inside our recipe folder.

[root@chefwork recipes]# cat default.rb
#
# Cookbook Name:: learn_chef_httpd
# Recipe:: default
#
# Copyright (C) 2014
#
#
#
package 'httpd'

service 'httpd' do
action [:enable, :start]
end

template '/var/www/html/index.html' do
source 'index.html.erb'
end

service 'iptables' do
action :stop
end
[root@chefwork recipes]#
[root@chefwork recipes]# pwd
/root/chef-repo/cookbooks/learn_chef_httpd/recipes
[root@chefwork recipes]#

So we just need to upload this cookbook to our Chef server as it looks perfect.

Validating the Connection b/w Server and Workstation

Before uploading the cookbook, we need to check and confirm the connection between our Chef server and Workstation. First of all, make sure you've proper Knife configuration file.

[root@chefwork .chef]# cat knife.rb
current_dir = File.dirname(__FILE__)
log_level :info
log_location STDOUT
node_name "chefadmin"
client_key "#{current_dir}/chefadmin.pem"
validation_client_name "linox-validator"
validation_key "#{current_dir}/linox-validator.pem"
chef_server_url "https://chefserver.test20.com:443/organizations/linox"

cookbook_path ["#{current_dir}/../cookbooks"]

This configuration file is location at /root/chef-repo/.chef folder. The highlighted portions are the main things to take care. Now you can run this command to check the connections.

root@chefwork .chef]# knife client list
ERROR: SSL Validation failure connecting to host: chefserver.test20.com - SSL_connect returned=1 errno=0 state=error: certificate verify failed
ERROR: Could not establish a secure connection to the server.
Use `knife ssl check` to troubleshoot your SSL configuration.
If your Chef Server uses a self-signed certificate, you can use
`knife ssl fetch` to make knife trust the server's certificates.

Original Exception: OpenSSL::SSL::SSLError: SSL Error connecting to https://chefserver.test20.com/clients - SSL_connect returned=1 errno=0 state=error: certificate verify failed

You can see an SSL error reporting. In order to rectify this error, we need to fetch the SSL certificate for our Chef Server and store it inside the /root/.chef/trusted_certs folder. We can do this by running this command.

root@chefwork .chef]# knife ssl fetch
WARNING: Certificates from chefserver.test20.com will be fetched and placed in your trusted_cert
directory (/root/chef-repo/.chef/trusted_certs).

Knife has no means to verify these are the correct certificates. You should
verify the authenticity of these certificates after downloading.

Adding certificate for chefserver.test20.com in /root/chef-repo/.chef/trusted_certs/chefserver_test20_com.crt

Verifying the SSL:

[root@chefwork .chef]# knife ssl check
Connecting to host chefserver.test20.com:443
Successfully verified certificates from `chefserver.test20.com'

[root@chefwork .chef]# knife client list
chefnode
linox-validator
[root@chefwork .chef]# knife user list
chefadmin

Uploading the Cookbook

We can upload our cookbook to our chef server from the workstation using the knife command as below:

#knife cookbook upload learn_chef_httpd

[root@chefwork cookbooks]# knife cookbook upload learn_chef_httpd
Uploading learn_chef_httpd [0.2.0] Uploaded 1 cookbook.

Verify the cookbook from the Chef Server Management console.

uploadedcookbook

 

Adding a Node

This is the final step in the Chef implementation. We've setup a workstation, a Chef server and then now we need to add our clients to the Chef server for automation. I'm adding my chefnode to the server using the knife bootstrap command as below:

[root@chefwork cookbooks]# knife bootstrap 45.33.76.60 --ssh-user root --ssh-password dkfue@321 --node-name chefnode
Creating new client for chefnode
Creating new node for chefnode
Connecting to 45.33.76.60
45.33.76.60 -----> Installing Chef Omnibus (-v 12)
45.33.76.60 downloading https://omnitruck-direct.chef.io/chef/install.sh
45.33.76.60 to file /tmp/install.sh.5457/install.sh
45.33.76.60 trying wget...
45.33.76.60 el 7 x86_64
45.33.76.60 Getting information for chef stable 12 for el...
45.33.76.60 downloading https://omnitruck-direct.chef.io/stable/chef/metadata?v=12&p=el&pv=7&m=x86_64
45.33.76.60 to file /tmp/install.sh.5466/metadata.txt
45.33.76.60 trying wget...
45.33.76.60 sha1 4def83368a1349959fdaf0633c4d288d5ae229ce
45.33.76.60 sha256 6f00c7bdf96a3fb09494e51cd44f4c2e5696accd356fc6dc1175d49ad06fa39f
45.33.76.60 url https://packages.chef.io/stable/el/7/chef-12.10.24-1.el7.x86_64.rpm
45.33.76.60 version 12.10.24
45.33.76.60 downloaded metadata file looks valid...
45.33.76.60 downloading https://packages.chef.io/stable/el/7/chef-12.10.24-1.el7.x86_64.rpm
45.33.76.60 to file /tmp/install.sh.5466/chef-12.10.24-1.el7.x86_64.rpm
45.33.76.60 trying wget...
45.33.76.60 Comparing checksum with sha256sum...
45.33.76.60 Installing chef 12
45.33.76.60 installing with rpm...
45.33.76.60 warning: /tmp/install.sh.5466/chef-12.10.24-1.el7.x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID 83ef826a: NOKEY
45.33.76.60 Preparing... ################################# [100%] 45.33.76.60 Updating / installing...
45.33.76.60 1:chef-12.10.24-1.el7 ################################# [100%] 45.33.76.60 Thank you for installing Chef!
45.33.76.60 Starting the first Chef Client run...
45.33.76.60 Starting Chef Client, version 12.10.24
45.33.76.60 resolving cookbooks for run list: [] 45.33.76.60 Synchronizing Cookbooks:
45.33.76.60 Installing Cookbook Gems:
45.33.76.60 Compiling Cookbooks...
45.33.76.60 [2016-05-20T15:36:41+00:00] WARN: Node chefnode has an empty run list.
45.33.76.60 Converging 0 resources
45.33.76.60
45.33.76.60 Running handlers:
45.33.76.60 Running handlers complete
45.33.76.60 Chef Client finished, 0/0 resources updated in 08 seconds
[root@chefwork chef-repo]#

This command will also initialize the installation of the Chef-client in the Chef node. You can verify it from the CLI on the workstation using the knife commands below:

[root@chefwork chef-repo]# knife node list
chefnode

[root@chefwork chef-repo]# knife node show chefnode
Node Name: chefnode
Environment: _default
FQDN: chefnode.test20.com
IP: 45.33.76.60
Run List: recipe[learn_chef_httpd]
Roles:
Recipes:
Platform: centos 7.2.1511
Tags:

Verifying it from the Management console.

added nodechef

We can get more information regarding the added node by selecting the node and viewing the Attributes section.

node details

Managing Node Run List

Let's see how we can add a cookbook to the node and manage its runlist from the Chef server. As you see in the screenshot, you can click the Actions tab and select the Edit Runlist option to manage the runlist.

node_run

In the Available Recipes,  you can see our learn_chef_httpd recipe, you can drag that from the available packages to the current run list and save the runlist.

drag_recipe

Now login to your node and just run the command chef-client to execute your runlist.

root@chefnode ~]# chef-client
Starting Chef Client, version 12.10.24
resolving cookbooks for run list: ["learn_chef_httpd"] Synchronizing Cookbooks:
- learn_chef_httpd (0.2.0)
Installing Cookbook Gems:
Compiling Cookbooks...
Converging 4 resources
Recipe: learn_chef_httpd::default
* yum_package[httpd] action install

Similarly, we can add any number of nodes to your Chef Server depending on its configuration and hardware. I hope this article provided you with the basic understanding of Chef implementation. I would recommend your valuable comments and suggestions on this. Thank you for reading this :)

Happy Automation with Chef!!

About Saheetha Shameer

I'm working as a Senior System Administrator. I'm a quick learner and have a slight inclination towards following the current and emerging trends in the industry. My hobbies include hearing music, playing strategy computer games, reading and gardening. I also have a high passion for experimenting with various culinary delights :-)

Author Archive Page

Have anything to say?

Your email address will not be published. Required fields are marked *

All comments are subject to moderation.

3 Comments

  1. Hi,

    Nice article, it help me a lot. But I have a question that can we have to login to every chef node to execute " chef-client " cmd ?

    Regards,