Latest

Thursday, 5 September 2019

How to Install CHEF 13 Server on CentOS 7

Install CHEF 13 Server on CentOS 7

CHEF is a configuration management tool written in Ruby and ErLang. CHEF is one of the most popular Infrastructure as Code (IAC) tools. By using CHEF, we can streamline the tasks of configuring and maintaining the organization's servers. CHEF also includes a thin-client management console for maintaining configurations of servers.

CHEF uses Ruby for writing system configuration "Recipes". CHEF is distributed under Apache License 2.0 and available to download from GitHub and CHEF's official download page.

In this article, we are installing CHEF 13 server on CentOS 7. We are also installing a management console for CHEF in this article.

 

Table of Contents:

Install CHEF 13 Server on CentOS 7

Environment Specification:

We have provisioned a CentOS 7 virtual machine with following specifications.

  • CPU - 3.4 Ghz (2 Cores)
  • Memory - 2 GB
  • Storage - 20 GB
  • Operating System - CentOS 7.6
  • Hostname - chef-server-01.example.com
  • IP Address - 192.168.116.199 /24

 

Installing CHEF 13 Server on CentOS 7:

Connect with chef-server-01.example.com using ssh as root user.

Currently, CHEF 13 server is available to download at their official website.

# cd /tmp
# curl -O https://packages.chef.io/files/stable/chef-server/13.0.17/el/7/chef-server-core-13.0.17-1.el7.x86_64.rpm
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  238M  100  238M    0     0   331k      0  0:12:17  0:12:17 --:--:--  424k

After completion of CHEF 13 server download, install the RPM package using rpm command.

# rpm -ivh chef-server-core-13.0.17-1.el7.x86_64.rpm
warning: chef-server-core-13.0.17-1.el7.x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID 83ef826a: NOKEY
Preparing...                          ################################# [100%]
Updating / installing...
   1:chef-server-core-13.0.17-1.el7   ################################# [100%]

Configure CHEF 13 server as follows.

# chef-server-ctl reconfigure
+---------------------------------------------+
            Chef License Acceptance

Before you can continue, 3 product licenses
must be accepted. View the license at
https://www.chef.io/end-user-license-agreement/

Licenses that need accepting:
  * Chef Infra Server
  * Chef Infra Client
  * Chef InSpec

Do you accept the 3 product licenses (yes/no)?

> yes

Persisting 3 product licenses...
รข 3 product licenses persisted.

+---------------------------------------------+
Starting Chef Infra Client, version 15.0.300
resolving cookbooks for run list: ["private-chef::default"]
Synchronizing Cookbooks:
  - enterprise (0.15.1)
  - runit (5.1.1)
  - packagecloud (1.0.1)
  - yum-epel (3.3.0)
  - private-chef (0.1.1)
Installing Cookbook Gems:
Compiling Cookbooks...
Recipe: private-chef::default
  * directory[/etc/opscode] action create (up to date)
  * directory[/etc/opscode/logrotate.d] action create
    - create new directory /etc/opscode/logrotate.d
    - change mode from '' to '0755'
    - change owner from '' to 'root'
    - change group from '' to 'root'
    - restore selinux security context
/var/opt/opscode/local-mode-cache/cookbooks/private-chef/recipes/oc-chef-pedant.rb:41: warning: constant OpenSSL::SSL::SSLContext::METHODS is deprecated
  Converging 259 resources
  * link[/usr/bin/private-chef-ctl] action create (up to date)
  * link[/usr/bin/chef-server-ctl] action create (up to date)
  * directory[/etc/opscode] action nothing (skipped due to action :nothing)
  * directory[/etc/opscode/logrotate.d] action nothing (skipped due to action :nothing)
  * log[opscode_webui deprecation notice] action write (skipped due to only_if)
Recipe: private-chef::users
  * linux_user[opscode] action create
    - create user opscode
  * group[opscode] action create
    - alter group opscode
    - replace group members with new list of members
Recipe: private-chef::private_keys
  * file[/etc/opscode/pivotal.pem] action create
    - create new file /etc/opscode/pivotal.pem
    - update content in file /etc/opscode/pivotal.pem from none to 689221
    - suppressed sensitive resource
    - change mode from '' to '0600'
    - change owner from '' to 'opscode'
    - change group from '' to 'root'
    - restore selinux security context
  * file[/etc/opscode/webui_priv.pem] action create
    - create new file /etc/opscode/webui_priv.pem
    - update content in file /etc/opscode/webui_priv.pem from none to 4d9638
    - suppressed sensitive resource
    - change mode from '' to '0600'
    - change owner from '' to 'opscode'
    - change group from '' to 'root'
    - restore selinux security context
  * file[/etc/opscode/webui_pub.pem] action create
    - create new file /etc/opscode/webui_pub.pem
    - update content in file /etc/opscode/webui_pub.pem from none to 3e4501
    - suppressed sensitive resource
    - change mode from '' to '0644'
    - change owner from '' to 'root'
    - change group from '' to 'root'
    - restore selinux security context
Recipe: private-chef::default
  * file[/etc/opscode/dark_launch_features.json] action create
    - create new file /etc/opscode/dark_launch_features.json
    - update content in file /etc/opscode/dark_launch_features.json from none to 05b75f
    --- /etc/opscode/dark_launch_features.json  2019-09-04 20:24:28.821962036 +0500
    +++ /etc/opscode/.chef-dark_launch_features20190904-7539-h4omrn.json    2019-09-04 20:24:28.821962036 +0500
    @@ -1 +1,17 @@
    +{
    +  "quick_start": false,
    +  "new_theme": true,
    +  "private-chef": true,
    +  "sql_users": true,
    +  "add_type_and_bag_to_items": true,
    +  "reporting": true,
    +  "actions": true,
    +  "503_mode": false,
    +  "couchdb_containers": false,
    +  "couchdb_groups": false,
    +  "couchdb_acls": false,
    +  "couchdb_association_requests": false,
    +  "couchdb_organizations": false,
    +  "couchdb_associations": false
    +}
    - change mode from '' to '0644'
    - change owner from '' to 'opscode'
    - change group from '' to 'root'
    - restore selinux security context
  * directory[/etc/chef] action create
    - change mode from '0755' to '0775'
    - change group from 'root' to 'opscode'
    - restore selinux security context
  * directory[/var/opt/opscode] action create (up to date)
  * directory[/var/log/opscode] action create
    - create new directory /var/log/opscode
    - change mode from '' to '0755'
    - change owner from '' to 'opscode'
    - change group from '' to 'opscode'
    - restore selinux security context
Recipe: enterprise::runit
  * component_runit_supervisor[private_chef] action create
    * template[/etc/systemd/system/private_chef-runsvdir-start.service] action create
      - create new file /etc/systemd/system/private_chef-runsvdir-start.service
      - update content in file /etc/systemd/system/private_chef-runsvdir-start.service from none to 27231f
      --- /etc/systemd/system/private_chef-runsvdir-start.service       2019-09-04 20:24:28.936962034 +0500
      +++ /etc/systemd/system/.chef-private_chef-runsvdir-start20190904-7539-1hczk0s.service 2019-09-04 20:24:28.936962034 +0500
      @@ -1 +1,11 @@
      +[Unit]
      +Description=private_chef Runit Process Supervisor
      +After=network.target auditd.service
      +
      +[Service]
      +ExecStart=/opt/opscode/embedded/bin/runsvdir-start
      +Restart=always
      +
      +[Install]
      +WantedBy=multi-user.target
      - change mode from '' to '0644'
      - change owner from '' to 'root'
      - change group from '' to 'root'
      - restore selinux security context
    * execute[systemctl daemon-reload] action run
      - execute systemctl daemon-reload
    * execute[systemctl daemon-reload] action nothing (skipped due to action :nothing)
    * file[/usr/lib/systemd/system/private_chef-runsvdir-start.service] action delete (up to date)
    * service[private_chef-runsvdir-start.service] action enable
      - enable service service[private_chef-runsvdir-start.service]
    * service[private_chef-runsvdir-start.service] action start
      - start service service[private_chef-runsvdir-start.service]

Recipe: private-chef::sysctl-updates
  * execute[sysctl-reload] action nothing (skipped due to action :nothing)
  * bash[dual ip4/ip6 portbind] action run (skipped due to only_if)
Recipe: private-chef::fix_permissions
  * execute[find /opt/opscode/embedded/lib/ruby/gems/*/gems -perm /u=x,g=x,o=x -exec chmod 755 {} \;] action run
    - execute find /opt/opscode/embedded/lib/ruby/gems/*/gems -perm /u=x,g=x,o=x -exec chmod 755 {} \;
  * execute[find /opt/opscode/embedded/lib/ruby/gems/*/gems -perm /u=r,g=r,o=r ! -perm /u=x -exec chmod 644 {} \;] action run
...
...
...
Recipe: private-chef::opscode-erchef
  * component_runit_service[opscode-erchef] action restart
  Recipe: <Dynamically Defined Resource>
    * service[opscode-erchef] action nothing (skipped due to action :nothing)
    * runit_service[opscode-erchef] action restart (up to date)
     (up to date)
Recipe: private-chef::partybus
  * execute[set initial migration level] action run
    - execute cd /opt/opscode/embedded/service/partybus && ./bin/partybus init
  * ruby_block[migration-level file sanity check] action run (skipped due to not_if)
Recipe: private-chef::rabbitmq
  * script[hard_kill_rabbitmq] action run
    - execute "bash"  "/tmp/chef-script20190904-7539-il7d0v"

Running handlers:
Running handlers complete
Chef Infra Client finished, 482/1028 resources updated in 05 minutes 44 seconds
Chef Server Reconfigured!

Check status of the CHEF 13 server components.

# chef-server-ctl status
run: bookshelf: (pid 36604) 569s; run: log: (pid 30489) 749s
run: nginx: (pid 36571) 575s; run: log: (pid 31865) 667s
run: oc_bifrost: (pid 36483) 580s; run: log: (pid 29963) 804s
run: oc_id: (pid 36560) 577s; run: log: (pid 30055) 778s
run: opscode-erchef: (pid 37511) 475s; run: log: (pid 30679) 743s
run: opscode-expander: (pid 36594) 571s; run: log: (pid 30282) 761s
run: opscode-solr4: (pid 36586) 572s; run: log: (pid 30176) 767s
run: postgresql: (pid 36479) 582s; run: log: (pid 29399) 829s
run: rabbitmq: (pid 37285) 522s; run: log: (pid 32136) 660s
run: redis_lb: (pid 31083) 708s; run: log: (pid 31082) 708s

Create an Admin user for CHEF server administration.

# chef-server-ctl user-create admin admin admin admin@chef-server-01.example.com 'abc123' -f /etc/chef/admin.pem

We have provided the values in the above command based on following syntax.

chef-server-ctl user-create USER_NAME FIRST_NAME LAST_NAME EMAIL 'PASSWORD' -f PATH_FILE_NAME

Create an Organization to hold CHEF 13 server configurations.

# chef-server-ctl org-create sysadminrecipes "Ahmer's SysAdmin Recipes" --association_user admin -f /etc/chef/sysadminrecipes-validator.pem

We have provided the values according to following syntax.

chef-server-ctl org-create SHORT_ORG_NAME FULL_ORG_NAME --association_user USER_NAME --filename ORGANIZATION-validator.pem

Allow HTTP and HTTPS service ports in Linux Firewall.

# firewall-cmd --permanent --add-service={http,https}
success
# firewall-cmd --reload
success

 

Installing CHEF 13 Management Console on CentOS 7:

Install Management console using following command.

# chef-server-ctl install chef-manage
Starting Chef Infra Client, version 15.0.300
resolving cookbooks for run list: ["private-chef::add_ons_wrapper"]
Synchronizing Cookbooks:
  - enterprise (0.15.1)
  - runit (5.1.1)
  - packagecloud (1.0.1)
  - yum-epel (3.3.0)
  - private-chef (0.1.1)
Installing Cookbook Gems:
Compiling Cookbooks...
Converging 4 resources
Recipe: private-chef::add_ons_wrapper
  * ruby_block[addon_install_notification_chef-manage] action nothing (skipped due to action :nothing)
  * remote_file[/var/opt/opscode/local-mode-cache/chef-manage-2.5.16-1.el7.x86_64.rpm] action create
    - create new file /var/opt/opscode/local-mode-cache/chef-manage-2.5.16-1.el7.x86_64.rpm
    - update content in file /var/opt/opscode/local-mode-cache/chef-manage-2.5.16-1.el7.x86_64.rpm from none to 8b14a7
    (file sizes exceed 10000000 bytes, diff output suppressed)
    - restore selinux security context
  * ruby_block[locate_addon_package_chef-manage] action run
    - execute the ruby block locate_addon_package_chef-manage
  * yum_package[chef-manage] action install
    - install version 2.5.16-1.el7 of package chef-manage
  * ruby_block[addon_install_notification_chef-manage] action run
    - execute the ruby block addon_install_notification_chef-manage

Running handlers:
-- Installed Add-On Package: chef-manage
  - #<Class:0x0000000005722e50>::AddonInstallHandler
Running handlers complete
Chef Infra Client finished, 4/5 resources updated in 08 minutes 30 seconds

Now, we have to reconfigure CHEF 13 server.

# chef-server-ctl reconfigure
...
Recipe: private-chef::nginx
  * component_runit_service[nginx] action restart
  Recipe: <Dynamically Defined Resource>
    * service[nginx] action nothing (skipped due to action :nothing)
    * runit_service[nginx] action restart (up to date)
     (up to date)

Running handlers:
Running handlers complete
Chef Infra Client finished, 52/553 resources updated in 01 minutes 48 seconds
Chef Server Reconfigured!

Configure CHEF management console as follows.

# chef-manage-ctl reconfigure
To use this software, you must agree to the terms of the software license agreement.
Press any key to continue.
Type 'yes' to accept the software license agreement, or anything else to cancel.
yes
...
...
...
  Cloning resource attributes for directory[/var/log/chef-manage/worker] from prior resource
Previous directory[/var/log/chef-manage/worker]: /opt/chef-manage/embedded/cookbooks/cache/cookbooks/private_chef_addon/providers/default.rb:42:in `block in create_log_directories'
Current  directory[/var/log/chef-manage/worker]: /opt/chef-manage/embedded/cookbooks/cache/cookbooks/private_chef_addon/providers/default.rb:42:in `block in create_log_directories' at 1 location:
    - /opt/chef-manage/embedded/cookbooks/cache/cookbooks/private_chef_addon/providers/default.rb:42:in `block in create_log_directories'
   See https://docs.chef.io/deprecations_resource_cloning.html for further details.

Chef Client finished, 90/269 resources updated in 01 minutes 36 seconds
chef-manage Reconfigured!

Open URL https://chef-server-01.example.com/ in a web browser.

The browser displays a security warning because our CHEF 13 server uses a self signed certificate.

Ignore the warning and continue to the website.

01-chef-management-console-login

Login as Admin user that we have created above.

02-chef-management-console-dashboard

We are now at the Dashboard of CHEF 13 Management console.

To start working on CHEF 13, we recommend you to obtain a copy of Chef Cookbook by Packt Publishing. This book contains many recipes for common servers’ configurations.

We have successfully installed CHEF 13 server on CentOS 7 along with management console.

If you find this article useful? Don't you mind support us by Buy Me A Coffee


No comments:

Post a Comment

© 2022 CentLinux. All Rights Reserved.