"Configuring my chef server with chef - it doesn't get any more meta than this" - bbrowning

Bootstrap in the context of this document refers to the initial configuration of a Chef Server for your infrastructure.

The bootstrap install works using chef-solo to run chef recipes that install a full Chef Server.

The bootstrap install does this because RubyGems does not have a way to handle several things package management systems do easily:

• Create configuration files.
• Create system-level init scripts.
• Start new services from init scripts.
• Install non-Ruby programs/libraries.

This bootstrap is handled by a special recipe in the Opscode Chef Cookbook, chef-server::rubygems-install. This page will describe the basics of how to use this recipe. The documentation for the cookbook, including the details of the settings available to configure these recipes, is in the README for the server and README for the client side.

Install Process

Installing chef-server using Chef Solo requires that you

1. Install Chef Solo,
2. Create the necessary Chef Solo configuration files,
3. Run chef-solo using the chef-server cookbook,
4. Verify the installation succeeded, and
5. Complete post-installation configuration task.

The following sections explain each part of this process in detail.

Install Chef-Solo

Chef-solo is packaged together with Chef-client. To install chef-solo on the host that will become your chef server, follow the directions to install chef-client:

• Installing Chef Client and Chef Solo

Configure Chef-solo

You need to give chef-solo a minimal configuration before it can run the bootstrap recipes. You need to configure two parts: chef-solo's own configuration file (/etc/chef/solo.rb by default) tells chef-solo where to store its files, and a JSON attributes file gives chef-solo the values it uses to configure your Chef Server.

Chef Solo Configuration File: solo.rb

We're going to use Chef Solo to run the bootstrap recipes, so it needs to be configured to point the right locations.

First, create a chef directory in /etc

Now create a chef-solo configuration file. Save it as /etc/chef/solo.rb.

Chef Solo Attributes Configuration: chef.json

Chef can use JSON data passed to Solo or the Client to specify a certain list of recipes to run and specific Attributes to configure on the system. We're going to configure the node with a JSON file particular to whether it will be a Chef Server or a Chef Client. Create the file ~/chef.json with the applicable contents below.

Chef Server with no webui:

Chef Server with the webui installed and enabled:

Set The Init Style For Your System

The bootstrap recipes currently default to using runit as the init system. We're big fans of runit, but you might prefer a different init system.

The default Init Style for RHEL and RHEL-like Distros is "init" RHEL, CentOS, and related distros don't have a runit package. The default is "init" init style for these systems.

If you need to specify a different init system, add the init_style attribute to your chef.json:

There are a lot of other attributes available to configure for the Chef Server. See the Chef Server Cookbook README for complete details.

Bootstrap Chef Server

This procedure will set up the chef-server-api to run on port 4000 using the thin adapter, and optionally the chef-server-webui on port 4040. SSL encryption can be provided by proxying with Apache.

The webui is now separate from the API, so it is now optional. Setting the attribute webui_enabled to true will install and configure it.

Run chef-solo

CentOS/RHEL Issues There are a number of issues setting up Chef Server on CentOS/RHEL, please see the CentOS/RHEL Installation Notes

This command will bring up the Chef Server by doing the following:

• Bootstrap the system as a Client (see section below for what this entails).
• Install RabbitMQ if possible (see below).
• Install CouchDB if possible (see below).
• Install development libraries zlib and xml, for chef-solr.
• Install the chef-server, chef-server-api, chef-solr gems.
• Optionally (if webui_enabled) install chef-server-webui gem.
• Create the server configuration file, /etc/chef/server.rb.
• Create some directories the server needs.
• If init_style is "runit", set up chef-expander, chef-solr, chef-server (API) as runit services. If webui_enabled, it chef-server-webui will be added as a runit service as well. If "init", copy the init scripts for these services from the installed Chef gem for the current platform (Debian and Red Hat families supported). If "bsd", display a hint about startup commands. Otherwise, display a message about manual setup.

Verify That All Components are Running

Now that you have Chef Server installed, you should have the following processes running.

Configure the Command Line Client

Once you've verified that all of Chef's components are working, it's time to configure the knife command line tool. On your Chef Server, run knife configure -i to interactively configure your knife client and create an admin account on the server. You can accept the default responses shown in brackets by pressing <enter>.

First, create the ~/.chef directory and copy the required certificates created by the server.

Certificates Read Only Presumably you're running this as a normal non-privileged user. When the chef-server-api starts, it creates the validation and webui certificates as read/write only by the user that starts the process (chef).

Next run the knife configure command, and pass the -i flag so the initial client that will be used to authenticate with the API.

API Client creation must use an existing admin client's credentials to create the new account. On a brand new server, the chef-webui is created by chef-server-api startup. Use the default for the clientname, and specify the webui.pem copied above.

The "chef-validator" client is a special account used to auto-register new nodes. Use the default clientname, and specify the validation.pem copied above.

Finally, specify a location for the Chef Repository. This is used to configure knife to point to the directory where Cookbooks will be stored.

Verify Your Knife Client Configuration

You can now run some basic knife commands to verify that you can communicate with the server.

Create a Knife Client for Your Laptop/Desktop

Create Your Client Account

When working with chef, you will spend a lot of time editing recipes and other files, and you'll find it much more convenient to edit them on your laptop/desktop (your management workstation), where you have your editor configured just to your liking. To facilitate this mode of working, we recommend you create a knife client to use knife on your development machine.

Make sure you've configured knife on your chef server as described above before proceeding with this step.

This command creates the client and writes its private key to /tmp/my-username.pem. To verify the operation, use the knife client show command:

Copy Your Key and Configure Knife

Now you need to copy the key you just created to your development machine using scp (or some other file copy mechanism).

In order to use knife on your laptop, you'll need to install the chef-client. If your laptop's OS comes with rubygems (Mac OS X, for example) you can run sudo gem install chef; otherwise, check out the client installation instructions for your OS. Once you have chef installed, you can use knife's interactive configuration on your laptop (note we're not using the -i option here):

Knife looks for its configuration in HOME/.chef/knife.rb by default:

Now, enter your client name, exactly as you did when running knife client create above:

For these next settings, you can accept the defaults for now and update them later by editing your knife.rb file. The validation client name and key are used with knife's cloud computing commands:

We'll also leave the path to the chef repository blank for now. After you've created a chef repository, you'll want to configure it by editing knife.rb

Verify Your Configuration

You can run some list and show commands to verify everything is working:

You're now ready to use Knife Bootstrap to automatically set up systems to become new Chef Clients to the server.

CentOS/RHEL Installation Notes

• SELinux will probably cause things to fail. Disable this with:

• You must have the RBEL or other similar 3rd party repository installed to run the bootstrap cookbook.

• CentOS 5.x users will need to have version 4.2 or better of gcc in order for this to function. You may install gcc44 and gcc44-c++ via yum to fulfill this requirement. If you do so, make sure you export
  CXX=`which g++44` and CC=`which gcc44` when running the bootstrap.

• If you run into the following error when running the bootstrap:

  Attempt to run the bootstrap again.

• If you find that chef-server did not start after running the bootstrap, attempt to run the following commands:

  Then attempt to restart the chef services. The easiest way to restart all the services at once is often to just rerun the bootstrap.

• The chef-server::apache-proxy recipe will fail on CentOS/RHEL 6 because apache and chef-server::apache-proxy cookbooks included in http://s3.amazonaws.com/chef-solo/bootstrap-latest.tar.gz are out-of-date. Try using the following tarball instead. See COOK-973 for details.
  Chef Solo Installs and Configures Chef Server

• If you find the error message

  then download the ruby source files (for your version!) from e.g., ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-p352.tar.bz2, untar it and change dir to ruby-XXXXX/ext/openssl. There, run ruby extconf.rb, make, and make install. Afterwards, the bootstrap should overcome this error.

Installation

Installing Chef Client and Chef Solo