Professional Documents
Culture Documents
S
o far, we have learnt how to set up Chef Server and
configure it by running the Chef-server-ctl reconfigure
command. We have also learnt how to verify the server
configuration by running the test command. Now, the server console by executing the following commands:
is almost ready to be used, though theres still some work to
be done to get it started and communicating with agents. For # Chef-server-ctl install opscode-manage
this, we need to create an administrator user and organisation. # Chef-server-ctl reconfigure
The purpose of creating an administrator user is to control
the Chef environment (server and agent), and of creating an The command to configure and bring up the
organisation is to set up a profile for the Chef environment. management console is:
The syntax for a command to create an admin
user is as follows: # opscode-manage-ctl reconfigure
#Chef-server-ctl user-create<username><first name><last There are two more steps to complete the server installation
name><email><password>--filename<full path of pem file> --- and one of them is to install the push job service. This is called
here pem is the private key file created in the specified the opscode-push-jobs-server and it helps to push jobs or actions
folder. to the Chef agent machines. Once this is pushed, the agent
For example: will pick them up and run the job or action in the respective
# Chef-server-ctl user-create magesh magesh kasthuri magesh. machines. This is shown in Figure 2. In this screenshot, you will
kasthuri@wipro.com password --filename /root/.Chef/magesh.pem notice a service called opscode-reporting, which serves reporting
data to the management console to enable the user to visualise
Then, we can run org-create to create the profile for the operations from the server and agents.
the Chef environment or organisation. The syntax for the Installing opscode-reporting is the last step in setting up
command is as follows: Chef Server and can be done by using the following command:
ops
Client cod
Machine 1 Chef Agent e-pu
sh-j
obs
-serv
er
Recipe Chef Server
Figure 3: Installing the client VM
Client
Machine 2 Chef Agent
opscode-reporting
start-up of the Chef client. Ohai collects data attributes from authenticate Authenticate or register client
key created in Chef Server should be copied to all Chef clients Figure 6: Chef client start-up steps
so that two-way authentication (a handshake) happens between
server (public key) and client (private key) when there is any Now, when we bring up the Chef client, the following basic
communication between Chef Server and the client. steps (also shown in Figure 6) happen in the background during
To download the certificate key from the server to all connected client start-up. Please note that these are major steps in the client
Chef clients, we need to run the knife command as follows: start-up, though there are many smaller steps involved in between
these steps. This stage is explained in Figure 6.
#knife ssl fetch run_ohai: This is the first step when we start the Chef
client, where it loads the configuration data as listed earlier.
This will download the certificate key from the server to This is collected for each node of the Chef environment and
the client in the folder /.Chef/trusted_certs. To verify if key starts the Chef client.
authentication between client and server has been successful, we Authenticate/Register: This step is most important to bring
can run the knife command in the Chef client node as follows: up the Chef client into the secured environment of the Chef set-up.
If the authentication is successful through the two-way handshake
#knife ssl check (public/private key authentication), the client node is registered to
the Chef Server so that it is entered into the Chef environment and
Connecting to host magdesklinux.wipro.com:443 Successfully is available in the reporting UI of the Chef management console.
verified certificates from magdesklinux.wipro.com Load and run node: Here, the configuration is loaded, and
the client is authenticated and registered to the Chef Server
Preparing knife environment. The next step is to load the node and start the
We have prepared Chef Server (on a Linux guest OS) and the node machine.
Chef client (on a Linux client), so the next step is to prepare Synchronizecookbooks: This synchronises the cookbooks
the communication channel between server and client. This is from the Chef Server. The cookbooks are stored in the storage
done with the configuration of knife, which is the command of the Chef Server and loaded into the client machines through
in the Chef environment to upload cookbooks, create clients, the Knife tool (pushed to all client nodes).
clone configuration between clients, upload and edit roles, and After this, the set-up is finalised. This saves the node
much more. Knife can be prepared by running the command as state and finalises the client set-up. If any of these steps fail,
depicted in Figure 5. the Chef client moves to start-up run_failed state and stops
As described in Figure 5, you should place the private abnormally. We need to look into the log file to analyse the
key (pem file) in the /etc/Chef-server folder. Once this reason for the failure and fix it.
configuration is done, we can verify that the handshake of Now, run runs list to get the list of RUN_ID of the Chef
keys is happening and the client is configured properly by client which is successfully running. This is done by executing
executing the following command: the following command: