Chef installation & Configuration

 

It’s the first post of, i hope, a very long series about Chef.

Chef is a powerful tool which brings all you need in order to automate the configuration of all your systems. At first it was developed for Linux platforms, but you can also automate the management of your Windows systems. It’s a client-server software written in Ruby, a very popular language. Ruby, is cross-platform so the support for Windows-based systems is a straightforward, since 2011 it’s possible with the knife-windows gem.

I know what, you said: What the hell he’s blogging about these stuff! Because, it’s easy: Because you can create DSC recipes and apply them to Windows Hosts!

 

Overview of Chef concepts

Like any technology, Chef has its own terms. Let me explain them to you.

  • Bootstrap: This is the process of configuration a node with a Chef client.
  • Recipe: Written in Ruby, a recipe provide lines to achieve a task: Install a package, Start a service, etc.
  • Cookbook: This is a bunch of recipes. Typically, a cookbook is created to achieve the full installation, configuration of a task (i.e.: Install & Configure IIS)
  • Role: A role is a structure which will permit to build a full architecture (i.e.: an Active Directory, a PKI server, a file server and a MSSQL Node). A role is associated to a node by the Chef administrator
  • Run list: This list is composed of recipes applied in a wanted order.

Chef infrastructure is built of 3 “Keys”:

  • Chef Service: It stores the recipes and configuration
  • Workstation: This is where knife is installed and the administrator work from here. In this tutorial, we won’t do that, but you should 🙂
  • Node(s): The nodes managed by Chef. It can be servers, routers, desktop, etc…

Chef Service can use http(s) to interact with Chef-client. It use a Ruby script to do that, it download the run list configured for the node with cookbooks and data to the Chef-client which will execute everything in the correct order.

 

Chef Service installation

First of all, we need a Chef Service in our lab.

In order to do this I choose an Ubuntu 12.04 server (I use one in Azure, remember Microsoft Loves Linux! :)). You should be able to do this alone, so I won’t talk about it. But now we need few yummy things. The first is to install Ruby 2.0.0 on our server. I’ve faced many issue, and finally achieve this goal with the few lines below.

sudo apt-get -y install zlib1g-dev openssl libopenssl-ruby1.9.1 libssl-dev libruby1.9.1 libreadline-dev git-core build-essential zlib1g-dev libssl-dev libreadline6-dev libyaml-dev
cd /tmp
wget http://cache.ruby-lang.org/pub/ruby/2.0/ruby-2.0.0-p481.tar.gz
tar -xvzf ruby-2.0.0-p481.tar.gz
cd ruby-2.0.0-p481/
./configure --prefix=/usr/local
make
sudo make install

Yes, you have compiled and installed Ruby from sources!

Now we can start the installation!

wget https://opscode-omnibus-packages.s3.amazonaws.com/ubuntu/12.04/x86_64/chef-server_11.0.10-1.ubuntu.12.04_amd64.deb
sudo dpkg -i chef-server_11.0.10-1.ubuntu.12.04_amd64.deb
sudo chef-server-ctl reconfigure
iptables -I INPUT 1 -p tcp -m tcp --dport 80 -j ACCEPT
iptables -I INPUT 1 -p tcp -m tcp --dport 443 -j ACCEPT

Ok now the Cher service is installed, but as i said previously, we will install as well the knife tools on the server, remember this is a lab. Not something to use in production… So, let’s install the chef gem. A gem is a rucky packaged application/script which use RubyGems to be installed.

sudo gem install chef

Chef cookbooks are hosted on github, so let’s install git on our system, clone the chef-repo and configure knife for the first use. What is knife ? “knife is a command-line tool that provides an interface between a local chef-repo and the Chef server”

sudo apt-get install git
git clone https://github.com/opscode/chef-repo

sudo knife configure -i -r ~/chef-repo/

You will be asked for few things, I’ve let everything to the default value.

As I use self-signed certificates, the command below will permit to trust the certificate 🙂

sudo knife ssl fetch

The next thing to do is the installation of knife-windows in order to do some WinRM things! This is done by the following few lines.

sudo gem install bundler
git clone https://github.com/opscode/knife-windows.git
cd knife-windows
sudo rake build
sudo gem pkg/knife-windows-1.0.0.dev.0.gem

The well know knife-windows is now installed and I can bootstrap the client on my target.

 

Bootstrap Windows Chef-client

The first thing to do is to ensure that WinRM is correctly configured to enable the Chef Service to connect. My node is already connected to my domain and this is how I’ve configured my WinRM service.

WinRM

I know you can use Kerberos authentication with the Ruby WinRM plugin, but I’ve never success.. So IF SOMEONE KNOWS HOW, PLEASE COMMENT IN THIS POST ! Note that CredSSP isn’t needed here, it’s here in order to double hop in Desired State Configuration scripts.

Now, let’s get back to our Chef Server. It’s very easy to bootstrap a client, use the following line.

sudo knife bootstrap windows winrm '<target_node_dns' -x Administrateur -P '<Password>'

It’ll create and execute a powershell script in order to download the last msi (I need to figure out, how force it to download a specific msi in my IIS) and will install it. In addition to that, it’ll generate the certificate for the Chef server and put it in the trusted_certs folder. Once everything is finished, le configuration to the chef-client is launched, in order to register the node in the Chef Service.

The last lines look like this.

tstsrvvnext [2015-02-16T18:08:42+00:00] INFO: *** Chef 12.0.3 ***
tstsrvvnext [2015-02-16T18:08:42+00:00] INFO: Chef-client pid: 1048
tstsrvvnext [2015-02-16T18:09:06+00:00] INFO: Client key c:/chef/client.pem is not present - registering
tstsrvvnext [2015-02-16T18:09:07+00:00] INFO: HTTP Request Returned 404 Object Not Found: error
tstsrvvnext [2015-02-16T18:09:07+00:00] INFO: Setting the run_list to [] from CLI options
tstsrvvnext [2015-02-16T18:09:07+00:00] INFO: Run List is []
tstsrvvnext [2015-02-16T18:09:07+00:00] INFO: Run List expands to []
tstsrvvnext [2015-02-16T18:09:07+00:00] INFO: Starting Chef Run for tstsrvvnext.pwrshell.net
tstsrvvnext [2015-02-16T18:09:07+00:00] INFO: Running start handlers
tstsrvvnext [2015-02-16T18:09:07+00:00] INFO: Start handlers complete.
tstsrvvnext [2015-02-16T18:09:07+00:00] INFO: HTTP Request Returned 404 Object Not Found:
tstsrvvnext [2015-02-16T18:09:08+00:00] INFO: Loading cookbooks []
tstsrvvnext [2015-02-16T18:09:08+00:00] WARN: Node tstsrvvnext.pwrshell.net has an empty run list.
tstsrvvnext [2015-02-16T18:09:08+00:00] INFO: Chef Run complete in 0.734353 seconds
tstsrvvnext [2015-02-16T18:09:08+00:00] INFO: Running report handlers
tstsrvvnext [2015-02-16T18:09:08+00:00] INFO: Report handlers complete

As you see, few warnings are present, it’s ok, it’s just because we haven’t done any recipes or cookbooks for this node.

This is all for this post. Next time we’ll talk about executing PowerShell scripts in our recipes.

Please feel free to comment, if you think some part(s) is(are) wrong or if i miss something.