Managing a Node using Chef
Managing a Node using Chef
Updated: 03 September 2023
1Infrastructure Automation > Manage a node > Ubuntu > On premisesOverview
Chef typically comprises of three different parts
- A Workstation which is the computer that cookbooks are authored and administered from (This can be your daily PC with any OS)
- A Chef Server is the central repository for cookbooks as well as information about the nodes they manage
- A Node is any computer managed by a Chef server and has Chef installed on it (This can be any instance of Ubuntu 14.04)
For this section we will need to have all of the above set up
Set Up Your Workstation
Download Chef
You will first need to download the Chef for your workstation from here
Open Chef Workstation
On Windows open the Chef Workstation Powershell app (CW Powershell), on Mac and Ubuntu open a terminal as usual
Be sure to use CW Powershell for the remainder of steps being carried out on Windows
Create a Working Directory
We’ll use our learn-chef directory that we set up earlier
Install Git
How do you not have this??
Verify SSH
If you need to connect to your Chef Server with SSH, verify that you have SSH installed by running ssh in your terminal. For Windows an SSH client is included with Git and Chef Workstation
Install Chef Server
Install and Configure
On the server, create a file /tmp/install-chef-server.sh with the following contents
1#!/bin/bash2apt-get update3apt-get -y install curl4
5# create staging directories6if [ ! -d /drop ]; then7 mkdir /drop8fi9if [ ! -d /downloads ]; then10 mkdir /downloads11fi12
13# download the Chef server package14if [ ! -f /downloads/chef-server-core_12.17.33_amd64.deb ]; then15 echo "Downloading the Chef server package..."16 wget -nv -P /downloads https://packages.chef.io/files/stable/chef-server/12.17.33/ubuntu/16.04/chef-server-core_12.17.33-1_amd64.deb17fi18
19# install Chef server20if [ ! $(which chef-server-ctl) ]; then21 echo "Installing Chef server..."22 dpkg -i /downloads/chef-server-core_12.17.33-1_amd64.deb23 chef-server-ctl reconfigure24
25 echo "Waiting for services..."26 until (curl -D - http://localhost:8000/_status) | grep "200 OK"; do sleep 15s; done27 while (curl http://localhost:8000/_status) | grep "fail"; do sleep 15s; done28
29 echo "Creating initial user and organization..."30 chef-server-ctl user-create chefadmin Chef Admin admin@4thcoffee.com insecurepassword --filename /drop/chefadmin.pem31 chef-server-ctl org-create 4thcoffee "Fourth Coffee, Inc." --association_user chefadmin --filename 4thcoffee-validator.pem32fi33
34echo "Your Chef server is ready!"Next make the script a binary with
1sudo chmod u+x /tmp/install-chef-server.shAnd then run it
1sudo /tmp/install-chef-server.shConfigure Ports
Ensure that ports 22, 80, and 443 are exposed on the Chef Server - On VirtualBox I just used port forwarding to map these to my local 22, 80, and 443 ports
Configure the Workstation
kife is the command line tool that provides the interface between the your Workstation and the Chef Server, knife requires two files to authenticate with the Chef Server:
- An RSA Private Key - The Chef server holds the public part, the Workstation holds the private
- A
knifeconfig file, typically calledknife.rband contains information like the Chef Server’s URL, the location of the RSA Private key, and the default cookbook location
Both of these are usually located in a .chef directory
knife provides a a way for you to download the necessary files as a starter kit, but that resets all keys for all users in the account, hence we will do so manually by following the instructions here
Create an Organization
Do not do this now, the setup script already has configured this for us
We can create an organization with the chef-server-ctl org-create command, the command has the following structure
1 chef-server-ctl org-create ORG_NAME ORG_FULL_NAME -f FILE_NAMECreate a User
Do not do this now, the setup script already has configured this for us
Similar to the process above, use chef-server-ctl user-create to create a user, this has the general structure of
1chef-server-ctl user-create USER_NAME FIRST_NAME LAST_NAME EMAIL PASSWORD -f FILE_NAMEMove the .pem Files
Move the .pem files we just created to our chef-repo with the following command
1cp /path/to/ORGANIZATION-validator.pem ~/chef-repo/.chefCopy the Private Key to Workstation
Copy the chefadmin.pem file to your Workstation’s learn-chef/.chef directory
Create Knife Config File
Create a knife config file learn-chef/.chef/knife.rb and replace the chef_server_url with your Chef server’s FQDN
1current_dir = File.dirname(__FILE__)2log_level :info3log_location STDOUT4node_name "chefadmin"5client_key "#{current_dir}/chefadmin.pem"6chef_server_url "http://localhost/organizations/4thcoffee"7cookbook_path ["#{current_dir}/../cookbooks"]Verify the Setup
From the learn-chef directory, with CW Powershell (or bash on another OS) run the following commands
1knife ssl fetch2knife ssl check