In this article, you will learn, how to install CHEF Server on CentOS 7 or other Redhat based Linux distributions. #centlinux #linux #chefserver
Table of Contents
What is CHEF Server? :
CHEF is a configuration management tool written in Ruby and ErLang. CHEF is one of the most popular Infrastructure as Code (IAC) tools. By using CHEF, we can streamline the tasks of configuring and maintaining the organization’s servers. CHEF also includes a thin-client management console for maintaining configurations of servers.
CHEF uses Ruby for writing system configuration “Recipes”. CHEF is distributed under Apache License 2.0 and available to download from GitHub and CHEF’s official download page.
In this article, we will install CHEF server on CentOS 7. We are also installing a management console for CHEF in this article.
Environment Specification:
We have provisioned a CentOS 7 virtual machine with following specifications.
- CPU – 3.4 Ghz (2 Cores)
- Memory – 2 GB
- Storage – 20 GB
- Operating System – CentOS 7.6
- Hostname – chef-server-01.example.com
- IP Address – 192.168.116.199 /24
Install CHEF Server on CentOS 7:
Connect with chef-server-01.example.com using ssh as root user.
Currently, CHEF 13 server is available to download at their official website.
# cd /tmp
# curl -O https://packages.chef.io/files/stable/chef-server/13.0.17/el/7/chef-server-core-13.0.17-1.el7.x86_64.rpm
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 238M 100 238M 0 0 331k 0 0:12:17 0:12:17 --:--:-- 424kOnce download, install CHEF server on CentOS 7 by using rpm command.
# rpm -ivh chef-server-core-13.0.17-1.el7.x86_64.rpm warning: chef-server-core-13.0.17-1.el7.x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID 83ef826a: NOKEY Preparing... ################################# [100%] Updating / installing... 1:chef-server-core-13.0.17-1.el7 ################################# [100%]
Configure CHEF 13 server as follows.
# chef-server-ctl reconfigure
+---------------------------------------------+
Chef License Acceptance
Before you can continue, 3 product licenses
must be accepted. View the license at
https://www.chef.io/end-user-license-agreement/
Licenses that need accepting:
* Chef Infra Server
* Chef Infra Client
* Chef InSpec
Do you accept the 3 product licenses (yes/no)?
> yes
Persisting 3 product licenses...
â 3 product licenses persisted.
+---------------------------------------------+
Starting Chef Infra Client, version 15.0.300
resolving cookbooks for run list: ["private-chef::default"]
Synchronizing Cookbooks:
- enterprise (0.15.1)
- runit (5.1.1)
- packagecloud (1.0.1)
- yum-epel (3.3.0)
- private-chef (0.1.1)
Installing Cookbook Gems:
Compiling Cookbooks...
Recipe: private-chef::default
* directory[/etc/opscode] action create (up to date)
* directory[/etc/opscode/logrotate.d] action create
- create new directory /etc/opscode/logrotate.d
- change mode from '' to '0755'
- change owner from '' to 'root'
- change group from '' to 'root'
- restore selinux security context
/var/opt/opscode/local-mode-cache/cookbooks/private-chef/recipes/oc-chef-pedant.rb:41: warning: constant OpenSSL::SSL::SSLContext::METHODS is deprecated
Converging 259 resources
* link[/usr/bin/private-chef-ctl] action create (up to date)
* link[/usr/bin/chef-server-ctl] action create (up to date)
* directory[/etc/opscode] action nothing (skipped due to action :nothing)
* directory[/etc/opscode/logrotate.d] action nothing (skipped due to action :nothing)
* log[opscode_webui deprecation notice] action write (skipped due to only_if)
Recipe: private-chef::users
* linux_user[opscode] action create
- create user opscode
* group[opscode] action create
- alter group opscode
- replace group members with new list of members
Recipe: private-chef::private_keys
* file[/etc/opscode/pivotal.pem] action create
- create new file /etc/opscode/pivotal.pem
- update content in file /etc/opscode/pivotal.pem from none to 689221
- suppressed sensitive resource
- change mode from '' to '0600'
- change owner from '' to 'opscode'
- change group from '' to 'root'
- restore selinux security context
* file[/etc/opscode/webui_priv.pem] action create
- create new file /etc/opscode/webui_priv.pem
- update content in file /etc/opscode/webui_priv.pem from none to 4d9638
- suppressed sensitive resource
- change mode from '' to '0600'
- change owner from '' to 'opscode'
- change group from '' to 'root'
- restore selinux security context
* file[/etc/opscode/webui_pub.pem] action create
- create new file /etc/opscode/webui_pub.pem
- update content in file /etc/opscode/webui_pub.pem from none to 3e4501
- suppressed sensitive resource
- change mode from '' to '0644'
- change owner from '' to 'root'
- change group from '' to 'root'
- restore selinux security context
Recipe: private-chef::default
* file[/etc/opscode/dark_launch_features.json] action create
- create new file /etc/opscode/dark_launch_features.json
- update content in file /etc/opscode/dark_launch_features.json from none to 05b75f
--- /etc/opscode/dark_launch_features.json 2019-09-04 20:24:28.821962036 +0500
+++ /etc/opscode/.chef-dark_launch_features20190904-7539-h4omrn.json 2019-09-04 20:24:28.821962036 +0500
@@ -1 +1,17 @@
+{
+ "quick_start": false,
+ "new_theme": true,
+ "private-chef": true,
+ "sql_users": true,
+ "add_type_and_bag_to_items": true,
+ "reporting": true,
+ "actions": true,
+ "503_mode": false,
+ "couchdb_containers": false,
+ "couchdb_groups": false,
+ "couchdb_acls": false,
+ "couchdb_association_requests": false,
+ "couchdb_organizations": false,
+ "couchdb_associations": false
+}
- change mode from '' to '0644'
- change owner from '' to 'opscode'
- change group from '' to 'root'
- restore selinux security context
* directory[/etc/chef] action create
- change mode from '0755' to '0775'
- change group from 'root' to 'opscode'
- restore selinux security context
* directory[/var/opt/opscode] action create (up to date)
* directory[/var/log/opscode] action create
- create new directory /var/log/opscode
- change mode from '' to '0755'
- change owner from '' to 'opscode'
- change group from '' to 'opscode'
- restore selinux security context
Recipe: enterprise::runit
* component_runit_supervisor[private_chef] action create
* template[/etc/systemd/system/private_chef-runsvdir-start.service] action create
- create new file /etc/systemd/system/private_chef-runsvdir-start.service
- update content in file /etc/systemd/system/private_chef-runsvdir-start.service from none to 27231f
--- /etc/systemd/system/private_chef-runsvdir-start.service 2019-09-04 20:24:28.936962034 +0500
+++ /etc/systemd/system/.chef-private_chef-runsvdir-start20190904-7539-1hczk0s.service 2019-09-04 20:24:28.936962034 +0500
@@ -1 +1,11 @@
+[Unit]
+Description=private_chef Runit Process Supervisor
+After=network.target auditd.service
+
+[Service]
+ExecStart=/opt/opscode/embedded/bin/runsvdir-start
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
- change mode from '' to '0644'
- change owner from '' to 'root'
- change group from '' to 'root'
- restore selinux security context
* execute[systemctl daemon-reload] action run
- execute systemctl daemon-reload
* execute[systemctl daemon-reload] action nothing (skipped due to action :nothing)
* file[/usr/lib/systemd/system/private_chef-runsvdir-start.service] action delete (up to date)
* service[private_chef-runsvdir-start.service] action enable
- enable service service[private_chef-runsvdir-start.service]
* service[private_chef-runsvdir-start.service] action start
- start service service[private_chef-runsvdir-start.service]
Recipe: private-chef::sysctl-updates
* execute[sysctl-reload] action nothing (skipped due to action :nothing)
* bash[dual ip4/ip6 portbind] action run (skipped due to only_if)
Recipe: private-chef::fix_permissions
* execute[find /opt/opscode/embedded/lib/ruby/gems/*/gems -perm /u=x,g=x,o=x -exec chmod 755 {} ;] action run
- execute find /opt/opscode/embedded/lib/ruby/gems/*/gems -perm /u=x,g=x,o=x -exec chmod 755 {} ;
* execute[find /opt/opscode/embedded/lib/ruby/gems/*/gems -perm /u=r,g=r,o=r ! -perm /u=x -exec chmod 644 {} ;] action run
...
...
...
Recipe: private-chef::opscode-erchef
* component_runit_service[opscode-erchef] action restart
Recipe: <Dynamically Defined Resource>
* service[opscode-erchef] action nothing (skipped due to action :nothing)
* runit_service[opscode-erchef] action restart (up to date)
(up to date)
Recipe: private-chef::partybus
* execute[set initial migration level] action run
- execute cd /opt/opscode/embedded/service/partybus && ./bin/partybus init
* ruby_block[migration-level file sanity check] action run (skipped due to not_if)
Recipe: private-chef::rabbitmq
* script[hard_kill_rabbitmq] action run
- execute "bash" "/tmp/chef-script20190904-7539-il7d0v"
Running handlers:
Running handlers complete
Chef Infra Client finished, 482/1028 resources updated in 05 minutes 44 seconds
Chef Server Reconfigured!Check status of the CHEF 13 server components.
# chef-server-ctl status run: bookshelf: (pid 36604) 569s; run: log: (pid 30489) 749s run: nginx: (pid 36571) 575s; run: log: (pid 31865) 667s run: oc_bifrost: (pid 36483) 580s; run: log: (pid 29963) 804s run: oc_id: (pid 36560) 577s; run: log: (pid 30055) 778s run: opscode-erchef: (pid 37511) 475s; run: log: (pid 30679) 743s run: opscode-expander: (pid 36594) 571s; run: log: (pid 30282) 761s run: opscode-solr4: (pid 36586) 572s; run: log: (pid 30176) 767s run: postgresql: (pid 36479) 582s; run: log: (pid 29399) 829s run: rabbitmq: (pid 37285) 522s; run: log: (pid 32136) 660s run: redis_lb: (pid 31083) 708s; run: log: (pid 31082) 708s
Create an Admin user for CHEF server administration.
# chef-server-ctl user-create admin admin admin admin@chef-server-01.example.com 'abc123' -f /etc/chef/admin.pem
We have provided the values in the above command based on following syntax.
chef-server-ctl user-create USER_NAME FIRST_NAME LAST_NAME EMAIL 'PASSWORD' -f PATH_FILE_NAME
Create an Organization to hold CHEF 13 server configurations.
# chef-server-ctl org-create sysadminrecipes "Ahmer's SysAdmin Recipes" --association_user admin -f /etc/chef/sysadminrecipes-validator.pem
We have provided the values according to following syntax.
chef-server-ctl org-create SHORT_ORG_NAME FULL_ORG_NAME --association_user USER_NAME --filename ORGANIZATION-validator.pem
Configure Linux Firewall:
Allow HTTP and HTTPS service ports in Linux Firewall.
# firewall-cmd --permanent --add-service={http,https}
success
# firewall-cmd --reload
successInstall CHEF Management Console on CentOS 7:
Install CHEF Management console using following command.
# chef-server-ctl install chef-manage
Starting Chef Infra Client, version 15.0.300
resolving cookbooks for run list: ["private-chef::add_ons_wrapper"]
Synchronizing Cookbooks:
- enterprise (0.15.1)
- runit (5.1.1)
- packagecloud (1.0.1)
- yum-epel (3.3.0)
- private-chef (0.1.1)
Installing Cookbook Gems:
Compiling Cookbooks...
Converging 4 resources
Recipe: private-chef::add_ons_wrapper
* ruby_block[addon_install_notification_chef-manage] action nothing (skipped due to action :nothing)
* remote_file[/var/opt/opscode/local-mode-cache/chef-manage-2.5.16-1.el7.x86_64.rpm] action create
- create new file /var/opt/opscode/local-mode-cache/chef-manage-2.5.16-1.el7.x86_64.rpm
- update content in file /var/opt/opscode/local-mode-cache/chef-manage-2.5.16-1.el7.x86_64.rpm from none to 8b14a7
(file sizes exceed 10000000 bytes, diff output suppressed)
- restore selinux security context
* ruby_block[locate_addon_package_chef-manage] action run
- execute the ruby block locate_addon_package_chef-manage
* yum_package[chef-manage] action install
- install version 2.5.16-1.el7 of package chef-manage
* ruby_block[addon_install_notification_chef-manage] action run
- execute the ruby block addon_install_notification_chef-manage
Running handlers:
-- Installed Add-On Package: chef-manage
- #<Class:0x0000000005722e50>::AddonInstallHandler
Running handlers complete
Chef Infra Client finished, 4/5 resources updated in 08 minutes 30 secondsNow, we have to reconfigure CHEF 13 server.
# chef-server-ctl reconfigure
...
Recipe: private-chef::nginx
* component_runit_service[nginx] action restart
Recipe: <Dynamically Defined Resource>
* service[nginx] action nothing (skipped due to action :nothing)
* runit_service[nginx] action restart (up to date)
(up to date)
Running handlers:
Running handlers complete
Chef Infra Client finished, 52/553 resources updated in 01 minutes 48 seconds
Chef Server Reconfigured!Configure CHEF management console as follows.
# chef-manage-ctl reconfigure
To use this software, you must agree to the terms of the software license agreement.
Press any key to continue.
Type 'yes' to accept the software license agreement, or anything else to cancel.
yes
...
...
...
Cloning resource attributes for directory[/var/log/chef-manage/worker] from prior resource
Previous directory[/var/log/chef-manage/worker]: /opt/chef-manage/embedded/cookbooks/cache/cookbooks/private_chef_addon/providers/default.rb:42:in `block in create_log_directories'
Current directory[/var/log/chef-manage/worker]: /opt/chef-manage/embedded/cookbooks/cache/cookbooks/private_chef_addon/providers/default.rb:42:in `block in create_log_directories' at 1 location:
- /opt/chef-manage/embedded/cookbooks/cache/cookbooks/private_chef_addon/providers/default.rb:42:in `block in create_log_directories'
See https://docs.chef.io/deprecations_resource_cloning.html for further details.
Chef Client finished, 90/269 resources updated in 01 minutes 36 seconds
chef-manage Reconfigured!Open URL https://chef-server-01.example.com/ in a web browser.
The browser displays a security warning because our CHEF 13 server uses a self signed certificate.
Ignore the warning and continue to the website.
Login as Admin user that we have created above.
We are now at the Dashboard of CHEF 13 Management console.
To start working on CHEF 13, we recommend you to obtain a copy of Chef Cookbook (PAID LINK) by Packt Publishing. This book contains many recipes for common servers’ configurations.
Conclusion – Install CHEF Server on CentOS 7:
In this article, you have learned, how to install CHEF Server on CentOS 7 along with management console.
