Install Chef workstation on Linux

Install Chef workstation on Linux
GuideChef is an IT infrastructure automation software that manages all servers and network devices in your organization. When we want to interact with the infrastructure of Chef servers and any physical nodes (servers, network devices, etc.), we need a Chef workstation. This tutorial explains how to install and configure the Chef workstation on a Linux server.

Download ChefDK

ChefDK is short for Chef Development Kit. It is used on almost all platforms, including Debian-based releases, Ubuntu, RedHat, CentOS, Mac OS X, and Windows. The current stable ChefDK version is 0.11.2. For RHEL-based systems, it can be used for versions 6 and 7 (such as CentOS 6 and CentOS 7), and the RPM version is only 64-bit.

Run the following command to download ChefDK
On CentOS 7

cd ~wget https://packages.chef.io/stable/el/7/chefdk-0.11.2-1.el7.x86_64.rpm

On CentOS 6

cd ~wget https://packages.chef.io/stable/el/6/chefdk-0.11.2-1.el6.x86_64.rpm

Install ChefDK

Use RPM to install the downloaded ChefDK

# rpm -ivh chefdk-0.11.2-1.el7.x86_64.rpm Preparing...                          ################################# [100%]Updating / installing...   1:chefdk-0.11.2-1.el7              ################################# [100%]Thank you for installing Chef Development Kit!

ChefDK is installed in the/opt/chefdk directory by default, as shown below:

# ls -l /opt/chefdk/drwxr-xr-x. 2 root root  4096 Mar  3 13:50 bindrwxr-xr-x. 7 root root    62 Mar  3 13:50 embedded-rw-r--r--. 1 root root 13249 Feb 22 14:26 version-manifest.json-rw-r--r--. 1 root root  8233 Feb 22 14:26 version-manifest.txt

Verify ChefDK Installation

Run chef verify to verify all the different components from ChefDK and make sure they are working properly and there is no problem

# chef verifyRunning verification for component 'berkshelf'Running verification for component 'test-kitchen'Running verification for component 'tk-policyfile-provisioner'Running verification for component 'chef-client'Running verification for component 'chef-dk'Running verification for component 'chef-provisioning'Running verification for component 'chefspec'Running verification for component 'generated-cookbooks-pass-chefspec'Running verification for component 'rubocop'Running verification for component 'fauxhai'Running verification for component 'knife-spork'Running verification for component 'kitchen-vagrant'Running verification for component 'package installation'Running verification for component 'openssl'Running verification for component 'inspec'.......---------------------------------------------Verification of component 'test-kitchen' succeeded.Verification of component 'chef-dk' succeeded.Verification of component 'chefspec' succeeded.Verification of component 'rubocop' succeeded.Verification of component 'knife-spork' succeeded.Verification of component 'openssl' succeeded.Verification of component 'berkshelf' succeeded.Verification of component 'chef-client' succeeded.Verification of component 'fauxhai' succeeded.Verification of component 'inspec' succeeded.Verification of component 'tk-policyfile-provisioner' succeeded.Verification of component 'kitchen-vagrant' succeeded.Verification of component 'chef-provisioning' succeeded.Verification of component 'package installation' succeeded.Verification of component 'generated-cookbooks-pass-chefspec' succeeded.

The following are examples of chef verify failure. Note: Ruby is required in Chef and is embedded in ChefDK.

# chef verify../opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/mixlib-shellout-2.2.6/lib/mixlib/shellout.rb:289:in `invalid!': Expected process to exit with [0], but received '1' (Mixlib::ShellOut::ShellCommandFailed)---- Begin output of /usr/bin/ohai -v ----STDOUT: STDERR: /opt/chefdk/embedded/lib/ruby/site_ruby/2.1.0/rubygems/dependency.rb:319:in `to_specs': Could not find 'chef-config' (= 12.8.0) - did find: [chef-config-12.7.2] (Gem::LoadError)

The preceding error message shows "cocould not find 'chef-config' (= 12.8.0)-did find: [chef-config-12.7.2] (Gem: LoadError )", in the installed ChefDK, the chef-config version is earlier than 12.7.2. After you manually install chef-confg 12.8.0, Run chef verify. The verification is successful.

Verify the ChefDK version

Run the chef-version command to display the ChefDK version number and all accompanying components.

# chef --versionChef Development Kit Version: 0.11.2chef-client version: 12.7.2berks version: 4.2.0kitchen version: 1.5.0

Set Chef Environment Variables

Set environment variables related to Chef, such as GEM_ROOT GEM_HOME GEM_PATH.

export GEM_ROOT="/opt/chefdk/embedded/lib/ruby/gems/2.1.0"export GEM_HOME="/root/.chefdk/gem/ruby/2.1.0"export GEM_PATH="/root/.chefdk/gem/ruby/2.1.0:/opt/chefdk/embedded/lib/ruby/gems/2.1.0"

In addition, if ruby has been installed on your system, you need to update the PATH variable related to ruby, as shown below:

export PATH="/opt/chefdk/bin:/root/.chefdk/gem/ruby/2.1.0/bin:/opt/chefdk/embedded/bin:/opt/chefdk/bin:/root/.chefdk/gem/ruby/2.1.0/bin:/opt/chefdk/embedded/bin:/opt/chefdk/bin:/root/.chefdk/gem/ruby/2.1.0/bin:/opt/chefdk/embedded/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin"

Displays the environment variables set by Chef.

chef shell-init bash

To quickly set these environment variables, you can add them to the bash_profile file, as shown below.

echo 'eval "$(chef shell-init bash)"' >> ~/.bash_profile

Access Chef's Firewalld rules

To access the Chef Manage GUI on the Chef server, add the following firewalld rules to open the corresponding ports on the Chef server.

firewall-cmd --direct  --add-rule ipv4 \filter INPUT_direct 0 -i eth0 -p tcp \ --dport 443 -j ACCEPTfirewall-cmd --direct  --add-rule ipv4 \filter INPUT_direct 0 -i eth0 -p tcp \ --dport 80 -j ACCEPTfirewall-cmd --direct  --add-rule ipv4 \filter INPUT_direct 0 -i eth0 -p tcp \ --dport 9683 -j ACCEPTfirewall-cmd --reload

Download Starter Kit from Chef Manage GUI

Log on to the Chef Manage GUI, click the "Administration" option, and select "organization" from the list ". In this example, "organization" is "example". After selecting "organization", click "Starter Kit" in the left-side menu ".

The hosts file is downloaded to the local machine.

Decompress Starter Kit

Transfer the chef-starter.zip file to the Chef workstation and decompress it to the root home directory.

# cd ~# unzip chef-starter.zip Archive:  chef-starter.zip   creating: chef-repo/cookbooks/   creating: chef-repo/cookbooks/starter/   creating: chef-repo/cookbooks/starter/templates/   creating: chef-repo/cookbooks/starter/templates/default/  inflating: chef-repo/cookbooks/starter/templates/default/sample.erb     creating: chef-repo/cookbooks/starter/files/   creating: chef-repo/cookbooks/starter/files/default/  inflating: chef-repo/cookbooks/starter/files/default/sample.txt     creating: chef-repo/cookbooks/starter/recipes/  inflating: chef-repo/cookbooks/starter/recipes/default.rb     creating: chef-repo/cookbooks/starter/attributes/  inflating: chef-repo/cookbooks/starter/attributes/default.rb    inflating: chef-repo/cookbooks/starter/metadata.rb    inflating: chef-repo/cookbooks/chefignore    inflating: chef-repo/README.md       inflating: chef-repo/.gitignore       creating: chef-repo/.chef/   creating: chef-repo/roles/  inflating: chef-repo/.chef/knife.rb    inflating: chef-repo/roles/starter.rb    inflating: chef-repo/.chef/ramesh.pem    inflating: chef-repo/.chef/example-validator.pem

If you have manually created the chef-repo folder, you need to manually create the subdirectory and copy the knife folder. rb file, organization-validator.pem file (e.g.: example-validator.pem), username. pem file (such as ramesh. pem) to the directory shown above.

SSL Certificate of the Chef Server

If you execute the knife client list at this stage, the following error message is displayed:

# cd ~/chef-repo# knife client listERROR: SSL Validation failure connecting to host: centos.example.com - SSL_connect returned=1 errno=0 state=error: certificate verify failedERROR: Could not establish a secure connection to the server.Use `knife ssl check` to troubleshoot your SSL configuration.If your Chef Server uses a self-signed certificate, you can use`knife ssl fetch` to make knife trust the server's certificates.Original Exception: OpenSSL::SSL::SSLError: SSL Error connecting to https://centos.example.com/organizations/example/clients - SSL_connect returned=1 errno=0 state=error: certificate verify failed

Certificate verification failed because we did not download the SSL certificate from the Chef server. In this case, run the following "knife ssl fetch ".

# cd ~/chef-repo# knife ssl fetchWARNING: Certificates from centos.example.com will be fetched and placed in your trusted_certdirectory (/root/chef-repo/.chef/trusted_certs).Knife has no means to verify these are the correct certificates. You shouldverify the authenticity of these certificates after downloading.

The certificate will be downloaded to the following truster_certs directory

# ls -l /root/chef-repo/.chef/trusted_certs-rw-r--r--. 1 root root 1379 Mar 20 20:17 centos_example_com.crt# cat /root/chef-repo/.chef/trusted_certs/centos_example_com.crt -----BEGIN CERTIFICATE-----MIIDzDCCArSgAwIBAgIBADANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJVUzEQMA4GA1UECgwHWW91Q29ycDETMBEGA1UECwwKT3BlcmF0aW9uczEbMBkGA1UEAwwSZXJhdGlvbnMxGzAZBgNVBAMMEmNlbnRvcy5leGFtcGxlLmNvbTCCASIwDQYJKoZI....WLyr2ORLMcck/OGsubabO/koMNTqhl2JJPECNiDJh06MeZ/2+BOwGZSpXDbw+vFENJAsLfsTzihGWZ58einMFA==-----END CERTIFICATE-----

Final confirmation of Chef Workstation

If the Chef workstation works normally, when you execute the "knife client list", it will display all clients connected to the workstation. Since we just installed it, we can only see the organization we just created)

# cd ~/chef-repo# knife client listexample-validator

If five servers have been connected to your existing Chef workstation machine, you will see the following information:

# knife client listexample-validatornode1node2node3node4node5

Original article: http://www.thegeekstuff.com/author: Ramesh Natarajan

Translator: Ye Zi

Address: http://www.linuxprobe.com/chef-workstation-install-linux.html