Chef Automation

A chef is open source tool that is a automation platform that configure and manage your
infrastructure. It is written in Ruby and Erlang languages, it can easily integrate with cloud
platforms to automatically provision and configure new servers.

Features of Chef

• You can easily manage thousands of servers using only a handful of employees.
• Chef is written in Ruby language, so you can customize Chef.
• You are not locked into one way of using Chef. A chef can operate in a distributed stand-
alone mode or in a centralized mode requiring a server.
• Chef is open source and supported by a vibrant community of system administrators
and developers.

Main components of Chef

Chef environment is typically made up of three components

• Chef Server
• Workstation
• Chef Node
Chef Server
The Chef server is the brains of the operation which acts as a hub to store configuration data
that is available to every node and also administer access rights.
The Chef Server stores and holds all the cookbooks, recipes and metadata that illustrates each
and every registered node which is being managed by the chef-client and the policies that are
applied to nodes.

Workstation
Workstation is the development machine from where users run all configuration related tasks
which includes creation of cookbooks and recipes, updating chef-repo, interacting with the
single Chef server and many more.

Chef Nodes
A node can be a physical, virtual or cloud machine that contain the chef-client which performs
all the infrastructure automation. Nodes are the computers that we manage using chef and it
act as server in our infrastructure.

Environment

Hostname IP Address OS Purpose

master.example.com 172.16.10.123 Centos-7 Chef Server
work.example.com 172.16.15.1 Centos-7 Chef Workstation
node1.example.com 172.16.15.2 Centos-7 Chef Node

Prerequisites
 Host should have fully configured hostname.
Update FQDN – Server, Workstation, and Node

# vim /etc/hosts
172.16.10.123 master.example.com master
172.16.15.1 work.example.com work
172.16.15.2 node1.example.com node1

 Following package are required.

# yum install wget curl -y
 CHEF SERVER INSTALLATION
1- Install the some required packages

[root@master ~]# yum install wget curl -y

2- Check domain name for your Chef server to resolve requests correctly

[root@master ~]# hostname -f

master.example.com

3- Download and Install Chef Server - Official Website (https://downloads.chef.io/chef-server)

For 64 Bit
[root@master ~]# wget https://packages.chef.io/files/stable/chef-server/12.15.8/el/7/chef-
server-core-12.15.8-1.el7.x86_64.rpm

For 32 Bit
[root@master ~]# wget https://packages.chef.io/files/stable/chef-server/12.15.8/el/7/chef-
server-core-12.15.8-1.el7.s390x.rpm

4- Install Download Package

[root@master ~]# rpm -ivh chef-server-core-12.15.8-1.el7.x86_64.rpm

Preparing... ####################################### [100%]

Updating / installing...
1:chef-server-core-12.15.8-1.el7 ################################# [100%]

[root@master ~]#

5- Run below command to configure Chef Server and start all the services

[root@master ~]# chef-server-ctl reconfigure

6- Check the status of Chef Server

[root@master ~]# chef-server-ctl status

run: bookshelf: (pid 903) 2677s; run: log: (pid 902) 2677s
run: nginx: (pid 890) 2677s; run: log: (pid 889) 2677s
run: oc_bifrost: (pid 894) 2677s; run: log: (pid 893) 2677s
run: oc_id: (pid 886) 2677s; run: log: (pid 885) 2677s
run: opscode-erchef: (pid 904) 2677s; run: log: (pid 901) 2677s
run: opscode-expander: (pid 892) 2677s; run: log: (pid 891) 2677s
run: opscode-solr4: (pid 884) 2677s; run: log: (pid 883) 2677s
run: postgresql: (pid 896) 2677s; run: log: (pid 895) 2677s
run: rabbitmq: (pid 898) 2677s; run: log: (pid 897) 2677s
run: redis_lb: (pid 888) 2677s; run: log: (pid 887) 2677s
[root@master ~]#

7- Create a administrator user to access and manage the Chef server

Note (Change the below mention details own your according)

User Name- admin
Full Name- Ashutosh
Last Name- Maurya
Email ID- admin@example.com
User Password- ashu@123
Path- /etc/chef

[root@master ~]# chef-server-ctl user-create admin Ashutosh Maurya admin@example.com

'ashu@123' --filename /etc/chef/admin.pem

Check User Created Or Not

[root@master ~]# chef-server-ctl user-list

admin

8- Create Organization

[root@master ~]# chef-server-ctl org-create ashudevops 'Linux ORG' --association_user admin

--filename /etc/chef/linuxorg-validator.pem

ashudevops
Name must begin with lowercase letter or digit, may contain lowercase letter, numbers,
hyphens, and underscores, and must be between 1 and 255 characters

Linux ORG
Must begin with non-white space character and must be between 1 and 1023 characters

admin
This option will associate the previously created user (admin) with the admins security group on
the chef server
Linuxorg-validator.pem
Command will generate the RSA private key automatically and should be saved to a safe
location

Verify The Organization

[root@master ~]# chef-server-ctl org-list
ashudevops

Note - The “chef-server-ctl” command is used on the Chef Server system for management. It
has built-in help (-h) that will display the various sub-commands.

9- Create chef server Management Console (This is the additional feature of the Chef)

[root@master ~]# wget https://packages.chef.io/files/stable/chef-manage/2.5.4/el/7/chef-

manage-2.5.4-1.el7.x86_64.rpm

[root@master ~]# rpm -ivh chef-manage-2.5.4-1.el7.x86_64.rpm

[root@master ~]# chef-manage-ctl reconfigure

10- You can access Chef Management Console using your server IP Address or hostname

https://172.16.10.123 or https://master.example.com
Chef Server Configuration Successfully Done…..!!

CHEF WORKSTATION INSTALLATION

1- Download the latest version of Chef Development Kit

[root@work ~]# hostname -f

work.example.com

[root@work ~]# wget https://packages.chef.io/files/stable/chefdk/2.4.17/el/7/chefdk-2.4.17-

1.el7.x86_64.rpm

2- Install Chef Development Kit

[root@work ~]# rpm -ivh chefdk-2.4.17-1.el7.x86_64.rpm

3- Now Verify the Chef Development Kit

[root@work ~]# chef verify

Running verification for component 'berkshelf'

Running verification for component 'test-kitchen'
Running verification for component 'tk-policyfile-provisioner'
Running verification for component 'chef-client'
Running verification for component 'chef-dk'
Running verification for component 'chef-provisioning'
Running verification for component 'chefspec'
Running verification for component 'generated-cookbooks-pass-chefspec'
Running verification for component 'rubocop'
Running verification for component 'fauxhai'
Running verification for component 'knife-spork'
Running verification for component 'kitchen-vagrant'
Running verification for component 'package installation'
Running verification for component 'openssl'
Running verification for component 'inspec'
Running verification for component 'delivery-cli'
Running verification for component 'git'
Running verification for component 'opscode-pushy-client'
Running verification for component 'chef-sugar'
................................................................................................................................................
Verification of component 'openssl' succeeded.
Verification of component 'delivery-cli' succeeded.
Verification of component 'fauxhai' succeeded.
Verification of component 'kitchen-vagrant' succeeded.
Verification of component 'git' succeeded.
Verification of component 'test-kitchen' succeeded.
Verification of component 'rubocop' succeeded.
Verification of component 'opscode-pushy-client' succeeded.
Verification of component 'tk-policyfile-provisioner' succeeded.
Verification of component 'berkshelf' succeeded.
Verification of component 'knife-spork' succeeded.
Verification of component 'inspec' succeeded.
Verification of component 'chef-dk' succeeded.
Verification of component 'chefspec' succeeded.
Verification of component 'chef-sugar' succeeded.
Verification of component 'chef-client' succeeded.
Verification of component 'generated-cookbooks-pass-chefspec' succeeded.
Verification of component 'chef-provisioning' succeeded.
Verification of component 'package installation' succeeded.
4- Before generating chef-repo, you must install an open source version control tool called git
on the machine.

[root@work ~]# yum install git -y

5- Generate Chef-Repo & Setup a user with the email address to begin the git configuration.

[root@work ~]# cd
[root@work ~]# chef generate repo chef-repo
[root@work ~]# ll -a chef-repo/

-rw-r--r-- 1 root root 255 Dec 5 01:10 .chef-repo.txt

drwxr-xr-x 7 root root 4096 Dec 5 01:10 .git
-rw-r--r-- 1 root root 106 Dec 5 01:10 .gitignore
-rw-r--r-- 1 root root 70 Dec 5 01:10 LICENSE
-rw-r--r-- 1 root root 1499 Dec 5 01:10 README.md
-rw-r--r-- 1 root root 1133 Dec 5 01:10 chefignore
drwxr-xr-x 3 root root 4096 Dec 5 01:10 cookbooks
drwxr-xr-x 3 root root 4096 Dec 5 01:10 data_bags
drwxr-xr-x 2 root root 4096 Dec 5 01:10 environments
drwxr-xr-x 2 root root 4096 Dec 5 01:10 roles

[root@work ~]# cd ~/chef-repo/

[root@work chef-repo]# git config --global user.name "admin"
[root@work chef-repo]# git config --global user.email "admin@example.com"

[root@work chef-repo]# git init

6- Create a hidden directory called “.chef” under the chef-repo directory. Add and commit all
existing files.
Note: This hidden directory will hold the RSA keys that we created on the Chef server.

[root@work chef-repo]# mkdir -p .chef

[root@work chef-repo]# echo '.chef' >> .gitignore
[root@work chef-repo]# git add .
[root@work chef-repo]# git commit -m "initial commit"

7- Check the status

[root@work chef-repo]# git status

nothing to commit, working directory clean. (SHOW THE OUTPUT)
[root@work chef-repo]# cd
[root@work ~]#

8- Now Copy RSA Keys To The Workstation

[root@work ~]# scp -r root@master.example.com:/etc/chef/admin.pem /root/chef-

repo/.chef/

[root@work ~]# scp -r root@master.example.com:/etc/chef/linuxorg_validator.pem

/root/chef-repo/.chef/

9- Cretae a knife.rb file - Knife is a command line interface for between a local chef-repo and
the Chef server

[root@work ~]# vim /root/chef-repo/.chef/knife.rb

current_dir = File.dirname(__FILE__)
log_level :info
log_location STDOUT
node_name "admin"
client_key "#{current_dir}/admin.pem"
validation_client_name "linuxorg-validator"
validation_key "#{current_dir}/linuxorg_validator.pem"
chef_server_url "https://master.example.com/organizations/ashudevops"
syntax_check_cache_path "#{ENV['HOME']}/.chef/syntaxcache"
cookbook_path ["#{current_dir}/../cookbooks"]

:wq (Save & Quit)

log_level: The amount of logging that will be stored in the log file.
log_location: The location of the log file.
node_name: The username of the person using the workstation.
client_key: The location of the user’s authorization key.
validation_client_name: The name for the server validation key that will determine whether a
node is registered with the Chef server.
validation_key: The path to your organization’s validation key.
chef_server_url: The URL of the Chef server, with shortname being the defined shortname of
your organization. /organizations/shortname must be included in the URL.
syntax_check_cache_path: The location in which knife stores information about files that have
been checked for appropriate Ruby syntax.
cookbook_path: The path to the cookbook directory.
[root@work ~]#

10. Test the Knife

[root@work ~]# cd ~/chef-repo/

[root@work chef-repo]# knife ssl fetch
[root@work chef-repo]# knife ssl check
Connecting to host master.example.com:443
Successfully verified certificates from `master.example.com'

[root@work chef-repo]# knife client list

Linuxorg-validator

This output confirms the verification has been completed successfully…..!!

CHEF NODE INSTALLATION

1- Check Node1 connected or not - From Workstation Machine

[root@work chef-repo]# ping -c 3 node1.example.com

PING node1.example.com (172.16.15.2) 56(84) bytes of data.

64 bytes from node1.example.com (172.16.15.2): icmp_seq=1 ttl=64 time=0.049 ms
64 bytes from node1.example.com (172.16.15.2): icmp_seq=2 ttl=64 time=0.031 ms
64 bytes from node1.example.com (172.16.15.2): icmp_seq=3 ttl=64 time=0.023 ms

--- node1.example.com ping statistics ---

3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 0.023/0.034/0.049/0.011 ms
[root@work chef-repo]#

2- Now run the following command in order for a client to register itself with Chef Server. -
From Workstation Machine

Node Server Details

Node Server Name FQDN node1.example.com
Username of Node Server root
root user password - Node Server ashu@123
Node Name Node1

[root@work chef-repo]# knife bootstrap node1.example.com --ssh-user root --ssh-password

'ashu@123' --node-name node1

Doing old-style registration with the validation key at /root/chef- (SHOW THE OUTPUT)
repo/.chef/linuxorg_validator.pem...
Delete your validation key in order to use your user credentials instead

Connecting to node1.example.com
node1.example.com -----> Installing Chef Omnibus (-v 12)
node1.example.com downloading https://omnitruck-direct.chef.io/chef/install.sh
node1.example.com to file /tmp/install.sh.670/install.sh
node1.example.com trying wget...
node1.example.com el 6 x86_64
node1.example.com Getting information for chef stable 12 for el...
node1.example.com downloading https://omnitruck-
direct.chef.io/stable/chef/metadata?v=12&p=el&pv=6&m=x86_64
node1.example.com to file /tmp/install.sh.679/metadata.txt
node1.example.com trying wget...
node1.example.com sha1 e1f7d3c6ee99aedeac4ad8a950877af7edc8164c
node1.example.com sha256
6a47f8f88d3f4568defa13076a21a005bd48ee3e7100d3c66d8f0cc41554306e
node1.example.com url https://packages.chef.io/files/stable/chef/12.21.26/el/6/chef-
12.21.26-1.el6.x86_64.rpm
node3.example.com version 12.21.26
node1.example.com downloaded metadata file looks valid...
node1.example.com downloading
https://packages.chef.io/files/stable/chef/12.21.26/el/6/chef-12.21.26-1.el6.x86_64.rpm
node1.example.com to file /tmp/install.sh.679/chef-12.21.26-1.el6.x86_64.rpm
node1.example.com trying wget...
node1.example.com Comparing checksum with sha256sum...
node1.example.com Installing chef 12
node1.example.com installing with rpm...
node1.example.com warning: /tmp/install.sh.473/chef-12.21.26-1.el7.x86_64.rpm: Header V4
DSA/SHA1 Signature, key ID 83ef826a: NOKEY
node1.example.com Preparing... ################################# [100%]
node1.example.com Updating / installing...
node1.example.com 1:chef-12.21.26-1.el7 ########################## [100%]
node1.example.com Thank you for installing Chef!
node1.example.com Starting the first Chef Client run...
node1.example.com Starting Chef Client, version 12.21.26
node1.example.com [2017-12-05T02:24:05-05:00] INFO: *** Chef 12.21.26 ***
node1.example.com [2017-12-05T02:24:05-05:00] INFO: Platform: x86_64-linux
node1.example.com [2017-12-05T02:24:05-05:00] INFO: Chef-client pid: 621
node1.example.com [2017-12-05T02:24:09-05:00] INFO: Run List is []
node1.example.com [2017-12-05T02:24:09-05:00] INFO: Run List expands to []
node1.example.com [2017-12-05T02:24:09-05:00] INFO: Starting Chef Run for node1
node1.example.com [2017-12-05T02:24:09-05:00] INFO: Running start handlers
node1.example.com [2017-12-05T02:24:09-05:00] INFO: Start handlers complete.
node1.example.com [2017-12-05T02:24:09-05:00] INFO: Error while reporting run start to
node1.example.com resolving cookbooks for run list: []
node1.example.com [2017-12-05T02:24:09-05:00] INFO: Loading cookbooks []
node1.example.com Synchronizing Cookbooks:
node1.example.com Installing Cookbook Gems:
node1.example.com Compiling Cookbooks...
node1.example.com Converging 0 resources
node1.example.com [2017-12-05T02:24:10-05:00] INFO: Chef Run complete in 0.360935465
seconds
node1.example.com
node1.example.com Running handlers:
node1.example.com [2017-12-05T02:24:10-05:00] INFO: Running report handlers
node1.example.com Running handlers complete
node1.example.com [2017-12-05T02:24:10-05:00] INFO: Report handlers complete
node1.example.com Chef Client finished, 0/0 resources updated in 04 seconds

[root@work chef-repo]#
[root@work chef-repo]#

3- Verify the Node is successfully registered with Chef Server using - From Workstation
Machine

[root@work chef-repo]# knife node list

node1

4- Check Node List From Chef Server Web UI

Node1 Successfully Registered On Chef Server....!!

Reference- Ashutosh
https://docs.chef.io/install_server.html