Like puppet, chef is a configuration management tool built in ruby. It includes a handy management tool knife that can be used to propagate changes across all chef clients, modify node, role and environment settings as well as some other useful things. Chef server is pretty robust and all in all once you get the hang of it a great tool to work with, but on the downside it is somewhat resource intensive. It lot more heavyweight than saltstack which uses zeromq instead of the arguably bloated rabbitmq included and installed when configuring chef-server.
The docs call for 4GB of RAM, and 4 CPU cores.
Get Chef RPMs
You can download the latest rpm by visiting the getchef homepage. The latest version at the time of this writing is 12.0.0_rc.4-1, but since this version is a release candidate, we’ll go with the latest open source version of 11 which can be found on this chef download page.
Current link to latest open source version of 11 is:
# chef server
# chef client
I prefer installing chef and managing the package via RPM, but it’s also available as a ruby gem, or opscode (chef’s creator) also provides an install script that can be used.
curl -L https://www.opscode.com/chef/install.sh | bash
Installing and Configuring Chef Server
Now that we’ve got the packages in one way or another, lets install the chef-server rpm. You can either put it in a yum repo that you host and use yum install or, just install the rpm directly with rpm -Uvh.
rpm -Uvh chef-server-11.1.5-1.el6.x86_64.rpm
This package installs all chef libraries and related utilities along with its own ruby install under /opt/chef-server as to not conflict with/depend on your system ruby.
Once installed, we can configure it by using chef-server-ctl.
When running this on the initial setup, you will see it perform the following operations, mostly installed under /var/opt/chef.
- create system user chef_server
- install and configure postgres
- install and configure rabbitmq
- install and configure nginx
- set selinux contexts
Note, these aren’t typical RPMs it’s installing for postgres, nginx, etc., the omnibus RPM ensure all packages are isolated under chef-server as to not conflict with system packages/services. You cannot control them with a typical /etc/init.d/ script, and must be managed using chef-server-ctl.
Once this completes, test that it’s setup properly.
Install and configure chef-client
Now that the server is setup and running, lets configure a chef client. This can be done on any node that can talk to the chef-server instance we setup, or on the chef-server node itself. For this demo, we’ll just install things on the same machine.
rpm -Uvh chef-11.16.2-1.el6.x86_64.rpm
If setting up on a different node than the server, you will want to copy a the certs generated earlier when setting up chef-server /etc/chef-server/admin.pem and /etc/chef-server/chef-validator.pem.
We want to configure the client using knife.
knife configure --initial
If run as root on the chef-server, it should generate a knife.rb under
We can see the user we created, and the authenticated clients using the knife command now.
Since we haven’t yet setup any nodes or roles, they will return blank, and environments will only show the default environment named _default.
Next, we’ll add a node to chef.