How to Install Chef 13 on RedHat/CentOS 7

In this tutorial, I will take you through the steps to install Chef 13 on RedHat/CentOS 7. Chef DevOps is a tool for accelerating application delivery and DevOps Collaboration. Chef helps solve the problem by treating infrastructure as code. Rather than manually changing anything, the machine setup is described in a Chef recipe.

Install Chef

Before going through the steps to install chef and configure it, you need to make sure that all prerequisites are in place.

Step 1: Prerequisites

a)Make sure wget is installed in all the Chef systems

b)Below are the minimum configuration required on Chef Server, Chef Workstation and Chef Client.

Chef Server – 4 CPU, 4 GB Memory
Chef Workstation – 1 CPU, 1 GB Memory
Chef Client – 1 CPU, 1 GB Memory

c)Set the Hostname and IP Address in your /etc/hosts as follows:-

vi /etc/hosts

Advertisements

192.168.0.105 chef-server
192.168.0.108 chef-workstation
192.168.0.107 chef-client

d)GIT must be installed on chef-workstation node.

How to Install Chef 13 on RedHat/CentOS 7 1

Step 2: Download and Install Chef Server Core

Download and install the Latest Chef Server Core 13 Package from Download Chef Package(This is the latest at the time of writing)

[root@chef-server ~]# rpm -ivh chef-server-core-13.1.13-1.el7.x86_64.rpm
warning: chef-server-core-13.1.13-1.el7.x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID 83ef826a: NOKEY
Preparing... ################################# [100%]
Updating / installing...
1:chef-server-core-13.1.13-1.el7 ################################# [100%]

Step 3: Reconfigure Chef

If you do any changes in Chef, you need to run chef-server-ctl reconfigure to check the configuration.

[root@chef-server ~]# chef-server-ctl reconfigure
Starting Chef Infra Client, version 15.4.45

...................................................................................................

Recipe: private-chef::postgresql
* component_runit_service[postgresql] action restart
Recipe: <Dynamically Defined Resource>
* service[postgresql] action nothing (skipped due to action :nothing)
* runit_service[postgresql] action restart (up to date)
(up to date)
Recipe: private-chef::nginx
* component_runit_service[nginx] action restart
Recipe: <Dynamically Defined Resource>
* service[nginx] action nothing (skipped due to action :nothing)
* runit_service[nginx] action restart (up to date)
(up to date)

Running handlers:
Running handlers complete
Chef Infra Client finished, 56/581 resources updated in 03 minutes 01 seconds
Chef Server Reconfigured!

Step 4: Check Server Status

Once configuration is completed, verify the Chef Server status by chef-server-ctl command.

[root@chef-server ~]# chef-server-ctl status
run: bookshelf: (pid 1288) 651s; run: log: (pid 1287) 651s
run: nginx: (pid 7184) 256s; run: log: (pid 1308) 651s
run: oc_bifrost: (pid 1285) 651s; run: log: (pid 1277) 651s
run: oc_id: (pid 1279) 651s; run: log: (pid 1278) 651s
run: opscode-erchef: (pid 1303) 651s; run: log: (pid 1302) 651s
run: opscode-expander: (pid 1284) 651s; run: log: (pid 1275) 651s
run: opscode-solr4: (pid 3468) 335s; run: log: (pid 1280) 651s
run: postgresql: (pid 7170) 256s; run: log: (pid 1273) 651s
run: rabbitmq: (pid 1306) 651s; run: log: (pid 1305) 651s
run: redis_lb: (pid 3496) 333s; run: log: (pid 1295) 651s

Step 5: Create Admin and Organization

Create an admin user

[root@chef-server ~]# chef-server-ctl user-create admin John Wick admin@cyberithub.local test@123$ -f /etc/chef/admin.pem

Syntax:-

chef-server-ctl user-create USER_NAME FIRST_NAME LAST_NAME EMAIL 'PASSWORD' -f PATH_FILE_NAME

Create an organization and associate above user with this organization.

[root@chef-server ~]# chef-server-ctl org-create cyberithub "CyberITHub, Inc" --association_user admin -f /etc/chef/cyberithub-validator.pem

Syntax:-

chef-server-ctl org-create short_name 'full_organization_name' --association_user user_name --filename ORGANIZATION-validator.pem

Note:- Make sure organization short name after org-create should be all in lower case.

Step 6: Allow Service http and https through Firewall

You need to allow http and https service through firewall for the incoming traffic from client systems.

[root@chef-server ~]# firewall-cmd --permanent --zone public --add-service http
success
[root@chef-server ~]# firewall-cmd --permanent --zone public --add-service https
success
[root@chef-server ~]# firewall-cmd --reload
success

Step 7: Download and Install Chef Workstation

Download Chef Workstation Package using wget as shown below from Download Chef Link.

[root@chef-workstation ~]# wget https://packages.chef.io/files/stable/chefdk/4.6.35/el/7/chefdk-4.6.35-1.el7.x86_64.rpm
--2019-12-14 07:08:35-- https://packages.chef.io/files/stable/chefdk/4.6.35/el/7/chefdk-4.6.35-1.el7.x86_64.rpm
Resolving packages.chef.io (packages.chef.io)... 151.101.158.110
Connecting to packages.chef.io (packages.chef.io)|151.101.158.110|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 95358147 (91M) [application/x-rpm]
Saving to: ‘chefdk-4.6.35-1.el7.x86_64.rpm’

100%[==============================================================================================================================>] 95,358,147 5.26MB/s in 19s

2019-12-14 07:08:54 (4.77 MB/s) - ‘chefdk-4.6.35-1.el7.x86_64.rpm’ saved [95358147/95358147]

Install Chefdk using rpm command as shown below.

[root@chef-workstation ~]# rpm -ivh chefdk-4.6.35-1.el7.x86_64.rpm
warning: chefdk-4.6.35-1.el7.x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID 83ef826a: NOKEY
Preparing... ################################# [100%]
Updating / installing...
1:chefdk-4.6.35-1.el7 ################################# [100%]
Thank you for installing ChefDK!
You can find some tips on getting started at https://learn.chef.io

Verify Chef development kit once it is installed using below command.

[root@chef-workstation ~]# chef verify

Verification of component 'chef-vault' succeeded.
Verification of component 'openssl' succeeded.
Verification of component 'delivery-cli' succeeded.
Verification of component 'git' succeeded.
Verification of component 'foodcritic' succeeded.
Verification of component 'test-kitchen' succeeded.
Verification of component 'chef-apply' succeeded.
Verification of component 'opscode-pushy-client' succeeded.
Verification of component 'berkshelf' succeeded.
Verification of component 'tk-policyfile-provisioner' succeeded.
Verification of component 'fauxhai' succeeded.
Verification of component 'chefspec' succeeded.
Verification of component 'chef-dk' failed.
Verification of component 'inspec' succeeded.
Verification of component 'chef-sugar' succeeded.
Verification of component 'chef-client' succeeded.
Verification of component 'knife-spork' succeeded.
Verification of component 'generated-cookbooks-pass-chefspec-and-foodcritic' succeeded.
Verification of component 'package installation' succeeded.

Step 8: Create Repo

Once Chef Development Kit is installed, you need to create a repo using chef generate repo command as shown below.

[root@chef-workstation ~]# chef generate repo chef-repo
Generating Chef Infra repo chef-repo
- Ensuring correct Chef Infra repo file content

Your new Chef Infra repo is ready! Type `cd chef-repo` to enter it.

You can list and check the directory structure.

[root@chef-workstation ~]# ls -lrt chef-repo/
total 12
-rw-r--r--. 1 root root 70 Dec 14 07:28 LICENSE
-rw-r--r--. 1 root root 1338 Dec 14 07:28 README.md
-rw-r--r--. 1 root root 1176 Dec 14 07:28 chefignore
drwxr-xr-x. 3 root root 38 Dec 14 07:28 data_bags
drwxr-xr-x. 2 root root 23 Dec 14 07:28 policyfiles
drwxr-xr-x. 3 root root 38 Dec 14 07:28 cookbooks

Step 9: Add Version Control

We need to first create the git user and provide the user email address as well.

[root@chef-workstation ~]# git config --global user.name "admin"
[root@chef-workstation ~]# git config --global user.email "admin@cyberithub.local"

Go to the chef-repo directory and initialize it using below command.

[root@chef-workstation ~]# cd ~/chef-repo/
[root@chef-workstation chef-repo]# git init
Reinitialized existing Git repository in /root/chef-repo/.git/

Create a hidden .chef directory under /root/chef-repo to store all the RSA Keys and add .chef under .gitignore to prevent the public view of this directory.

[root@chef-workstation chef-repo]# mkdir -p ~/chef-repo/.chef
[root@chef-workstation chef-repo]# echo '.chef' >> ~/chef-repo/.gitignore

Add all the current files and commit it.

[root@chef-workstation chef-repo]# git add .
[root@chef-workstation chef-repo]# git commit -m "initial commit"
[master (root-commit) d345fde] initial commit
13 files changed, 462 insertions(+)
create mode 100644 .chef-repo.txt
create mode 100644 .gitignore
create mode 100644 LICENSE
create mode 100644 README.md
create mode 100644 chefignore
create mode 100644 cookbooks/README.md
create mode 100644 cookbooks/example/README.md
create mode 100644 cookbooks/example/attributes/default.rb
create mode 100644 cookbooks/example/metadata.rb
create mode 100644 cookbooks/example/recipes/default.rb
create mode 100644 data_bags/README.md
create mode 100644 data_bags/example/example_item.json
create mode 100644 policyfiles/README.md
[root@chef-workstation chef-repo]# git status
# On branch master
nothing to commit, working directory clean

Step 10: Copy RSA Keys to Workstation

Now we need to copy the .pem to workstation system which we generated on Chef Server using scp command below.

[root@chef-workstation chef-repo]# scp -pr root@192.168.0.105:/etc/chef/admin.pem ~/chef-repo/.chef/
The authenticity of host '192.168.0.105 (192.168.0.105)' can't be established.
ECDSA key fingerprint is SHA256:V8Y4WCCEJKcQiM52XJz4OdKaYl+jAAb7Eo1ZbzUFU2E.
ECDSA key fingerprint is MD5:ce:c7:b6:a2:fe:4a:e4:94:5a:44:7f:46:01:22:26:61.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.0.105' (ECDSA) to the list of known hosts.
root@192.168.0.105's password:
admin.pem 100% 1674 908.3KB/s 00:00
[root@chef-workstation chef-repo]# scp -pr root@192.168.0.105:/etc/chef/cyberithub-validator.pem ~/chef-repo/.chef/
root@192.168.0.105's password:
cyberithub-validator.pem

Step 11: Set up Knife.rb file

You need to setup the knife.rb file as given below.

[root@chef-workstation chef-repo]# vi /root/chef-repo/.chef/knife.rb
current_dir = File.dirname(__FILE__)
log_level :info
log_location STDOUT
node_name "admin"
client_key "#{current_dir}/admin.pem"
validation_client_name "cyberithub-validator"
validation_key "#{current_dir}/cyberithub-validator.pem"
chef_server_url "https://chef-server/organizations/cyberithub"
syntax_check_cache_path "#{ENV['HOME']}/.chef/syntaxcache"
cookbook_path ["#{current_dir}/../cookbooks"]

Check the client now.

[root@chef-workstation chef-repo]# knife client list
cyberithub-validator

Note:- if you see below error, then run knife ssl fetch first and then run knife client list again.

[root@chef-workstation chef-repo]# knife client list
ERROR: SSL Validation failure connecting to host: chef-server.cyberithub.local - SSL_connect returned=1 errno=0 state=error: certificate verify failed (error number 1)
ERROR: Could not establish a secure connection to the server.
Use `knife ssl check` to troubleshoot your SSL configuration.
If your server uses a self-signed certificate, you can use
`knife ssl fetch` to make knife trust the server's certificates.

Original Exception: OpenSSL::SSL::SSLError: SSL Error connecting to https://chef-server.cyberithub.local/organizations/cyberithub/clients - SSL_connect returned=1 errno=0 state=error: certificate verify failed (error number 1)
[root@chef-workstation chef-repo]# knife ssl fetch
WARNING: Certificates from chef-server will be fetched and placed in your trusted_cert
directory (/root/chef-repo/.chef/trusted_certs).

Knife has no means to verify these are the correct certificates. You should
verify the authenticity of these certificates after downloading.
Adding certificate for chef-server in /root/chef-repo/.chef/trusted_certs/chef-server.crt

Step 12: Install Chef Client on a Target System

Now lets bootstrap Chef client on a target system using below command:-

[root@chef-workstation chef-repo]# knife bootstrap chef-client -x root -P test@123 --sudo
-x/--winrm-user: This flag is deprecated. Use -U/--connection-user instead.
Connecting to chef-client
The authenticity of host 'chef-client (192.168.0.107)' can't be established.
fingerprint is SHA256:HQiIigCj44Jw8iwJ3KiSdkGPhEKmxp/9iYVttorVic4.

Are you sure you want to continue connecting
? (Y/N) y
Connecting to chef-client
Performing legacy client registration with the validation key at /root/chef-repo/.chef/cyberithub-validator.pem...
Delete your validation key in order to use your user credentials for client registration instead.
Bootstrapping chef-client
[chef-client] -----> Existing Chef Infra Client installation detected
[chef-client] Starting the first Chef Infra Client Client run...
[chef-client] Starting Chef Infra Client, version 15.5.17
[chef-client] Creating a new client identity for chef-client using the validator key.

............................................................................................................................................................................

Check if the node is showing or not

[root@chef-workstation chef-repo]# knife node list
chef-client

Congratulations!!! You have successfully completed the Steps to Install Chef on your Environment.

Also Read: How to install Ansible on Ubuntu 18.04

Advertisements

Leave a Reply