We now have to configure the knife command. This command is the central way of communicating with our server and the nodes that we will be configuring. We need to tell it how to authenticate and then generate a user to access the Chef server.

Luckily, we've been laying the groundwork for this step by acquiring the appropriate credential files. We can start the configuration by typing:

knife configure --initial

This will ask you a series of questions. We will go through them one by one:

WARNING: No knife configuration file found
Where should I put the config file? [/home/your_user/.chef/knife.rb]

The values in the brackets ([]) are the default values that knife will use if we do not select a value.

We want to place our knife configuration file in the hidden directory we have been using:

/home/your_user/chef-repo/.chef/knife.rb

In the next question, type in the domain name or IP address you use to access the Chef server. This should begin with https:// and end with :443:

https://server_domain_or_IP:443

You will be asked for a name for the new user you will be creating. Choose something descriptive:

Please enter a name for the new user: [root] station1

It will then ask you for the admin name. This you can just press enter on to accept the default value (we didn't change the admin name).

It will then ask you for the location of the existing administrators key. This should be:

/home/your_user/chef-repo/.chef/admin.pem

It will ask a similar set of questions about the validator. We haven't changed the validator's name either, so we can keep that as chef-validator. Press enter to accept this value.

It will then ask you for the location of the validation key. It should be something like this:

/home/your_user/chef-repo/.chef/chef-validator.pem

Next, it will ask for the path to the repository. This is the chef-repo folder we have been operating in:

/home/your_user/chef-repo

Finally, it will ask you to select a password for your new user. Select anything you would like.

This should complete our knife configuration. If we look in our chef-repo/.chef directory, we should see a knife configuration file and the credentials of our new user:

ls ~/chef-repo/.chef
admin.pem  chef-validator.pem  knife.rb  station1.pem

Chef solo

Install chef
============
> curl -L https://www.opscode.com/chef/install.sh | bash
 
Check
=====
> chef-solo -v
 
Setup chef repository
=====================
> wget http://github.com/opscode/chef-repo/tarball/master
 
> tar zxvf master
 
> mv opscode-chef-repo-f9d4b0c/ chef-repo
 
>ls chef-repo/
 
Create .chef directory inside chef-repo
=======================================
> mkdir chef-repo/.chef
 
Setup a local cookbook path
===========================
 
> vi chef-repo/.chef/knife.rb
cookbook_path [ '/root/chef-repo/cookbooks' ]
 
Create your first cookbook
==========================
 
> knife cookbook create ntp
 
Writing your first recipe
=========================
> vi chef-repo/cookbooks/ntp/recipes/default.rb
 
package 'ntp'
 
Now configure your server using chef-solo
=========================================
> vi chef-repo/solo.rb
 
file_cache_path "/root/chef-solo"
cookbook_path "/root/chef-repo/cookbooks"
 
> vi web.json
 
{
"run_list": [ "recipe[ntp]" ]
}
 
Ensure ntp is not installed
===========================
> yum remove -y ntp
 
Use chef-solo to configure your server
=====================================
 
> chef-solo -c chef-repo/solo.rb -j chef-repo/web.json
 
Confirm ntp is installed
========================
> yum info ntp
 

Provision a AWS ec2 vm using chef

Step 1: Install chefdk

Step 2: Setup AWS Credentails

Step X: Setup your knife config

Step X: Make sure following is set and exported in env.

AWS_ACCESS_KEY_ID=secrets
AWS_SECRET_ACCESS_KEY=secrets
AWS_DEFAULT_REGION=us-east-1
AWS_SSH_KEY=your_ssh_key_name
AWS_ACCESS_KEY=secrets
AWS_SECRET_KEY=secrets

Step 3: Genrate a new repository using the chef generate command

> chef generate repo chefdk-provision-demo
> cd chefdk-provision-demo

Step 4: Generate a provision cookbook. This is the required name, and it must be in the current directory.
> chef generate cookbook provision

Step 5: Edit the default recipe, $EDITOR provision/recipes/default.rb with following code...

context = ChefDK::ProvisioningData.context
with_driver 'aws::us-west-2'
options = {
ssh_username: 'admin',
use_private_ip_for_ssh: false,
bootstrap_options: {
key_name: 'jtimberman',
image_id: 'ami-0d5b6c3d',
instance_type: 'm3.medium',
},
convergence_options: context.convergence_options,
}
machine context.node_name do
machine_options options
action context.action
converge true
end

Understand the code:
> To break this down, first we get the ChefDK provisioning context that will pass in options to chef-provisioning.
> Then we tell chef-provisioning to use the AWS driver, and in the us-west-2 region.
> The options hash is used to setup the instance.
> We’re using Debian 8, which uses the admin user to log in, an SSH key that exists in the AWS region, the actual AMI, and finally the instance type.
> Then, we’re going to set the convergence options automatically from ChefDK. This is the important part that will ensure the node has the right run list.

Step 6: Generate a Policyfile.rb and And edit its content, $EDITOR Policyfile.rb.
> chef generate policyfile
> vi policyfile.rb

name            "chefdk-provision-demo"
default_source  :community
run_list        "recipe[libuuid-user]"
cookbook        "libuuid-user"

Here we’re simply getting the libuuid-user cookbook from Supermarket and applying the default recipe to the nodes that have this policy.

Step 7: The next step is to install the Policyfile. This generates the Policyfile.lock.json, and downloads the cookbooks to the cache, ~/.chefdk/cache/cookbooks. If this isn’t run, chef will complain, with a reminder to run it.

> chef install

Step 8: Finally, we can provision a testing system with this policy:

> chef provision testing --sync -n debian-libuuid

Reference:
http://jtimberman.housepub.org/blog/2015/05/15/quick-tip-chefdk-provision/

Page 1 of 5

What corporate management say about us?

Rajesh touched a lot of Devops topics and resolved a lots of related queries and doubts. The mentoring method is really smooth and helpful.

Sohit Malik
I'm a Software Engineer, Noida
Sep 02, 2016

Authors

Login