Install CHEF 13 Server on CentOS 7 - CentLinux

Latest

Thursday, 5 September 2019

Install CHEF 13 Server on CentOS 7

Install CHEF 13 Server on CentOS 7

CHEF is a configuration management tool written in Ruby and ErLang. CHEF is one of the most popular Infrastructure as Code (IAC) tools. By using CHEF, we can streamline the tasks of configuring and maintaining the organization's servers. CHEF also includes a thin-client management console for maintaining configurations of servers.

CHEF uses Ruby for writing system configuration "Recipes". CHEF is distributed under Apache License 2.0 and available to download from GitHub and CHEF's official download page.

In this article, we are installing CHEF 13 server on CentOS 7. We are also installing a management console for CHEF in this article.

 

This Article Provides:

     

    Environment Specification:

    We have provisioned a CentOS 7 virtual machine with following specifications.

    • CPU - 3.4 Ghz (2 Cores)
    • Memory - 2 GB
    • Storage - 20 GB
    • Operating System - CentOS 7.6
    • Hostname - chef-server-01.example.com
    • IP Address - 192.168.116.199 /24

     

    Installing CHEF 13 Server on CentOS 7:

    Connect with chef-server-01.example.com using ssh as root user.

    Currently, CHEF 13 server is available to download at their official website.

    [root@chef-server-01 ~]# cd /tmp [root@chef-server-01 tmp]# curl -O https://packages.chef.io/files/stable/chef-server/13.0.17/el/7/chef-server-core-13.0.17-1.el7.x86_64.rpm % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 238M 100 238M 0 0 331k 0 0:12:17 0:12:17 --:--:-- 424k

    After completion of CHEF 13 server download, install the RPM package using rpm command.

    [root@chef-server-01 tmp]# rpm -ivh chef-server-core-13.0.17-1.el7.x86_64.rpm warning: chef-server-core-13.0.17-1.el7.x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID 83ef826a: NOKEY Preparing... ################################# [100%] Updating / installing... 1:chef-server-core-13.0.17-1.el7 ################################# [100%]

    Configure CHEF 13 server as follows.

    [root@chef-server-01 tmp]# chef-server-ctl reconfigure +---------------------------------------------+ Chef License Acceptance Before you can continue, 3 product licenses must be accepted. View the license at https://www.chef.io/end-user-license-agreement/ Licenses that need accepting: * Chef Infra Server * Chef Infra Client * Chef InSpec Do you accept the 3 product licenses (yes/no)? > yes Persisting 3 product licenses... รข 3 product licenses persisted. +---------------------------------------------+ Starting Chef Infra Client, version 15.0.300 resolving cookbooks for run list: ["private-chef::default"] Synchronizing Cookbooks: - enterprise (0.15.1) - runit (5.1.1) - packagecloud (1.0.1) - yum-epel (3.3.0) - private-chef (0.1.1) Installing Cookbook Gems: Compiling Cookbooks... Recipe: private-chef::default * directory[/etc/opscode] action create (up to date) * directory[/etc/opscode/logrotate.d] action create - create new directory /etc/opscode/logrotate.d - change mode from '' to '0755' - change owner from '' to 'root' - change group from '' to 'root' - restore selinux security context /var/opt/opscode/local-mode-cache/cookbooks/private-chef/recipes/oc-chef-pedant.rb:41: warning: constant OpenSSL::SSL::SSLContext::METHODS is deprecated Converging 259 resources * link[/usr/bin/private-chef-ctl] action create (up to date) * link[/usr/bin/chef-server-ctl] action create (up to date) * directory[/etc/opscode] action nothing (skipped due to action :nothing) * directory[/etc/opscode/logrotate.d] action nothing (skipped due to action :nothing) * log[opscode_webui deprecation notice] action write (skipped due to only_if) Recipe: private-chef::users * linux_user[opscode] action create - create user opscode * group[opscode] action create - alter group opscode - replace group members with new list of members Recipe: private-chef::private_keys * file[/etc/opscode/pivotal.pem] action create - create new file /etc/opscode/pivotal.pem - update content in file /etc/opscode/pivotal.pem from none to 689221 - suppressed sensitive resource - change mode from '' to '0600' - change owner from '' to 'opscode' - change group from '' to 'root' - restore selinux security context * file[/etc/opscode/webui_priv.pem] action create - create new file /etc/opscode/webui_priv.pem - update content in file /etc/opscode/webui_priv.pem from none to 4d9638 - suppressed sensitive resource - change mode from '' to '0600' - change owner from '' to 'opscode' - change group from '' to 'root' - restore selinux security context * file[/etc/opscode/webui_pub.pem] action create - create new file /etc/opscode/webui_pub.pem - update content in file /etc/opscode/webui_pub.pem from none to 3e4501 - suppressed sensitive resource - change mode from '' to '0644' - change owner from '' to 'root' - change group from '' to 'root' - restore selinux security context Recipe: private-chef::default * file[/etc/opscode/dark_launch_features.json] action create - create new file /etc/opscode/dark_launch_features.json - update content in file /etc/opscode/dark_launch_features.json from none to 05b75f --- /etc/opscode/dark_launch_features.json 2019-09-04 20:24:28.821962036 +0500 +++ /etc/opscode/.chef-dark_launch_features20190904-7539-h4omrn.json 2019-09-04 20:24:28.821962036 +0500 @@ -1 +1,17 @@ +{ + "quick_start": false, + "new_theme": true, + "private-chef": true, + "sql_users": true, + "add_type_and_bag_to_items": true, + "reporting": true, + "actions": true, + "503_mode": false, + "couchdb_containers": false, + "couchdb_groups": false, + "couchdb_acls": false, + "couchdb_association_requests": false, + "couchdb_organizations": false, + "couchdb_associations": false +} - change mode from '' to '0644' - change owner from '' to 'opscode' - change group from '' to 'root' - restore selinux security context * directory[/etc/chef] action create - change mode from '0755' to '0775' - change group from 'root' to 'opscode' - restore selinux security context * directory[/var/opt/opscode] action create (up to date) * directory[/var/log/opscode] action create - create new directory /var/log/opscode - change mode from '' to '0755' - change owner from '' to 'opscode' - change group from '' to 'opscode' - restore selinux security context Recipe: enterprise::runit * component_runit_supervisor[private_chef] action create * template[/etc/systemd/system/private_chef-runsvdir-start.service] action create - create new file /etc/systemd/system/private_chef-runsvdir-start.service - update content in file /etc/systemd/system/private_chef-runsvdir-start.service from none to 27231f --- /etc/systemd/system/private_chef-runsvdir-start.service 2019-09-04 20:24:28.936962034 +0500 +++ /etc/systemd/system/.chef-private_chef-runsvdir-start20190904-7539-1hczk0s.service 2019-09-04 20:24:28.936962034 +0500 @@ -1 +1,11 @@ +[Unit] +Description=private_chef Runit Process Supervisor +After=network.target auditd.service + +[Service] +ExecStart=/opt/opscode/embedded/bin/runsvdir-start +Restart=always + +[Install] +WantedBy=multi-user.target - change mode from '' to '0644' - change owner from '' to 'root' - change group from '' to 'root' - restore selinux security context * execute[systemctl daemon-reload] action run - execute systemctl daemon-reload * execute[systemctl daemon-reload] action nothing (skipped due to action :nothing) * file[/usr/lib/systemd/system/private_chef-runsvdir-start.service] action delete (up to date) * service[private_chef-runsvdir-start.service] action enable - enable service service[private_chef-runsvdir-start.service] * service[private_chef-runsvdir-start.service] action start - start service service[private_chef-runsvdir-start.service] Recipe: private-chef::sysctl-updates * execute[sysctl-reload] action nothing (skipped due to action :nothing) * bash[dual ip4/ip6 portbind] action run (skipped due to only_if) Recipe: private-chef::fix_permissions * execute[find /opt/opscode/embedded/lib/ruby/gems/*/gems -perm /u=x,g=x,o=x -exec chmod 755 {} \;] action run - execute find /opt/opscode/embedded/lib/ruby/gems/*/gems -perm /u=x,g=x,o=x -exec chmod 755 {} \; * execute[find /opt/opscode/embedded/lib/ruby/gems/*/gems -perm /u=r,g=r,o=r ! -perm /u=x -exec chmod 644 {} \;] action run ... ... ... Recipe: private-chef::opscode-erchef * component_runit_service[opscode-erchef] action restart Recipe: <Dynamically Defined Resource> * service[opscode-erchef] action nothing (skipped due to action :nothing) * runit_service[opscode-erchef] action restart (up to date) (up to date) Recipe: private-chef::partybus * execute[set initial migration level] action run - execute cd /opt/opscode/embedded/service/partybus && ./bin/partybus init * ruby_block[migration-level file sanity check] action run (skipped due to not_if) Recipe: private-chef::rabbitmq * script[hard_kill_rabbitmq] action run - execute "bash" "/tmp/chef-script20190904-7539-il7d0v" Running handlers: Running handlers complete Chef Infra Client finished, 482/1028 resources updated in 05 minutes 44 seconds Chef Server Reconfigured!

    Check status of the CHEF 13 server components.

    [root@chef-server-01 tmp]# chef-server-ctl status run: bookshelf: (pid 36604) 569s; run: log: (pid 30489) 749s run: nginx: (pid 36571) 575s; run: log: (pid 31865) 667s run: oc_bifrost: (pid 36483) 580s; run: log: (pid 29963) 804s run: oc_id: (pid 36560) 577s; run: log: (pid 30055) 778s run: opscode-erchef: (pid 37511) 475s; run: log: (pid 30679) 743s run: opscode-expander: (pid 36594) 571s; run: log: (pid 30282) 761s run: opscode-solr4: (pid 36586) 572s; run: log: (pid 30176) 767s run: postgresql: (pid 36479) 582s; run: log: (pid 29399) 829s run: rabbitmq: (pid 37285) 522s; run: log: (pid 32136) 660s run: redis_lb: (pid 31083) 708s; run: log: (pid 31082) 708s

    Create an Admin user for CHEF server administration.

    [root@chef-server-01 tmp]# chef-server-ctl user-create admin admin admin admin@chef-server-01.example.com 'abc123' -f /etc/chef/admin.pem

    We have provided the values in the above command based on following syntax.

    chef-server-ctl user-create USER_NAME FIRST_NAME LAST_NAME EMAIL 'PASSWORD' -f PATH_FILE_NAME

    Create an Organization to hold CHEF 13 server configurations.

    [root@chef-server-01 tmp]# chef-server-ctl org-create sysadminrecipes "Ahmer's SysAdmin Recipes" --association_user admin -f /etc/chef/sysadminrecipes-validator.pem

    We have provided the values according to following syntax.

    chef-server-ctl org-create SHORT_ORG_NAME FULL_ORG_NAME --association_user USER_NAME --filename ORGANIZATION-validator.pem

    Allow HTTP and HTTPS service ports in Linux Firewall.

    [root@chef-server-01 tmp]# firewall-cmd --permanent --add-service={http,https} success [root@chef-server-01 tmp]# firewall-cmd --reload success

     

    Installing CHEF 13 Management Console on CentOS 7:

    Install Management console using following command.

    [root@chef-server-01 tmp]# chef-server-ctl install chef-manage Starting Chef Infra Client, version 15.0.300 resolving cookbooks for run list: ["private-chef::add_ons_wrapper"] Synchronizing Cookbooks: - enterprise (0.15.1) - runit (5.1.1) - packagecloud (1.0.1) - yum-epel (3.3.0) - private-chef (0.1.1) Installing Cookbook Gems: Compiling Cookbooks... Converging 4 resources Recipe: private-chef::add_ons_wrapper * ruby_block[addon_install_notification_chef-manage] action nothing (skipped due to action :nothing) * remote_file[/var/opt/opscode/local-mode-cache/chef-manage-2.5.16-1.el7.x86_64.rpm] action create - create new file /var/opt/opscode/local-mode-cache/chef-manage-2.5.16-1.el7.x86_64.rpm - update content in file /var/opt/opscode/local-mode-cache/chef-manage-2.5.16-1.el7.x86_64.rpm from none to 8b14a7 (file sizes exceed 10000000 bytes, diff output suppressed) - restore selinux security context * ruby_block[locate_addon_package_chef-manage] action run - execute the ruby block locate_addon_package_chef-manage * yum_package[chef-manage] action install - install version 2.5.16-1.el7 of package chef-manage * ruby_block[addon_install_notification_chef-manage] action run - execute the ruby block addon_install_notification_chef-manage Running handlers: -- Installed Add-On Package: chef-manage - #<Class:0x0000000005722e50>::AddonInstallHandler Running handlers complete Chef Infra Client finished, 4/5 resources updated in 08 minutes 30 seconds

    Now, we have to reconfigure CHEF 13 server.

    [root@chef-server-01 tmp]# chef-server-ctl reconfigure ... Recipe: private-chef::nginx * component_runit_service[nginx] action restart Recipe: <Dynamically Defined Resource> * service[nginx] action nothing (skipped due to action :nothing) * runit_service[nginx] action restart (up to date) (up to date) Running handlers: Running handlers complete Chef Infra Client finished, 52/553 resources updated in 01 minutes 48 seconds Chef Server Reconfigured!

    Configure CHEF management console as follows.

    [root@chef-server-01 tmp]# chef-manage-ctl reconfigure To use this software, you must agree to the terms of the software license agreement. Press any key to continue. Type 'yes' to accept the software license agreement, or anything else to cancel. yes ... ... ... Cloning resource attributes for directory[/var/log/chef-manage/worker] from prior resource Previous directory[/var/log/chef-manage/worker]: /opt/chef-manage/embedded/cookbooks/cache/cookbooks/private_chef_addon/providers/default.rb:42:in `block in create_log_directories' Current directory[/var/log/chef-manage/worker]: /opt/chef-manage/embedded/cookbooks/cache/cookbooks/private_chef_addon/providers/default.rb:42:in `block in create_log_directories' at 1 location: - /opt/chef-manage/embedded/cookbooks/cache/cookbooks/private_chef_addon/providers/default.rb:42:in `block in create_log_directories' See https://docs.chef.io/deprecations_resource_cloning.html for further details. Chef Client finished, 90/269 resources updated in 01 minutes 36 seconds chef-manage Reconfigured!

    Browse URL https://chef-server-01.example.com/ in a client's browser.

    The browser displays a security warning because our CHEF 13 server uses a self signed certificate.

    Ignore the warning and continue to the website.

    01-chef-management-console-login

    Login as Admin user that we have created above.

    02-chef-management-console-dashboard

    We are now at the Dashboard of CHEF 13 Management console.

    To start working on CHEF 13, we recommend you to obtain a copy of Chef Cookbook by Packt Publishing. This book contains many recipes for common servers’ configurations.

    We have successfully installed CHEF 13 server on CentOS 7 along with management console.

    No comments:

    Post a comment