Chef installation & Configuration
It’s the first post of, i hope, a very long series about Chef.
Chef is a powerful tool which brings all you need in order to automate the configuration of all your systems. At first it was developed for Linux platforms, but you can also automate the management of your Windows systems. It’s a client-server software written in Ruby, a very popular language. Ruby, is cross-platform so the support for Windows-based systems is a straightforward, since 2011 it’s possible with the knife-windows gem.
I know what, you said: What the hell he’s blogging about these stuff! Because, it’s easy: Because you can create DSC recipes and apply them to Windows Hosts!
Overview of Chef concepts
Like any technology, Chef has its own terms. Let me explain them to you.
- Bootstrap: This is the process of configuration a node with a Chef client.
- Recipe: Written in Ruby, a recipe provide lines to achieve a task: Install a package, Start a service, etc.
- Cookbook: This is a bunch of recipes. Typically, a cookbook is created to achieve the full installation, configuration of a task (i.e.: Install & Configure IIS)
- Role: A role is a structure which will permit to build a full architecture (i.e.: an Active Directory, a PKI server, a file server and a MSSQL Node). A role is associated to a node by the Chef administrator
- Run list: This list is composed of recipes applied in a wanted order.
Chef infrastructure is built of 3 “Keys”:
- Chef Service: It stores the recipes and configuration
- Workstation: This is where knife is installed and the administrator work from here. In this tutorial, we won’t do that, but you should 🙂
- Node(s): The nodes managed by Chef. It can be servers, routers, desktop, etc…
Chef Service can use http(s) to interact with Chef-client. It use a Ruby script to do that, it download the run list configured for the node with cookbooks and data to the Chef-client which will execute everything in the correct order.
Chef Service installation
First of all, we need a Chef Service in our lab.
In order to do this I choose an Ubuntu 12.04 server (I use one in Azure, remember Microsoft Loves Linux! :)). You should be able to do this alone, so I won’t talk about it. But now we need few yummy things. The first is to install Ruby 2.0.0 on our server. I’ve faced many issue, and finally achieve this goal with the few lines below.
sudo apt-get -y install zlib1g-dev openssl libopenssl-ruby1.9.1 libssl-dev libruby1.9.1 libreadline-dev git-core build-essential zlib1g-dev libssl-dev libreadline6-dev libyaml-dev cd /tmp wget http://cache.ruby-lang.org/pub/ruby/2.0/ruby-2.0.0-p481.tar.gz tar -xvzf ruby-2.0.0-p481.tar.gz cd ruby-2.0.0-p481/ ./configure --prefix=/usr/local make sudo make install
Yes, you have compiled and installed Ruby from sources!
Now we can start the installation!
wget https://opscode-omnibus-packages.s3.amazonaws.com/ubuntu/12.04/x86_64/chef-server_11.0.10-1.ubuntu.12.04_amd64.deb sudo dpkg -i chef-server_11.0.10-1.ubuntu.12.04_amd64.deb sudo chef-server-ctl reconfigure iptables -I INPUT 1 -p tcp -m tcp --dport 80 -j ACCEPT iptables -I INPUT 1 -p tcp -m tcp --dport 443 -j ACCEPT
Ok now the Cher service is installed, but as i said previously, we will install as well the knife tools on the server, remember this is a lab. Not something to use in production… So, let’s install the chef gem. A gem is a rucky packaged application/script which use RubyGems to be installed.
sudo gem install chef
Chef cookbooks are hosted on github, so let’s install git on our system, clone the chef-repo and configure knife for the first use. What is knife ? “knife is a command-line tool that provides an interface between a local chef-repo and the Chef server”
sudo apt-get install git git clone https://github.com/opscode/chef-repo sudo knife configure -i -r ~/chef-repo/
You will be asked for few things, I’ve let everything to the default value.
As I use self-signed certificates, the command below will permit to trust the certificate 🙂
sudo knife ssl fetch
The next thing to do is the installation of knife-windows in order to do some WinRM things! This is done by the following few lines.
sudo gem install bundler git clone https://github.com/opscode/knife-windows.git cd knife-windows sudo rake build sudo gem pkg/knife-windows-1.0.0.dev.0.gem
The well know knife-windows is now installed and I can bootstrap the client on my target.
Bootstrap Windows Chef-client
The first thing to do is to ensure that WinRM is correctly configured to enable the Chef Service to connect. My node is already connected to my domain and this is how I’ve configured my WinRM service.
I know you can use Kerberos authentication with the Ruby WinRM plugin, but I’ve never success.. So IF SOMEONE KNOWS HOW, PLEASE COMMENT IN THIS POST ! Note that CredSSP isn’t needed here, it’s here in order to double hop in Desired State Configuration scripts.
Now, let’s get back to our Chef Server. It’s very easy to bootstrap a client, use the following line.
sudo knife bootstrap windows winrm '<target_node_dns' -x Administrateur -P '<Password>'
It’ll create and execute a powershell script in order to download the last msi (I need to figure out, how force it to download a specific msi in my IIS) and will install it. In addition to that, it’ll generate the certificate for the Chef server and put it in the trusted_certs folder. Once everything is finished, le configuration to the chef-client is launched, in order to register the node in the Chef Service.
The last lines look like this.
tstsrvvnext [2015-02-16T18:08:42+00:00] INFO: *** Chef 12.0.3 *** tstsrvvnext [2015-02-16T18:08:42+00:00] INFO: Chef-client pid: 1048 tstsrvvnext [2015-02-16T18:09:06+00:00] INFO: Client key c:/chef/client.pem is not present - registering tstsrvvnext [2015-02-16T18:09:07+00:00] INFO: HTTP Request Returned 404 Object Not Found: error tstsrvvnext [2015-02-16T18:09:07+00:00] INFO: Setting the run_list to [] from CLI options tstsrvvnext [2015-02-16T18:09:07+00:00] INFO: Run List is [] tstsrvvnext [2015-02-16T18:09:07+00:00] INFO: Run List expands to [] tstsrvvnext [2015-02-16T18:09:07+00:00] INFO: Starting Chef Run for tstsrvvnext.pwrshell.net tstsrvvnext [2015-02-16T18:09:07+00:00] INFO: Running start handlers tstsrvvnext [2015-02-16T18:09:07+00:00] INFO: Start handlers complete. tstsrvvnext [2015-02-16T18:09:07+00:00] INFO: HTTP Request Returned 404 Object Not Found: tstsrvvnext [2015-02-16T18:09:08+00:00] INFO: Loading cookbooks [] tstsrvvnext [2015-02-16T18:09:08+00:00] WARN: Node tstsrvvnext.pwrshell.net has an empty run list. tstsrvvnext [2015-02-16T18:09:08+00:00] INFO: Chef Run complete in 0.734353 seconds tstsrvvnext [2015-02-16T18:09:08+00:00] INFO: Running report handlers tstsrvvnext [2015-02-16T18:09:08+00:00] INFO: Report handlers complete
As you see, few warnings are present, it’s ok, it’s just because we haven’t done any recipes or cookbooks for this node.
This is all for this post. Next time we’ll talk about executing PowerShell scripts in our recipes.
Please feel free to comment, if you think some part(s) is(are) wrong or if i miss something.