I know what you’re thinking right now. “Dude, I read the getting started on the Chef Docs page, and they said to install the ChefDK, in fact that’s all you need. What an IDIOT”
Calm down, that’s half right. Another thing Chef is, is many things to different people. Chef seems as though it was developed mainly with DevOps in mind and that’s not a bad thing. With that being said it’s initial purpose seems, as far as the ChefDK is concerned, is to be used to easily stand up and stand down a small gathering of servers in order to run an app. If that’s your only purpose the ChefDK might be all you need. But we’re not only managing a cluster of web front ends and a database here, we have a complete datacenter to tackle.
Before we get started let’s go over what the Chef Server is actually going to do for us:
- Holds our Cookbooks, Recipes, Runlists, Roles, Data Bags (What do these terms mean?? We’ll get to that)
- “Pushes” and runs our Recipes on our Nodes. (Aka applies a configuration and tells your node what to change)
How to Install
Step 1: Get a server
I’m going to install a standalone on-premise server. Here are the hardware/software requirements. For the sake of this article I’ll be using a server spun up in Amazon Web Services. (I know, they have a pre-made Chef server, but that would be cheating!). I’ve decided to go with CentOS 7, as my OS of choice.
Step 2: Download the install package
You can find the download page here: https://downloads.chef.io/chef-server
If you haven’t already, install wget
sudo yum install wget -y
Then download the Chef Server package
Step 3: Install
Run the install package
sudo rpm -Uvh chef-server-core-12.13.0-1.el7.x86_64.rpm
Once that’s done run the following to start all the services
sudo chef-server-ctl reconfigure
The reconfigure (or in this case the first configure) might take a minute, but once you see this:
Chef Server Reconfigured!
You’re good to go!
Step 4: Create an smb share
We’re going to need/want a share so when we make our user accounts so we’ll have a place to store the certificates that are going to be generated. These certs are going to be used by our ChefDK (authoring) workstations so they can communicate with the Chef server.
First install Samba
sudo yum install samba
Now add your user and set it’s password, I just used the default centos user.
sudo smbpasswd -a centos
You should see the below
Now modify the smb.conf file
sudo vi /etc/samba/smb.conf
copy and paste this at the bottom
[certs] path = /home/centos/certs available = yes valid users = centos read only = yes browsable = yes public = yes writable = no
Set the permissions needed on the ‘certs’ folder
chmod -R 0777 certs chcon -t samba_share_t certs
Now restart the samba service
sudo systemctl restart smb.service
You should now be able to access the share using \ipaddress. When prompted for credentials use the user and password you set above.
Step 5: Create users
These will be your ChefDK (ChefDK will be your authoring workstation, more on that later) users. Basically these will be the users who will create and maintain your Chef recipes, cookbooks, roles, etc. Each one is going to get a cert that they can use to communicate with the Chef Server.
I’m going to create myself a Chef user account
sudo chef-server-ctl user-create jasonhurst Jason Hurst firstname.lastname@example.org 'password' --filename /home/centos/certs/jasonhurst.pem
In case that’s confusing here’s the syntax for the command
chef-server-ctl user-create USER_NAME FIRST_NAME LAST_NAME EMAIL 'PASSWORD' --filename FILE_NAME