Development / DevOps

Install the Chef Infra Server and Client to Ease Configuration Management

7 Sep 2020 9:00am, by

With the Chef Infra configuration management platform, admins will find it easy to achieve consistent configurations at scale. The software provides an easy way to configure physical or virtual machines, and even cloud-based machines.

Chef Infra is used by companies like Cheezburger, Etsy, Facebook, and Indiegogo, so you can be sure this tool has been vetted to perform.

How Chef Infra works is simple: You install both a server and a client. From the client you create recipes that are sent to and distributed by the server.

What we’re going to do is install both the client and the server. I’ll be demonstrating on Ubuntu Server 20.04 for the server. You can install the client on just about any desktop machine. I will, of course, be sticking with Linux as my client (this time, Ubuntu Desktop 20.04).

To make this happen, you’ll need the following:

  • One instance of Ubuntu Server 20.04.
  • One instance of Ubuntu Desktop 20.04.
  • A user with sudo privileges.
  • A network connection.
  • A bit of time.

That’s all you’ll need to get this system up and running. Let’s begin with the server.

Install the Chef Infra Server

The first thing we’ll do is install the Chef Infra server. We’ll be installing the latest stable version, which (at the time of this writing) is 13.2.0-1.

To download the necessary .deb file, log into your Ubuntu Server and issue the command:

wget https://packages.chef.io/files/stable/chef-server/13.2.0/ubuntu/18.04/chef-server-core_13.2.0-1_amd64.deb

Once the file download completes, install the package with the command:

sudo dpkg -i chef-server-core*.deb

When the installation completes, start the services with the command:

sudo chef-server-ctl reconfigure

Create a new directory that will house the necessary security keys for Chef Infra. Do this with the command:

mkdir ~/.chef

The next step is to create a new user that will work with Chef Infra, and a key for that new user. This can be done with the single command:

sudo chef-server-ctl user-create USERNAME FNAME LNAME EMAIL 'PASSWORD' --filename ~/.chef/USERNAME.pem

Where:

  • USERNAME is the username for the new chef user.
  • FNAME is the first name of the new user
  • LNAME is the last name of the new user.
  • EMAIL is the email address associated with the new user.
  • PASSWORD is a strong/unique password for the new chef user.

Once the new user has been created, you’ll then need to create an organization for Chef Infra. This command will associate the newly-created user with the organization you’re about to create. The command for this is:

sudo chef-server-ctl org-create ORGNAME "ORGFULLNAME" --association_user USERNAME --filename ~/.chef/ORGNAME.pem

Where ORGNAME is the name of the new organization and USERNAME is the name of the new user you just created. One thing of note is that ORGNAME must be all lower case. If you attempt to create an organization with upper or mixed case, it will fail.

Believe it or not, that’s all there is to the server installation. You’re ready to move on to the client side of things.

Install the Chef Client

Now we move on to installing the Chef Infra client. Log onto your client machine and download the necessary installation package with the command:

wget https://packages.chef.io/files/stable/chef-workstation/20.8.125/ubuntu/20.04/chef-workstation_20.8.125-1_amd64.deb

Install the downloaded package with the command:

sudo dpkg -i chef-workstation*.deb

When the package installation completes, it’s time to initialize a new repository for Chef Infra that will house all knife configurations. Create a new directory (and a hidden child directory) with the command:

mkdir -p ~/chef-repo/.chef

Change into that newly-created base directory with the command:

cd ~/chef-repo

Now we’re going to generate the necessary RSA keys and copy them to the Chef Infra server. Generate the new keys with the command:

ssh-keygen -b 4096

When your keys are ready, copy the public key to the Chef Infra server with the command:

ssh-copy-id USER@SERVER

Where USER is the username that generated the keypair and server is the IP address of your Chef Infra server.

Next you need to copy the PEM files from your Chef Infra server to your Chef Infra client. Log back into your Chef Infra server and issue the command:

scp USER@CLIENTIP:~/.chef/*.pem ~/chef-repo/.chef/

Where USER is the username that generated the PEM files and CLIENTIP is the IP address of the client machine.

Adding Version Control

You’ll want to add version control for Chef Infra, so you can better track changes with your Chef Infra cookbooks. Before you do this, install git on your Chef Infra client with the command:

sudo apt-get install git -y

Once git is installed, configure it with the following commands:

git config --global user.name NAME

git config --global user.email EMAIL

Where NAME is your name and EMAIL is your email address.

Add the .chef directory on the Chef Infra client to gitignore with the command:

echo ".chef" > ~/chef-repo/.gitignore

Change into the new repository with the command:

cd ~/chef-repo

Add and commit the files in the repository with the following two commands:

git add .

git commit -m "Initial Chef Commit"

Generate a Cookbook and Configure Knife

We can now generate our first cookbook. A cookbook defines a scenario and contains all of the necessary information required to support said scenario. Such information includes:

  • Recipes that specify the resources to use and the order in which they are to be applied
  • Attribute values
  • File distributions
  • Templates
  • Extensions to Chef, such as custom resources and libraries

Let’s generate a cookbook named my_cookbook with the command:

chef generate cookbook my_cookbook

Once the cookbook has been created, we then must create a knife configuration file with the command:

nano ~/chef-repo/.chef/config.rb

In that file, paste the following content:

Where:

  • USER is the username that generated the client key.
  • ORGNAME is the organization name you created.
  • SERVER is either the hostname or the IP address of the Chef server.

Save and close the file.

Change into the repo base directory with the command:

cd ~/chef-repo

We now need to fetch the SSL files from the Chef server. Do this with the command:

knife ssl fetch

Bootstrapping a Node

The final step in the process requires the installation and validation of the client to the server (aka “boostrapping”). In order to do that, we must first edit the hosts file on the Chef Infra client so that it knows where the Chef Infra server is.

On the client machine issue the command:

sudo nano /etc/hosts

At the bottom of that file, add an entry for the Chef Infra server in the form of:

SERVER_IP HOSTNAME

Where SERVER_IP is the IP address of the Chef Infra server and HOSTNAME is the hostname of the Chef Infra server.

Save and close that file.

Change into the directory housing the knife configuration file on the client with the command:

cd ~/chef-repo/.chef

Bootstrap the node with the command:

knife bootstrap SERVER -x USER -P PASSWORD --node-name NODE

Where:

  • SERVER is either the hostname or the IP address of the Chef server.
  • USER is the user you created.
  • PASSWORD is the password for USER.
  • NODE is the name of the node.

It is very important here to match SERVER to what was used in the creation of the PEM files. If you used an IP address, you must use an IP address in the bootstrapping command. If you used a hostname, you must use a hostname for the bootstrapping.

When the bootstrapping completes, you can verify its success with the command (run on the client):

knife client list

You should see ORG-validator (Where ORG is the name of the newly-created organization).

At this point, you are now ready to start creating your first Chef Infra cookbooks and use them to configure any/all machines on your network.

Feature image via Pixabay.

A newsletter digest of the week’s most important stories & analyses.