Saturday, November 7, 2015

Chef 12 Installation in CentOS

Chef has 3 components:

  • Chef Server (192.168.56.101) - CentOS 6.4
  • Chef Workstation (192.168.56.102) - CentOS 7.0
  • Chef Client(Node) (192.168.56.103) - CentOS 6.4

Configure hostnames

In CentOS 6.4, set the hostname in /etc/sysconfig/network file as follows


HOSTNAME=chef-server    (in chef server 192.168.56.101)
HOSTNAME=chef-client     (in chef client 192.168.56.103)

In CentOS 7.0, set the hostname

hostnamectl set-hostname chef-workstation (192.168.56.102)


Then in /etc/hosts file in each of the above hosts make an entry as follows


192.168.56.101 chef-server chef-server.localdomain
192.168.56.102 chef-workstation chef-workstation chef-workstation
192.168.56.103 chef-client chef-client chef-client

Chef Server Installation


# wget https://web-dl.packagecloud.io/chef/stable/packages/el/6/chef-server-core-12.2.0-1.el6.x86_64.rpm
# rpm -ivh chef-server-core-12.2.0-1.el6.x86_64.rpm
# chef-server-ctl reconfigure
# chef-server-ctl test

# mkdir -p /etc/chef-server/

Create Admin User

Syntax for creating a chef user account
chef-server-ctl user-create user_name first_name last_name email password --filename FILE_NAME

An RSA private key is generated automatically. This is the user’s private key and should be saved to a safe location. The --filename option will save the RSA private key to a specified path. 

Iam creating a chef user "chefadmin" whose key is chefadmin.pem

chef-server-ctl user-create chefadmin ChefUser Admin chefadmin@chef-server.com 1q2w3e4r --filename /etc/chef-server/chefadmin.pem

Create an Org

Syntax for creating a chef org

chef-server-ctl org-create short_name "full_organization_name" --association_user user_name --filename ORGANIZATION-validator.pem

The --association_user option will associate the user_name with the admins security group on the Chef server.

An RSA private key is generated automatically. This is the chef-validator key and should be saved to a safe location. The --filename option will save the RSA private key to a specified path

Iam creating a org chefserver whose key is chefserver-validator.pem using the user chefadmin created earlier

chef-server-ctl org-create chefserver ChefServer --association_user chefadmin --filename /etc/chef-server/chefserver-validator.pem


Chef workstation setup


As root user run the following command

# curl -L https://www.opscode.com/chef/install.sh | bash

2) When the installation is finished enter the chef-client command to verify that the chef-client was installed:
# chef-client -v

3) Under a normal user, I will  create the “.chef” directory under the user's home directory /home/xyz/.chef, where xyz is the username

The .chef directory is used to store three files:
  • knife.rb
  • ORGANIZATION-validator.pem
  • USER.pem

The *.pem keys are the ones generated in Chef Server for User and Organization.
Need to copy those keys from Chef server to Chef Workstation

$ cd /home/xyz/

Copying the User key from Chef Server to Chef workstation
$ scp root@chef-server:/etc/chef-server/chefadmin.pem ~/.chef/

Copying the Organization key from Chef Server to Chef workstation
$ scp root@chef-server:/etc/chef-server/chefserver-validator.pem ~/.chef/

Configure knife configuration file  ~/.chef/knife.rb file
log_level                :info
log_location             STDOUT
node_name                'chefadmin'
client_key               '/home/xyz/.chef/chefadmin.pem'
validation_client_name   'chefserver-validator'      
validation_key           '/home/xyz/.chef/chefserver-validator.pem'  
chef_server_url          'https://chef-server:443/organizations/chefserver'
syntax_check_cache_path  '/home/xyz/chef-repo/.chef/syntax_check_cache'

Run knife ssl fetch to trust the server’s self-signed cert.

knife client list should now show you the name of your validator, which in this case is:
chefserver-validator

knife user list
chefadmin

BootStraping Chef Client

We will install Chef client software in chef-client machine from chef-workstation machine

Bootstrapping a node installs the chef-client and validates the node, allowing it to read from the Chef server.

1) From Chef workstation, bootstrap the chef client node by using the chef client node’s root user
   knife bootstrap <Chef Client IP> -x root -P password --node-name <nodename>

   <nodename> is optional. If not specified it will take the hosname of Chef client node as nodename

    knife bootstrap <Chef Client IP or hostname>
    $ knife bootstrap chef-client (or)  knife bootstrap 192.168.56.103

2) Confirm that the node has been bootstrapped by listing the nodes in Chef Workstation by running the command
 $ knife node list 

Reference

  • https://www.digitalocean.com/community/tutorials/how-to-create-simple-chef-cookbooks-to-manage-infrastructure-on-ubuntu
  • https://www.linode.com/docs/applications/chef/setting-up-chef-ubuntu-14-04


Posted by at 1 comment:

Tuesday, November 3, 2015

Chef 12 Workstation : Response: missing read permission

While setting up Chef Workstation, after configuring ~/.chef/knife.rb file, tried validating the Chef Workstation with Chef Server by running the command

[chef-workstation .chef]$ knife user list
ERROR: You authenticated successfully to https://chef-server:443 as chefadmin but you are not authorized for this action
Response:  missing read permission

Upon analyzing the cause, it was figured out that in the file ~/.chef/knife.rb in Chef Worsktation, the entry for chef_server_url was wrongly specified as

chef_server_url          'https://chef-server:443/'  - Wrong

From Chef 12, this should be specified as
chef_server_url          'https://chef-server:443/organizations/xxxx' - Correct

where, xxxx - Name of the Organization created in Chef Server
Posted by at No comments:
Subscribe to: Posts (Atom)