How We Manage Our Infrastructure with Chef

It’s been awhile since we decided to remotely update the servers. Not even the servers, but the scripts on those servers.

We use self-compiled scripts for content update (for real-time debugging). Using the server-client principle, that is the initializer script and the executable script on the servers. But since there are a lot of servers, making changes to a script on each server will take ages.

So, we begin.

Requirements: 

1. We already have the OS with updated packages.

2. We have a FQDN name.

3. Curl and wget should already be installed.

Server installation: 

1. Go to https://www.opscode.com/chef/install

2. Click tab “Chef Server”

3. Select the operating system and the architecture

4. Select Chef version

5. Install the package

Configure Chef server 11.*. Run command

It will install and set up the required packages itself

Then we stop the web-server, if any, and run the verification script:

After the test, go to:

# https://FQDN-OR-IP-OF-CHEF-SERVER

Note: Default UserName/Password: admin/p@ssw0rd1

Setting up the WorkStation: 

Run command (on Linux like)

% Total % Received % Xferd Average Speed Time Time Time Current

Dload Upload Total Spent Left Speed

101 6790 101 6790 0 0 3826 0 0:00:01 0:00:01 —:—:— 12190

Downloading Chef for el…

Installing Chef

warning: /tmp/tmp.KnyQTnqz/chef-.x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID 83ef826a: NOKEY

Preparing… ########################################### [100%] 1:chef ########################################### [100%] Thank you for installing Chef!

After the installation is complete, verify the client is installed

 Chef: 11.6.0

Create a Chef directory

Copy Cert Keys from Chef Server to Workstation User Folder

Now, configure the client using the “knife” command

Overwrite /root/.chef/knife.rb? (Y/N) y

Please enter the chef server URL: [https://test.example.com:443] https://chef-server.example.com:443/

Please enter a name for the new user: [root] knife-user1

Please enter the existing admin name: [admin] Enter

Please enter the location of the existing admin’s private key: [/etc/chef-server/admin.pem] ~/.chef/admin.pem

Please enter the validation clientname: [chef-validator] Please enter the location of the validation key: [/etc/chef-server/chef-validator.pem] ~/.chef/chef-validator.pem

Please enter the path to a chef repository (or leave blank):

Creating initial API user…

Please enter a password for the new user:

Created user[knife-user1] Configuration file written to /root/.chef/knife.rb

Your “Knife config” (knife.rb) will look like this:

log_level :info

log_location STDOUT

node_name ‘knife-user1’

client_key ‘/root/.chef/knife-user1.pem’

validation_client_name ‘chef-validator’

validation_key ‘/root/.chef/admin.pem’

chef_server_url ‘https://chef-server.example.com:443/’

syntax_check_cache_path ‘/root/.chef/syntax_check_cache’

Check our installation by running the respective commands:

chef-validator

chef-webui

admin

knife-user1

Installing the node:

Run command (on Linux like)

% Total % Received % Xferd Average Speed Time Time Time Current

Dload Upload Total Spent Left Speed

101 6790 101 6790 0 0 3826 0 0:00:01 0:00:01 —:—:— 12190

Downloading Chef for el…

Installing Chef

warning: /tmp/tmp.KnyQTnqz/chef-.x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID 83ef826a: NOKEY

Preparing… ########################################### [100%] 1:chef ########################################### [100%] Thank you for installing Chef!

Create Chef directory

Copy Chef Server Validation Cert Keys from Chef Server to our node in “/etc/chef”:

Run the command and register yourself in Chef Server:

Once the client is verified, we have to create a file in “client.rb” in directory “/etc/chef”.

log_level :info

log_location STDOUT

chef_server_url ‘https://FQDN-OR-IP-OF-CHEF-SERVER’

Check successful registration of the node

On WorkStation, run command:

And on the server in web-interface

# https://FQDN-OR-IP-OF-CHEF-SERVER

Run the client:

Create a simple Cookbook and write a Recipe there

Log in to WorkStation:

cookbook_path [ ‘/usr/local/src/chef/cookbooks’ ]

Create a directory for Cookbook:

Now, create a simple Cookbook

Go to the directory

cookbook-test/

├── attributes

├── CHANGELOG.md

├── definitions

├── files

│ └── default

├── libraries

├── metadata.rb

├── providers

├── README.md

├── recipes

│ └── default.rb

├── resources

└── templates

└── default

Now, let’s create a recipe for the new group (system-admins) and user “sanjay”.

#

# Cookbook Name:: cookbook-test

# Recipe:: default

#

# Copyright 2016, YOUR_COMPANY_NAME

#

# All rights reserved — Do Not Redistribute

#

group «system-admins» do

gid 1001

end

user «sanjay» do

comment «Sanjay User»

shell «/bin/bash»

home «/home/sanjay»

gid «system-admins»

uid 1002

supports :manage_home => true

password «$1$QwuUa80Z$KZkYq8CqICVyIsK1tHZ7s0»

end

To upload cookbooks to the server, do the following:

Note: this will upload all cookbooks to the server

To upload a particular book to the server:

Now, add our recipe to run_list

node1.example.com

node2.example.com

node3.example.com

node1.example.com:

run_list: recipe[cookbook-test

Now, log in to the machine node1.example.com, and run command

[2016-10-25T04:47:36-07:00] INFO: Forking chef instance to converge…

Starting Chef Client, version 11.6.2

[2016-10-25T04:47:36-07:00] INFO: *** Chef 11.6.2 ***

[2016-10-25T04:47:37-07:00] INFO: Run List is

] [2016-10-25T04:47:37-07:00] INFO: Run List expands to [cookbook-test] [2016-10-25T04:47:37-07:00] INFO: Starting Chef Run for node1.example.com

[2016-10-25T04:47:37-07:00] INFO: Running start handlers

[2016-10-25T04:47:37-07:00] INFO: Start handlers complete.

resolving cookbooks for run list: [«cookbook-test»] [2016-10-25T04:47:37-07:00] INFO: Loading cookbooks [cookbook-test] Synchronizing Cookbooks:

[2016-10-25T04:47:37-07:00] INFO: Storing updated cookbooks/cookbook-test/recipes/default.rb in the cache.

[2016-10-25T04:47:37-07:00] INFO: Storing updated cookbooks/cookbook-test/metadata.rb in the cache.

[2016-10-25T04:47:37-07:00] INFO: Storing updated cookbooks/cookbook-test/README.md in the cache.

[2016-10-25T04:47:37-07:00] INFO: Storing updated cookbooks/cookbook-test/CHANGELOG.md in the cache.

— cookbook-test

Compiling Cookbooks…

Converging 1 resources

Recipe: cookbook-test::default

* group[system-admins] action create[2016-10-25T22:23:38-07:00] INFO: Processing group[system-admins] action create (cookbook-test::default line 9)

(up to date)

* user[sanjay] action create[2016-10-25T04:47:37-07:00] INFO: Processing user[sanjay] action create (cookbook-test::default line 9)

(up to date)

[2016-10-25T04:47:37-07:00] INFO: Chef Run complete in 0.48225768 seconds

[2016-10-25T04:47:37-07:00] INFO: Running report handlers

[2016-10-25T04:47:37-07:00] INFO: Report handlers complete

Chef Client finished, 0 resources updated

To create one more sendmail installation and run recipe, type on WorkStation

Upload the cookbook

Run on the node:

Recipe: cookbook-test::sendmail

* package[sendmail] action install[2016-10-25T22:05:22-07:00] INFO: Processing package[sendmail] action install (cookbook-test::sendmail line 1)

[2016-10-25T22:06:14-07:00] INFO: package[sendmail] installing sendmail-8.14.4-8.el6 from base repository

— install version 8.14.4-8.el6 of package sendmail

* service[sendmail] action enable[2016-10-28T04:12:10-07:00] INFO: Processing service[sendmail] action enable (system-users::sendmail line 5)

(up to date)

* service[sendmail] action start[2016-10-28T04:12:11-07:00] INFO: Processing service[sendmail] action start (system-users::sendmail line 5)

[2016-10-28T04:12:11-07:00] INFO: service[sendmail] started

— start service service[sendmail]

This is how Chef works. The official site contains a large amount of information about writing recipes and setting up the program.