Before you can start using Chef, you will need to install it. Here you will find a guide to install Chef, and because Chef requires Ruby, some Ruby concepts as well. This chapter discusses the following:
Key terminology and concepts related to Chef
An overview of Chef's architecture
Working with Ruby gems
Installing chef-solo (a local-only engine to use Chef)
A brief example on using chef-solo
Installing the Chef server on your own host
Verifying your Chef installation
As with any other technology, Chef has its own terminology. As you will see, Chef's nomenclature is a mix of technological terms (nodes, workstations, servers, roles, and so on) and cooking terms (cookbooks, recipes, and so on). There are three primary actors that we are concerned with at this point: nodes, the Chef service, and workstations.
Node: A node is a client that applies roles and recipes, as described by the administrator in the Chef service (that is, a server in your environment that is being configured via Chef). These are the consumers of the configuration, the elements of your infrastructure. They can be physical or virtual machines and can run on Linux, Windows, or technically any other system that is capable of running Ruby (some systems may not be supported out of the box by Chef).
Chef service: The Chef service is a multicomponent system that combines several services to provide its functionality. The primary functional components are an API service, full-text searching via Solr, persistent storage using PostgreSQL, and RabbitMQ for interservice communication. Additionally, there is a web interface that provides a graphical tool to manage system data. Clients (nodes) use the API service to determine which roles and recipes to apply, and
knife
(a command-line tool) uses the API to allow an administrator to edit and manage their Chef configuration.Workstation: A workstation is a host that is used to issue commands. A workstation can be a separate host outside of your Chef service installation, a managed node, or the server that the Chef components are running on. There are a variety of command-line tools that are provided to interact with the service, which will be installed onto your workstation(s).
Recipe: A recipe is a script that describes a set of steps to take to achieve a specific goal. As an example, a recipe might describe how to deploy your custom software, provision a database, or add a host to a load balancer.
Cookbook: A cookbook is a collection of recipes that are used to collectively describe how to install, configure, and manage various aspects of your infrastructure. For example, a cookbook might describe how to provision MySQL, PostgreSQL or Apache, manage users, install printers, or perform any other system tasks.
For single user setups, chef-solo is a version of the chef-client that allows you to use Chef without requiring access to a server. Chef-solo runs locally and requires that a cookbook and any of its dependencies be present on the node being managed. As a result, chef-solo provides a limited subset of the full chef server mode of operation. Most of the features that chef-solo is missing revolve around search and centralized data management, which are not critical for managing virtual machines or a small collection of nodes. The installation and maintenance is simple, but the feature set is smaller.
Installing the Chef server will give you access to the full set of Chef functionality. This mode requires access to a Linux-based host that is network-accessible by the nodes and workstations that will interact with the system. Thanks to the recent effort from the folks at Chef (formerly Opscode), the process of installing Chef has been greatly simplified. The benefits of this installation model are that you get centralized management, search, user authentication, and such, but at the cost of managing your own service.
If you need the features of Chef but do not want to maintain your own server, hosted Chef is a great option for you. Hosted Chef (https://manage.opscode.com/signup) gives you all the features of a self-hosted Chef but without having to worry about upgrades, extra hardware, or system availability. For a small infrastructure (up to five hosts), hosted Chef is free and a great way to get started. Beyond this, plans have a monthly fee, and the price will vary according to the number of hosts you want to manage.
Chef-solo is designed for individuals who do not need a hosted installation for a large-scale infrastructure management. Typical use cases of chef-solo include developers managing virtual machines, test installations, or small-scale infrastructure management. The installation of chef-solo is as simple as installing a single Ruby gem.
For those who are not intimately familiar with Ruby, a Ruby gem is a mechanism to package, deliver, and manage Ruby code. These packages may be libraries that provide functionality for developers, or they may be composed only of scripts and tools. Chef-solo is, like many things in life, somewhere in the middle. The gem contains a set of libraries that make up the core functionality as well as a suite of scripts that are used by end users. Before you install Chef, you should consider installing Ruby Version Manager (RVM), rbenv, chruby, or another Ruby manager of your choice to keep your gem collections isolated.
A great tool to manage your gems is RVM. The simplest way to install RVM is to use the installation script provided by the development team on the RVM website (http://rvm.io). The following command will download the script and pipe it through bash
:
curl -sSL https://get.rvm.io | bash -s stable
Once it is installed, you will initially need to include RVM's functionality in your shell:
source ~/.rvm/scripts/rvm
Additionally, you might need to add the previous command line to your shell's startup scripts (such as ~/.bashrc
or ~/.zshrc
, depending on which shell you use). Once RVM is installed, you will want to install a recent version of Ruby, for example, Ruby 1.9.3:
rvm install 1.9.3
Once Ruby 1.9 is installed, you will want to create a gemset. A gemset is RVM's way of isolating gems inside a container, and it will provide you with a place to install gems in such a way that they will not conflict with other gems. This has the benefit of allowing you to install anything you want, without requiring administrative privileges and keeping gems from conflicting with each other. A gemset can be created using the following command:
rvm use 1.9.3@chef --create
The previous command will simultaneously create the gemset named chef
(if it does not exist) for your installation of Ruby 1.9.3 and then set it as the active gemset. Once you start using this new gemset, you will want to install the Chef gem—this contains chef-solo and all the command-line tools you need to work with Chef—using the gem
command-line tool:
gem install chef
Now that the Chef gem is installed, it is time to verify that everything is working fine. In order to use chef-solo, you need to give the following information to it:
What recipes to apply by providing a run list in a file named
node.json
What the recipes are—these are stored in cookbooks that are found in the
cookbooks
directoryHow to find the cookbooks and the run list via a file named
solo.rb
For simplicity, we will store all of these files inside of the chef
directory in your home directory. You are free to put things where you see fit as you become more comfortable working with Chef.
In order to exercise our new tool, we will do something simple: we'll write a recipe that will create an example.txt
file in your home directory. The recipe we create will be called create_file
, and we'll put that recipe inside a cookbook, which will be named demo
.
First, create the directory that will contain the demo
cookbook's recipes (and any in between):
user@host:~ $ mkdir -p ~/chef/cookbooks/demo/recipes
Next, add the following code to a file, create_file.rb
, located in the demo
cookbook directory you created at ~/chef/cookbooks/demo/recipes
:
file "#{ENV['HOME']}/example.txt" do action :create content "Greetings #{ENV['USER']}!" end
This tells Chef that we want to create a file, $HOME/example.txt
. Its contents should be Greetings $USER
, where $USER
will be replaced with the value of $USER
, typically the login name of whoever is executing the recipe.
Tip
For those unfamiliar, UNIX (and Windows as well) uses environment variables as a mechanism to exchange data between processes. Some environment variables are set when the user logs in to the system such as HOME, USER, and a variety of others. These variables are available in Ruby using the ENV hash, where the keys are the variable names. In a UNIX shell, these are accessed using the $
prefix. So, the user's home is referred to as $HOME
in the shell and ENV['HOME']
inside Ruby.
Now we will need to create a JSON document that describes what chef-solo should execute. JSON is an acronym for JavaScript Object Notation, and Chef uses JSON extensively because it is easy to parse, human readable, and easy to generate from all sorts of tools and languages. Create a file, node.json
, located in our work directory (~/chef/
in this case) and add the following content in order to tell Chef that we want to execute the newly created create_file
recipe in the demo
cookbook:
{ "run_list": [ "recipe[demo::create_file]" ] }
Here, we are defining the node as having a run list, which is just an array of things to do, and that the run list contains one recipe, create_file
, which it can find in the demo
cookbook (the general form of a recipe being cookbook::recipe).
Finally, we'll tell Chef where to find the files we just created using a solo.rb
file that we will store in our working directory (~/chef
in our case):
CHEF_ROOT="#{ENV['HOME']}/chef" file_cache_path "#{CHEF_ROOT}" cookbook_path "#{CHEF_ROOT}/cookbooks" json_attribs "#{CHEF_ROOT}/node.json"
Now that you have populated the required configuration files, you can run chef-solo and execute the run list specified. In our case, the run list is defined as only one recipe, create_file
, but can be as simple or as complex as needed. The previous configuration tells Chef to load the node configuration from the file node.json
to look for cookbooks in ~/chef/cookbooks/
and to store any state data in ~/chef/
. In order to execute these commands, you will want to run chef-solo:
chef-solo -c ~/chef/solo.rb
The -c
option tells chef-solo which script contains the configuration. Once you do this, you will see the actions that your recipe is performing:
Starting Chef Client, version 11.8.2 Compiling Cookbooks... Converging 1 resources Recipe: demo::create_file * file[/home/user/example.txt] action create - create new file /home/user/example.txt - update content in file /home/user/example.txt from none to b4a3cc --- /home/user/example.txt 2014-01-20 23:59:54.692819000 -0500 +++ /tmp/.example.txt20140122-13411-1vxtg7v 2014-01-20 23:59:54.692819000 -0500 @@ -1 +1,2 @@ +Greetings user! Chef Client finished, 1 resources updated
Once it is completed, you will see that ~/example.txt
contains the greeting that you defined in the recipe. Now that you have successfully used chef-solo, let's move on to the Chef service.
If your team needs to have centralized infrastructure management and does not want to use a hosted platform, then a self-installed Chef server is a perfect fit. This installation guide assumes that you will be running the Chef server on a supported Linux-based system.
The Chef service components can be installed on a single machine without any issue. Installing it on a single host will limit your ability to scale or be highly available, but will provide a very simple path to getting started with the Chef service.
Since the Chef service is designed to be a multiuser platform and provides functionalities that chef-solo does not offer, the installation is more complex and involves more software to achieve this functionality. Services such as Solr for full-text indexing and PostgreSQL for data storage can be a significant resource for consumers, so you will want to install Chef on a host with sufficient memory and disk space. A system with 2 GB of memory and 5-10 GB of disk space available will be plenty for a small to medium sized installation. You will need more resources as your requirements for data storage and indexing increase over time, so plan accordingly.
Additionally, for those who have installed the Chef server before, the installation path has been greatly simplified. In addition to replacing CouchDB with PostgreSQL as the primary data storage engine, there is now a single omnibus installation package for Chef that installs all of the requirements for Chef at a single location so that it operates in isolation and does not require dependencies to be installed separately.
In order to install the Chef service, you will need to have the following:
A system running a supported Linux variant (64 bit Ubuntu Linux 10.04 through 12.10 or 64 bit Red Hat Enterprise Linux 5 or 6)—this can be physical or virtual. If you do not have the local resources for this, AWS or RackSpace cloud servers are good options.
A network connection to the host in order to download the installer.
Administrative privileges (using
sudo
or directroot
access) on the host where you are installing the services.Enough free space on the host to perform the download and installation (minimum 500 MB, including the download, but 1 GB to 2 GB is preferred).
At the end of this section, you will have a fully functional Chef service installed and ready to work with. Before you get started, let's look at what you will be installing on your system so that you know what to expect. The components that make up a Chef service are as follows:
The Chef API service
Message queue (AMQP)
Data storage
Search service
Web-based management console
The Chef API service is responsible for delivering run lists and receiving information from nodes as well as providing a way for a system administrator to configure recipes, run lists, data bags, and the like. In order to generate this data, the API service relies on its persistent data storage engine, in this case PostgreSQL, to store its data. The option to search for data is provided by the Solr search engine, and RabbitMQ is responsible for gluing them all together. Together, these components provide Chef with the ability to distribute, store, index, and manage your infrastructure's configuration data.
The easiest way to install Chef is through a single downloadable package, which is provided for Ubuntu 10.04 through 12.10 and Red Hat Enterprise Linux Versions 5 and 6. This package, referred to as the omnibus installer, contains everything you need to get a server up and running. You can find it on http://www.getchef.com/chef/install/.
At the time of writing this, 11.0.10 is the latest version and is the one that will be used for this book. The newer version of the 11.x series of Chef should have a very similar, if not identical, configuration. Note that these installers are somewhat large, being that they contain all of the dependencies needed. For example, the Ubuntu 12.10 package for Chef 11.0.10 is approximately 200 MB in size.
Tip
Although these are the officially supported distributions and releases, it is entirely possible that these installers will work on different but compatible distributions. It may be possible, for example, to use CentOS instead of Red Hat Enterprise Linux or Debian instead of Ubuntu. However, these will most likely require some manual dependency resolutions and may not work without a lot of effort (and even then, possibly not at all).
Installation on all supported platforms is relatively similar. The only key differences are the names of the package files that you will download and the commands you will use to install Chef.
The high-level steps you will take are as follows:
Because steps 3 and 4 will be the same for both Ubuntu and Red Hat installation procedures, the instructions will be in a section following the Red Hat installation guide.
The following are instructions for an Ubuntu-based system; they were performed on an Ubuntu 12.04 host, but should be identical for all supported Ubuntu distributions. For Red Hat-based installation instructions, see the next section.
You can download the package by returning to the download page referenced previously (http://www.getchef.com/chef/install/), or you can download Version 11.0.10 directly from https://opscode-omnibus-packages.s3.amazonaws.com/ubuntu/12.04/x86_64/chef-server_11.0.10-1.ubuntu.12.04_amd64.deb.
In order to perform the installation, open a terminal on your Ubuntu host (either locally or connect via SSH) as a user who has administrative privileges. This can be done directly either as the root or any user who has permission to execute arbitrary commands via sudo
.
Once you log in to the host, navigate to where you want to store the package (remember it's quite large, approximately 200 MB) and download the file using curl
:
user@ubuntu:~ $ curl -O https://opscode-omnibus-packages.s3.amazonaws.com/ubuntu/12.04/x86_64/chef-server_11.0.10-1.ubuntu.12.04_amd64.deb
Once the file is downloaded, the dpkg
tool will be used to perform the package installation:
user@ubuntu:~ $ sudo dpkg -i chef-server_11.0.10-1.ubuntu.12.04_amd64.deb
Once this is finished, the Ubuntu-specific portion of the setup is complete, and you will need to configure Chef using the chef-server-ctl
command, which we will discuss in the Configuring Chef Server section, following the Installing on Red Hat Enterprise Linux section.
Installation on a Red Hat Enterprise Linux distribution is as straightforward as installing any other package. You download the package to the local disk and install it using RPM tools.
You can download the latest version of the package by returning to the download page referenced previously (http://www.getchef.com/chef/install/), or you can download Version 11.0.10 directly from https://opscode-omnibus-packages.s3.amazonaws.com/el/6/x86_64/chef-server-11.0.10-1.el6.x86_64.rpm.
In order to perform the installation, open a terminal on your Red Hat host (either locally or connect via SSH) as a user who has administrative privileges. This can be done directly either as the root or any user who has permission to execute arbitrary commands via sudo
.
Once you log in to the host, navigate to where you want to store the package (remember it's quite large, approximately 200 MB) and download the file using curl
:
user@rhel:~ $ curl -O https://opscode-omnibus-packages.s3.amazonaws.com/el/6/x86_64/chef-server-11.0.10-1.el6.x86_64.rpm
How long this takes will vary according to the available bandwidth but should take somewhere between 5 and 20 minutes on a reasonably fast connection.
Once the file is downloaded, the rpm
tool will be used to perform the package installation:
user@rhel:~ $ sudo rpm -ivh chef-server-11.0.10-1.el6.x86_64.rpm
Once this is finished, the Red Hat-specific portion of the setup is complete, and you will need to configure Chef using the chef-server-ctl
command, which we will discuss in the following section.
Historically, installing Chef requires manual editing of configuration files, choosing RabbitMQ credentials, installing CouchDB, and a handful of other tasks. Now, with the omnibus installer, all of this is taken care of for you. If you have been following along, your system has the Chef server and all of its dependencies installed on the system in the /opt/chef-server
directory.
Included with the installation of the package is a shell script, chef-server-ctl
(located at /opt/chef-server/bin
), which is responsible for configuring your newly installed Chef server. In order to configure your services, you will need to run it as root
because the scripts will need to modify your system in ways that your regular account may not be able to. Initializing the configuration tool is as simple as issuing the following command:
sudo chef-server-ctl reconfigure
Running this script may take a few minutes, and it will produce a lot of output while it is doing its work. While it is running, let's take a few minutes to discuss how it works and what it is doing.
Earlier in this chapter, you were briefly introduced to the chef-solo
tool. You saw how it can be used to manage your local server using on-disk recipes and configuration data. The Chef team has leveraged this ability to do just that with the Chef server using chef-solo
to bootstrap the server configuration. If you were to look at the code for the /opt/chef-server/bin/chef-server-ctl
script, you would see that the last line in the script executes the following command:
/opt/chef-server/embedded/bin/omnibus-ctl chef-server /opt/chef-server/embedded/service/omnibus-ctl $@
If you follow the trail and dig into the omnibus-ctl
script, you will find that it is just a wrapper around the omnibus-ctl
Ruby gem. Digging into the omnibus-ctl
gem, you will see that in the end, the reconfigure
command you pass on the command line is a Ruby method that makes the following call:
run_command("chef-solo -c #{base_path}/embedded/cookbooks/solo.rb -j #{base_path}/embedded/cookbooks/dna.json")
This tells us that the Chef omnibus package uses chef-solo
to configure itself—a pretty clever trick indeed! You can see just how powerful a tool chef-solo
can be, being able to configure and reconfigure the Chef service.
What you will probably notice right away is that a lot of text is being scrolled past in your terminal window. If you were to look at the contents, you would see that it shows you the actions that are being taken by chef-solo
to provision your new services. As there is a lot of information going past (thousands of lines), here is a high-level overview of what is happening on your host:
A new user,
chef_server
, and its corresponding group are being provisioned.Chef services are being set up, and startup scripts for upstart are being placed in the appropriate system directories. The Run scripts for Chef services are located at
/opt/chef-server/sv
.Chef state directories are being created in
/var including /var/opt/chef-server
and/var/log/chef-server
.RabbitMQ is being configured to store data in
/var/opt/chef-server
and log the output to/var/log/chef-server
as well as its startup scripts in/opt/chef-server/sv/rabbitmq/run
.PostgreSQL is being configured with its data in
/var/opt/chef-server/postgresql/data
along with a user,opscode-pgsql
, to run the service. Some system-level changes to share memory sizes are being set viasysctl
to make PostgreSQL work as well as persisted insystctl.conf
.Solr is being set up to work with the configuration and data rooted in
/var/opt/chef-server/chef-solr/
, with the run script being placed in/opt/chef-server/sv/chef-solr/run
.Chef-expander (the data-indexing service) is being configured for
/var/opt/chef-server/chef-expander
as its working directory with Solr and RabbitMQ endpoints on the localhost. The run script is located at/opt/chef-server/sv/chef-expander/run
.The Chef bookshelf metadata service is readied in
/var/opt/chef-server/bookshelf/
with its run script at/opt/chef-server/sv/bookshelf/run
.Erchef, the Erlang Chef service, is installed and pointed at the local Solr, RabbitMQ, bookshelf, and PostgreSQL services.
The system is then bootstrapped using the bootstrap recipe. This recipe verifies that the system is running (by checking that the
http://localhost:8000/
_status returns an HTTP 200 response) and installs the SSL certificate for the web-based UI in/etc/chef-server/chef-webui.pem
.The web-based UI configuration files are generated and placed in
/var/opt/chef-server/chef-server-webui/
.A copy of
nginx
to host the web UI is placed in/var/opt/chef-server/nginx
, and the initial self-signed SSL certificates as well as the static assets are installed in/var/opt/chef-server/nginx/html
.The Chef API testing framework,
chef-pedant
, is installed.Finally,
/etc/chef-server/chef-server-running.json
is generated with the current configuration settings for your Chef services.
Clearly, there is a lot happening here; if you have any outstanding concerns about what is being done, be sure to read through the output. One of the great things about Chef is that the recipes are just a set of scripts that you can open and view the contents of, and the output shows you what is happening during the execution. Everything it does is transparent and manageable by you.
Once the configuration of your services is complete, you will want to validate that the required services are running. Again, the chef-server-ctl
script will be used, but we will invoke the status
subcommand instead of the reconfigure
subcommand, as shown in the following code:
user@host:~ $ sudo chef-server-ctl status run: bookshelf: (pid 3901) 3123s; run: log: (pid 3900) 3123s run: chef-expander: (pid 3861) 3129s; run: log: (pid 3860) 3129s run: chef-server-webui: (pid 4053) 3095s; run: log: (pid 4052) 3095s run: chef-solr: (pid 3819) 3135s; run: log: (pid 3818) 3135s run: erchef: (pid 4230) 3062s; run: log: (pid 3937) 3117s run: nginx: (pid 4214) 3064s; run: log: (pid 4213) 3064s run: postgresql: (pid 3729) 3146s; run: log: (pid 3728) 3146s run: rabbitmq: (pid 3423) 3172s; run: log: (pid 3422) 3172s
The status
subcommand will show you the process ID of each component, how long it has been running for, the PID of the logging process associated with that service, and how long the logging service has been running. For example, we can see that chef-server-webui
has a PID of 4053 and has been running for close to an hour, and the logger has a PID of 4052, having been running for just as long as the service.
As you can see, the installation of Chef yields a number of components that will need to be up and running in order to successfully use Chef. You should have the following components running and listening on the following network ports:
Component |
What to look for in the process list |
Port(s) |
Public? |
---|---|---|---|
Chef API server |
|
80, 443 |
Yes |
Web management console |
|
80, 443 |
Yes |
Data indexer |
|
N/A |
N/A |
Solr |
|
8,983 |
No |
PostgreSQL |
|
5,432 |
No |
RabbitMQ |
|
5,672 |
No |
Public components need to be made available to any clients, nodes, or end users that expect to use the Chef service over the network. Configuring your infrastructure to ensure that your services are available via the network is outside of the scope of this book as there are a near-infinite number of possible network configurations.
At a higher level, make sure that any firewall devices or packet-filtering systems are not preventing traffic from reaching these services if you see that they are running, but are having difficulties in connecting to them. If any of these services are not running, you will need to consult the logfiles generated by the service to determine what might be preventing them from starting up.
In order to work with Chef, you will need a way to interact with it. Fortunately, Chef provides a suite of command-line utilities, which we will discuss at length as the book progresses. There is one primary tool, knife
, that allows an administrator to interact with the service in the command line. The knife
tool is run from a workstation and provides many commands to view, search, and modify data maintained by the Chef service. Once you have installed and verified that all the services are running, we can move on to setting up knife.
Tip
You will see that the standard place to store your Chef configuration data is in $HOME/.chef
(on a UNIX-like system.) This is not mandatory, and these files can be stored anywhere you like.
The knife
tool communicates with the Chef server via HTTP and uses certificates for authentication between the workstation and the server. In order to get started with knife
, we will need to do two things: gain access to the certificates that were generated during the installation of Chef and then use those credentials to set up a new user in the system.
In the following examples, we will be using the host that the Chef services were installed on as our workstation (where we will use knife
). If you want to use a different host, you will need to get the required certificate (.pem
) files to your local machine using scp
or some other mechanism. By using the following commands, we can get the required authentication materials into our work directory:
mkdir $HOME/.chef sudo cp /etc/chef-server/admin.pem $HOME/.chef sudo cp /etc/chef-server/chef-validator.pem $HOME/.chef sudo cp /etc/chef-server/chef-webui.pem $HOME/.chef sudo chown –R $UID $HOME/.chef
Tip
Chef uses a signed header authentication for requests to the API, which means there must be a shared key that is present on both the client and the server. Chef-server will generate the chef-validator.pem
file when it is configured. New nodes or clients use the chef-validator.pem
file to sign the requests used to register themselves with the system.
Once you have these files copied into your Chef work directory, it is time to configure knife
itself. Fortunately, knife
has an interactive configuration mode that will walk you through the process of generating a configuration file. First, ensure that you are using your Chef gemset (if you are using RVM as we discussed earlier) and then run knife
on your workstation (again, in this example, we are using our Chef service host for both purposes):
user@chef:~$ rvm use 1.9.3@chef user@chef:~$ knife configure -i
When you run knife
with the -i
flag, you will be prompted by the following questions, which you can answer with the defaults for almost everything (non-default answers are in bold):
WARNING: No knife configuration file found Where should I put the config file? [/home/user/.chef/knife.rb] Please enter the chef server URL: [https://localhost:443] Please enter a name for the new user: [user] Please enter the existing admin name: [admin] Please enter the location of the existing admin's private key: [/etc/chef-server/admin.pem] ~/.chef/admin.pem Please enter the validation clientname: [chef-validator] Please enter the location of the validation key: [/etc/chef-server/chef-validator.pem] ~/.chef/chef-validator.pem Please enter the path to a chef repository (or leave blank): Creating initial API user... Please enter a password for the new user: Created user[user] Configuration file written to /home/user/.chef/knife.rb user@chef:~$
As mentioned earlier, this does two things:
First, it uses the validation key and client name specified at the prompts to contact the API service and register a new client (user) with the service
Secondly, it generates a configuration file for
knife
that has the settings needed to connect to the service from now on
Since Chef and its components are written in Ruby, the resulting configuration file is a Ruby script, which contains some code that configures knife
so that it knows what API server to connect to, which key files to use, what client name to use, and so on.
An inspection of the configuration file that was generated by the previous command will look like the following:
log_level :info log_location STDOUT node_name 'user' client_key '/home/user/.chef/user.pem' validation_client_name 'chef-validator' validation_key '/home/user/.chef/chef-validator.pem' chef_server_url 'https://localhost:443' syntax_check_cache_path '/home/user/.chef/syntax_check_cache'
Because we are using the service host as our workstation, the Chef server URL points to the localhost. If your workstation were to be a different system such as your laptop, then this URL would be the IP or hostname of the host running the Chef service.
After setting up knife
, we can use it to validate that it was configured correctly by querying the Chef server using some simple commands. The knife
commands follow the format knife <command> <subcommand>
, where command
is either a client, configuration, cookbook, cookbook site, data bag, environment, exec, help, index, node, recipe, role, search, ssh, status, or tag. Subcommands will vary with the command, but they typically include things such as show, create, list, and delete (among others).
As there will initially be no nodes, cookbooks, recipes, roles, data bags, and such, we will query the list of clients that the server knows about. This should be a list of two clients: chef-webui
(as it is a consumer of the API itself) and chef-validator
(without it, it wouldn't be possible to register a new client).
The client
command, with the list
subcommand, prints a list of clients that the server knows about. At this point, running the command would look like this:
user@chef:~$ knife client list chef-validator chef-webui user@chef:~$
Tip
If you do not get the previous output, but get an error instead, you will need to go back and make sure that all the previous steps are completed and verified.
Once you know that it works, you can use knife
to interact with the API. Unfortunately, we do not have much data in the system just yet, but we can use the show
subcommand in conjunction with the client
command and a client name to display more detailed information about a client:
user@chef:~$ knife client show chef-webui admin: true chef_type: client json_class: Chef::ApiClient name: chef-webui public_key: -----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAos5cQ1NxP7zKf1zRM33g YeVyHNOO5NcICjSIvqQ5A37wwLfgtPLJQqboW7ZcNL3xYcKOlfYSEK7xha3ss8tT A+XMifaFp3JsdheyPeIJir2bc9iltUUcbpw9PJ2aQKTBlFNx23A7ag+zBfxcDjbY 7RkdcziwB74ynd6e/K8c0JTRnA5NxoHkFc6v8a/itwujGwugWJXDQunWfCmAvjws JgDOUu2aHOCVIVkc8it51Sc7Anx0YnCjNmdhz1xIo0MOVNOEmC9ypP0Z7mVv1C69 WWBOEvS9zimjXo4rxBwFmWkPEIG6yPQjhuNmFd69K14vZQtAsH07AZFRSS7HLWnZ WQIDAQAB -----END PUBLIC KEY----- validator: false user@chef:~$
Congratulations! If you have gotten this far, you now have a fully functional Chef service and a copy of the command-line utilities, including chef-solo. You now have covered the following:
Using RVM
Installing chef-solo
Creating a simple recipe
Running recipes with chef-solo
Installing the Chef service
Getting started with the
knife
utilityVerifying that your Chef service is operating correctly
Now that you are able to use your Chef service, we can begin to investigate how to model our environment with Chef and see what it can do for us.