Now that the chef-server is configured, we now need to configure the chef-workstation.
1. Download and Install the chefdk package
[root@manja17-I14020 ~]# wget https://packages.chef.io/stable/el/7/chefdk-0.19.6-1.el7.x86_64.rpm
[root@manja17-I14020 ~]# rpm -ivh chefdk-*.rpm
2. Run the “chef verify” to make sure all the required services are running. This also configured certain pre-requsites that are needed.
[root@manja17-I14020 ~]# chef verify
Running verification for component 'berkshelf'
Running verification for component 'test-kitchen'
Running verification for component 'tk-policyfile-provisioner'
Running verification for component 'chef-client'
Running verification for component 'chef-dk'
Running verification for component 'chef-provisioning'
Running verification for component 'chefspec'
Running verification for component 'generated-cookbooks-pass-chefspec'
Running verification for component 'rubocop'
Running verification for component 'fauxhai'
Running verification for component 'knife-spork'
Running verification for component 'kitchen-vagrant'
Running verification for component 'package installation'
Running verification for component 'openssl'
Running verification for component 'inspec'
Running verification for component 'delivery-cli'
Running verification for component 'git'
Running verification for component 'opscode-pushy-client'
Running verification for component 'chef-sugar'
This may throw some error like git not configured etc which will be taken care when run the other commands.
3. Change the ruby location to the one installed by chef
[root@manja17-I14020 ~]# which ruby
/usr/bin/ruby
[root@manja17-I14020 ~]# echo 'eval "$(chef shell-init bash)"' >> ~/.bash_profile
[root@manja17-I14020 ~]# . ~/.bash_profile
[root@manja17-I14020 ~]# which ruby
/opt/chefdk/embedded/bin/ruby
5. Download , install and configure git
[root@manja17-I14020 ~]# yum install -y git
[root@manja17-I14020 ~]# git config –global “user.name” <Your user Name>
[root@manja17-I14020 ~]# git config –global “user.email” <Your Email>
6. Create the chef-repo so that we can have a location to store all our cookbooks.
[root@manja17-I14020 ~]# chef generate repo chef-repo
[root@manja17-I14020 ~]# ls -al ~/chef-repo/
total 24
drwxr-xr-x. 7 root root 175 Sep 3 04:55 .
dr-xr-x---. 11 root root 4096 Sep 3 04:55 ..
-rw-r--r--. 1 root root 1133 Sep 3 04:55 chefignore
-rw-r--r--. 1 root root 255 Sep 3 04:55 .chef-repo.txt
drwxr-xr-x. 3 root root 38 Sep 3 04:55 cookbooks
drwxr-xr-x. 3 root root 38 Sep 3 04:55 data_bags
drwxr-xr-x. 2 root root 43 Sep 3 04:55 environments
drwxr-xr-x. 7 root root 119 Sep 3 04:55 .git
-rw-r--r--. 1 root root 106 Sep 3 04:55 .gitignore
-rw-r--r--. 1 root root 70 Sep 3 04:55 LICENSE
-rw-r--r--. 1 root root 1499 Sep 3 04:55 README.md
drwxr-xr-x. 2 root root 43 Sep 3 04:55 roles
7. Create a git repo in the chef-repo location and commit the changes. Run the below commands,
[root@manja17-I14020 ~]# cd ~/chef-repo/
[root@manja17-I14020 chef-repo]# git init
Reinitialized existing Git repository in /root/chef-repo/.git/
[root@manja17-I14020 chef-repo]# mkdir -p ~/chef-repo/.chef
[root@manja17-I14020 chef-repo]# echo '.chef' >> ~/chef-repo/.gitignore
[root@manja17-I14020 chef-repo]# cd ~/chef-repo/
[root@manja17-I14020 chef-repo]# git add .
[root@manja17-I14020 chef-repo]# git commit -m "initial commit"
[master (root-commit) 581131f] initial commit
16 files changed, 351 insertions(+)
create mode 100644 .chef-repo.txt
create mode 100644 .gitignore
create mode 100644 LICENSE
create mode 100644 README.md
create mode 100644 chefignore
create mode 100644 cookbooks/README.md
create mode 100644 cookbooks/example/README.md
create mode 100644 cookbooks/example/attributes/default.rb
create mode 100644 cookbooks/example/metadata.rb
create mode 100644 cookbooks/example/recipes/default.rb
create mode 100644 data_bags/README.md
create mode 100644 data_bags/example/example_item.json
create mode 100644 environments/README.md
create mode 100644 environments/example.json
create mode 100644 roles/README.md
create mode 100644 roles/example.json
[root@manja17-I14020 chef-repo]# git status
# On branch master
nothing to commit, working directory clean
8. Download the keys from the chef-server to chef-workstation using,
[root@manja17-I14020 chef-repo]# scp -pr root@chefserver:/etc/chef/admin.pem ~/chef-repo/.chef/
[root@manja17-I14020 chef-repo]# scp -pr root@chefserver:/etc/chef/novacorp-validator.pem ~/chef-repo/.chef/
9. Create the knife.rb file.
As we already discussed, knife is a command line interface between the chef-repo on chef-workstation to the chef-server. In order to work with knife tool , we need to first configure the knife.rb file in “~/chef-repo/.chef” location.
Below is my local knife.rb configuration file
[root@chefdk .chef]# cat knife.rb
current_dir = File.dirname(__FILE__)
log_level :info
log_location STDOUT
node_name "admin"
client_key "#{current_dir}/admin.pem"
validation_client_name "novacorp-validator"
validation_key "#{current_dir}/novacorp-validator"
chef_server_url "https://chefserver.nova.com/organizations/nova"
syntax_check_cache_path "#{ENV['HOME']}/.chef/syntaxcache"
cookbook_path ["#{current_dir}/../cookbooks"]
the elements can be explained as,
- log_level: The amount of logging that will be stored in the log file. log_location: The location of the log file.
- node_name: The username of the person using the workstation. This user will need a valid authorization key located on the workstation.
- client_key: The location of the user’s authorization key.
- validation_client_name: The name for the server validation key that will determine whether a node is registered with the Chef server. These values must match during a chef-client run.
- validation_key: The path to your organization’s validation key.
- chef_server_url: The URL of the Chef server, with shortname being the defined shortname of your organization. This can also be an IP address. /organizations/shortname must be included in the URL.
- syntax_check_cache_path: The location in which knife stores information about files that have been checked for appropriate Ruby syntax.
- cookbook_path: The path to the cookbook directory.
[root@manja17-I14020 .chef]# whereis knife
knife: /usr/bin/knife /opt/chefdk/bin/knife /opt/chefdk/embedded/bin/knife
[root@manja17-I14020 .chef]# /usr/bin/knife client list
ERROR: SSL Validation failure connecting to host: chefserver - SSL_connect returned=1 errno=0 state=error: certificate verify failed
ERROR: Could not establish a secure connection to the server.
Use `knife ssl check` to troubleshoot your SSL configuration.
If your Chef Server uses a self-signed certificate, you can use
`knife ssl fetch` to make knife trust the server's certificates.
Original Exception: OpenSSL::SSL::SSLError: SSL Error connecting to https://chefserver/organizations/itzgeek/clients - SSL_connect returned=1 errno=0 state=error: certificate verify failed
[root@manja17-I14020 .chef]# /usr/bin/knife ssl fetch
WARNING: Certificates from chefserver will be fetched and placed in your trusted_cert
directory (/root/chef-repo/.chef/trusted_certs).
Knife has no means to verify these are the correct certificates. You should
verify the authenticity of these certificates after downloading.
Adding certificate for manja17-I14021 in /root/chef-repo/.chef/trusted_certs/manja17-I14021.crt
[root@manja17-I14020 .chef]# knife client list
nova-validator
No comments :
Post a Comment