Like puppet, chef is a configuration management tool built in ruby. It includes a handy management tool knife that can be used to propagate changes across all chef clients, modify node, role and environment settings as well as some other useful things. Chef server is pretty robust and all in all once you get the hang of it a great tool to work with, but on the downside it is somewhat resource intensive. It lot more heavyweight than saltstack which uses zeromq instead of the arguably bloated rabbitmq included and installed when configuring chef-server.

The docs call for 4GB of RAM, and 4 CPU cores.

Get Chef RPMs

You can download the latest rpm by visiting the getchef homepage. The latest version at the time of this writing is 12.0.0_rc.4-1, but since this version is a release candidate, we’ll go with the latest open source version of 11 which can be found on this chef download page.

Current link to latest open source version of 11 is:

# chef server
# chef client

I prefer installing chef and managing the package via RPM, but it’s also available as a ruby gem, or opscode (chef’s creator) also provides an install script that can be used.

curl -L | bash

Installing and Configuring Chef Server

Now that we’ve got the packages in one way or another, lets install the chef-server rpm. You can either put it in a yum repo that you host and use yum install or, just install the rpm directly with rpm -Uvh.

# if you can place the rpm in a yum repo that you manage.
yum install chef-server
# install rpm
rpm -Uvh chef-server-11.1.5-1.el6.x86_64.rpm

This package installs all chef libraries and related utilities along with its own ruby install under /opt/chef-server as to not conflict with/depend on your system ruby.

Once installed, we can configure it by using chef-server-ctl.

chef-server-ctl reconfigure

When running this on the initial setup, you will see it perform the following operations, mostly installed under /var/opt/chef.

  • create system user chef_server
  • install and configure postgres
  • install and configure rabbitmq
  • install and configure nginx
  • set selinux contexts

Note, these aren’t typical RPMs it’s installing for postgres, nginx, etc., the omnibus RPM ensure all packages are isolated under chef-server as to not conflict with system packages/services. You cannot control them with a typical /etc/init.d/ script, and must be managed using chef-server-ctl.

# stop chef server and all services
chef-server-ctl stop
# start chef server and all services
chef-server-ctl start
# restart chef server and all services
chef-server-ctl restart

Once this completes, test that it’s setup properly.

chef-server-ctl test

Install and configure chef-client

Now that the server is setup and running, lets configure a chef client. This can be done on any node that can talk to the chef-server instance we setup, or on the chef-server node itself. For this demo, we’ll just install things on the same machine.

# if you have a yum repo that you put the chef rpm on
yum install chef
# install rpm we downloaded above
rpm -Uvh chef-11.16.2-1.el6.x86_64.rpm

If setting up on a different node than the server, you will want to copy a the certs generated earlier when setting up chef-server /etc/chef-server/admin.pem and /etc/chef-server/chef-validator.pem.

We want to configure the client using knife.

knife configure --initial

If run as root on the chef-server, it should generate a knife.rb under

[root@localhost ~]# cat /root/.chef/knife.rb
log_level                :info
log_location             STDOUT
node_name                'root'
client_key               '/root/.chef/root.pem'
validation_client_name   'chef-validator'
validation_key           '/etc/chef-server/chef-validator.pem'
chef_server_url          'https://localhost:443'
syntax_check_cache_path  '/root/.chef/syntax_check_cache'

We can see the user we created, and the authenticated clients using the knife command now.

[root@localhost ~]# knife client list
[root@localhost ~]# knife user list

Since we haven’t yet setup any nodes or roles, they will return blank, and environments will only show the default environment named _default.

[root@localhost ~]# knife node list
[root@localhost ~]# knife role list
[root@localhost ~]# knife environment list

Next, we’ll add a node to chef.