Monday, 7 September 2015

Chef Installation and configure on CentOS



Install chef-server
iptables -F
rpm -ivh chef-server-11.1.7-1.el6.x86_64

Configure Chef Server

chef-server-ctl reconfigure

Running handlers:
Running handlers complete
Chef Client finished, 415/479 resources updated in 220.548599949 seconds
Chef Server Reconfigured!

Confirm Chef server is running by,

chef-server-ctl status
run: bookshelf: (pid 1084) 60730s; run: log: (pid 1083) 60730s
run: chef-expander: (pid 1080) 60730s; run: log: (pid 1079) 60730s
run: chef-server-webui: (pid 1070) 60730s; run: log: (pid 1068) 60730s
run: chef-solr: (pid 1076) 60730s; run: log: (pid 1073) 60730s
run: erchef: (pid 1085) 60730s; run: log: (pid 1082) 60730s
down: nginx: 0s, normally up, want up; run: log: (pid 1078) 60730s
run: postgresql: (pid 1091) 60730s; run: log: (pid 1072) 60730s
run: rabbitmq: (pid 1075) 60730s; run: log: (pid 1071) 60730s


Optionally, run the Opscode Pedant test suite. This will verify that everything is working.
chef-server-ctl test

Configure Chef Workstation

check Chef client pkg is already installed or not

rpmquery chef
package chef is not installed

rpm -ivh chef-11.18.12-1.el6.x86_64

rpmquery chef
chef-11.18.12-1.el6.x86_64

chef-client
To Secure communication with Chef server,

copy files from chef server path /etc/chef-server to chef workstation
scp -r admin.pem chef-validator.pem chef-webui.pem root@10.98.33.204:/root/.chef
admin.pem
chef-validator.pem
chef-webui.pem

mkdir .chef @ home and mv all 3 files inside dir

knife configure -i
Overwrite /root/.chef/knife.rb? (Y/N)Y
Please enter the chef server URL: [https://testchefwork.example.com:443] https://testchefserver.example.com:443
Please enter a name for the new user: [root]
Please enter the existing admin name: [admin] admin
Please enter the location of the existing admin's private key: [/etc/chef-server/admin.pem] /root/.chef/admin.pem
Please enter the validation clientname: [chef-validator]
Please enter the location of the validation key: [/etc/chef-server/chef-validator.pem] /root/.chef/chef-validator.pem
Please enter the path to a chef repository (or leave blank):
Creating initial API user...
Please enter a password for the new user:
Created user[root]
Configuration file written to /root/.chef/knife.rb

knife ssl fetch

knife ssl check

Connecting to host testchefserver.example.com:443
ERROR: The SSL certificate of testchefserver.example.com could not be verified
Certificate issuer data: /C=US/ST=WA/L=Seattle/O=YouCorp/OU=Operations/CN=testchefserver.example.com/emailAddress=you@example.com

Configuration Info:

OpenSSL Configuration:
* Version: OpenSSL 1.0.1m 19 Mar 2015
* Certificate file: /opt/chef/embedded/ssl/cert.pem
* Certificate directory: /opt/chef/embedded/ssl/certs
Chef SSL Configuration:
* ssl_ca_path: nil
* ssl_ca_file: nil
* trusted_certs_dir: "/root/.chef/trusted_certs"

TO FIX THIS ERROR:

If the server you are connecting to uses a self-signed certificate, you must
configure chef to trust that server's certificate.

By default, the certificate is stored in the following location on the host
where your chef-server runs:

  /var/opt/chef-server/nginx/ca/SERVER_HOSTNAME.crt

Copy that file to you trusted_certs_dir (currently: /root/.chef/trusted_certs)
using SSH/SCP or some other secure method, then re-run this command to confirm
that the server's certificate is now trusted.

knife ssl check
Connecting to host testchefserver.example.com:443
Successfully verified certificates from `testchefserver.example.com'

knife client list

chef-validator
chef-webui
 knife user list
admin
jojan
root

Node configuration

iptables -L

 rpm -ivh chef-11.18.12-1.el6.x86_64.rpm

warning: chef-11.18.12-1.el6.x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID 83ef826a: NOKEY
Preparing...                ########################################### [100%]
   1:chef                   ########################################### [100%]
Thank you for installing Chef!

copy chef-validator.pem from chef server path /etc/chef-server to /etc/chef in Node server

knife ssl fetch -s https://testchefserver.example.com

WARNING: No knife configuration file found
WARNING: Certificates from testchefserver.example.com will be fetched and placed in your trusted_cert
directory ().

Knife has no means to verify these are the correct certificates. You should
verify the authenticity of these certificates after downloading.

ERROR: TypeError: can't convert nil into String

 knife ssl check
Connecting to host testchefserver.example.com:443
Successfully verified certificates from `testchefserver.example.com'
[root@testchefnode .chef]# knife ssl fetch -s https://testchefserver.example.com
WARNING: Certificates from testchefserver.example.com will be fetched and placed in your trusted_cert
directory (/root/.chef/trusted_certs).

Knife has no means to verify these are the correct certificates. You should
verify the authenticity of these certificates after downloading.

Adding certificate for testchefserver.example.com in /root/.chef/trusted_certs/testchefserver_example_com.crt

knife ssl check -s https://testchefserver.example.com

Connecting to host testchefserver.example.com:443
Successfully verified certificates from `testchefserver.example.com'

cat /etc/chef/client.rb
log_level :info
log_location STDOUT
chef_server_url "https://testchefserver.example.com:443"
trusted_certs_dir "/root/.chef/trusted_certs"

chef-client -S https://testchefserver.example.com -K /etc/chef/chef-validator.pem

creating a recipe on workstation and upload to server

knife cookbook create motd
** Creating cookbook motd
** Creating README for cookbook: motd
** Creating CHANGELOG for cookbook: motd
** Creating metadata for cookbook: motd

cd /var/chef/cookbooks/motd

ls -l
attributes
CHANGELOG.md
definitions
files
libraries
metadata.rb
providers
README.md
recipes
resources
templates

cd recipes/
vi default.rb

file '/etc/motd' do
        content 'Welcome to chef'
end

Before uploading to server make sure there is no syntax error

knife cookbook test motd
checking motd
Running syntax check on motd
Validating ruby files
Validating templates
Validating ruby files
Validating templates

upload to server,

knife cookbook upload motd
Uploading motd         [0.1.0]
Uploaded 1 cookbook.

to chk from server

knife cookbook list
motd   0.1.0

to chek from dashboard,
https://testchefserver.example.com/cookbooks

Add cookbook to a node,

go to https://testchefserver.example.com/nodes and edit
drag and drop Available Recipes moted to Run List,

chef-client
[2015-09-07T11:17:30+05:30] INFO: Forking chef instance to converge...
[2015-09-07T11:17:30+05:30] WARN:
........................................
- update content in file /etc/motd from e3b0c4 to cad802
    --- /etc/motd       2010-01-12 18:58:22.000000000 +0530
    +++ /tmp/.motd20150907-26207-mb0jjs 2015-09-07 11:17:32.622947241 +0530
    @@ -1 +1,2 @@
    +Welcome to chef
    - restore selinux security context
[2015-09-07T11:17:32+05:30] INFO: Chef Run complete in 0.661581977 seconds

Running handlers:
[2015-09-07T11:17:32+05:30] INFO: Running report handlers
Running handlers complete
[2015-09-07T11:17:32+05:30] INFO: Report handlers complete
Chef Client finished, 1/1 resources updated in 2.350334219 seconds

now cat it in node server,

cat /etc/motd
Welcome to chef

Ref:- https://www.youtube.com/watch?v=egvEPsVMfK0

No comments:

Post a comment