My focus was to learn about Chef while using Vagrant for easy machine management. I’m pretty familiar with the basics of vagrant already but there were two extras I needed for this project: 1. Quick snapshoting capabilities 2. Multi-machine setup for a Chef server and node
For 1. turns out you need a plugin for that. There are a few out there but I went with vagrant-vbox-snapshot.
Snapshot plugin installation:
The base commands I care about are:
Multi-machine mode was fairly straightforward to configure. Here are the relevant pieces from my
1 2 3 4 5 6 7 8 9 10 11 12 13
To jump between these two boxes you’ll now need to specify the machine name. I
configured the chef server as the default machine with
primary: true but you’ll need
to refer to
chef-node by name in your vagrant commands. For example, you can do
vagrant ssh chef-node.
Chef key terms:
server– stores infrastructure pieces
workstation– where you interact with chef server
nodes– a node in your infrastructure
resources– items to be manipulated (directories, files, etc.)
- Represents a piece of the system and state. Such as a package to be installed, service to be running, file to be generated, user to be managed, etc.
recipe– configuration files that describe resources and their desired state. the “work-horse” of chef
cookbook– hold recipes, templates, files, and custom resources.
organizations– enterprise chef independent tenants
environments– start with a single environment, can tag different life-stages and contain different data attributes.
roles– represent types of servers. roles define policies.
run list– list of chef configuration files that should be applied
nodes– represent the machines to be managed. can have 0+ roles. belong to one environment and one organization
* Runs on each node
* gathers current system config and
* pulls down policy from chef server and enforce the policy on node
High-level execution steps
How Chef brings a machine in-line with policy:
1. Chef client periodically polls chef server to determine what policies should be running
2. The chef server figures that out and provides the client with a
3. The chef-client looks at each recipe in the
run list and determines if it is in line with that policy.
- Download system package from chef install site
- Depending on your platform, you’ll probably utilize ‘rpm’ or ‘dpkg’ to install that
- Ensure that DNS is properly configured for the server, or fake it by editing the
sudo chef-server-ctl reconfigurewhich kicks off what essentially looks like a chef cookbook to build the chef server
- You’ll now have access to a chef web front-end on the server on standard web ports
- You can login with admin / p@ssw0rd1
Chef workstation Install
This is the computer(s) where you will manage the chef cookbooks and recipes. You should always be working from within your chef-repo (see further down).
Quick install method
This includes: * ruby * knife * chef-client * ohai
You can also utilize ruby’s gem installer with:
1 2 3 4
To set-up a propery formatted chef repo, start from https://github.com/opscode/chef-repo.git. You’ll need to pull down a template repository and then link your repository to our chef server.
1 2 3 4
Next, you’ll need to pull in the certificates from the server. Log back into the web interface. Click
Clients tab, then Chef-validator’s
edit, and regenerate the
Private key. Copy the private key text from that page into the
chef-validator.pem file we just created earlier. Do the same thing for the admin users, start with the
Users tab and then dump the admin user’s private key into the
admin.pem file we created earlier.
knife is one of the primary command-line tools for managing chef instances. In order to bootstrap our knife configuration, you’ll need to run the knife initial command:
1 2 3 4 5 6 7 8 9 10 11 12 13 14
You can commit the repository at this time if you want. Just be weary of ensuring that the *pem files do not get commited or you might want to exclude the entire
.chef directory altogether.
Test to make sure everything is working correctly by running –
knife user list
Chef client Install
We can bootstrap a chef client into our instance with help from knife!
The third argument is the fqdn of the node,
-P are the username/password, and
-N is the name we want to refer to our new client by.
After that is done we can confirm with
client list and we should see
chefclient as part of the list: