Chef Server – Debian/Ubuntu Install

* Please make sure to change “mynewpassword” to whatever password you want to use.

$ apt-get -y install lsb-release wget debconf-utils
$ echo "deb http://apt.opscode.com/ `lsb_release -cs`-0.10 main" | tee /etc/apt/sources.list.d/opscode.list
$ gpg --keyserver keys.gnupg.net --recv-keys 83EF826A
$ gpg --export packages@opscode.com | tee /etc/apt/trusted.gpg.d/opscode-keyring.gpg > /dev/null
$ cat>answerfile<<EOF
chef-server-webui chef-server-webui/admin_password password mynewpassword
chef-solr chef-solr/amqp_password password mynewpassword
EOF
$ url=`hostname -f` ; echo "chef chef/chef_server_url string http://$url:4000" |tee -a answerfile
$ debconf-set-selections ./answerfile
$ echo "deb http://www.rabbitmq.com/debian/ testing main" |tee -a /etc/apt/sources.list
$ wget http://www.rabbitmq.com/rabbitmq-signing-key-public.asc
$ apt-key add rabbitmq-signing-key-public.asc
$ apt-get update
$ apt-get -y install chef-server opscode-keyring

Login at http://hostname:4040/
Username: admin
# This is the password you set in the answerfile above
Password: mynewpassword

Advertisements

Chef Server – Troubleshooting a fresh install on ubuntu 12.04

If your chef-server is not starting on 12.04
There is a relevant bug at : http://tickets.opscode.com/browse/CHEF-2766
This most likely happens if you didn’t run “apt-get update” before you installed chef-server

try running chef-server on it’s own and see what messages you get.
$ chef-server

Loading init file from /usr/share/chef-server-api/config/init.rb
[Mon, 25 Jun 2012 06:31:53 +0000] INFO: Loading roles
Loading /usr/share/chef-server-api/config/environments/development.rb
[Mon, 25 Jun 2012 06:31:53 +0000] INFO:
[Mon, 25 Jun 2012 06:31:53 +0000] INFO: ********************************************************************************
[Mon, 25 Jun 2012 06:31:53 +0000] INFO: *   Starting Chef Server in Development Mode.
[Mon, 25 Jun 2012 06:31:53 +0000] INFO: *   Start the server with `-e production` for normal use
[Mon, 25 Jun 2012 06:31:53 +0000] INFO: ********************************************************************************
[Mon, 25 Jun 2012 06:31:53 +0000] INFO:
NOTE: Gem.activate is deprecated, use Specification#activate. It will be removed on or after 2011-10-01.
Gem.activate called from /usr/lib/ruby/1.8/merb-core/core_ext/kernel.rb:142.
/usr/lib/ruby/vendor_ruby/1.8/rubygems.rb:232:in `_deprecated_activate': Deprecated use of Gem.activate(dep) (ArgumentError)
        from /usr/lib/ruby/vendor_ruby/1.8/rubygems/deprecate.rb:63:in `send'
        from /usr/lib/ruby/vendor_ruby/1.8/rubygems/deprecate.rb:63:in `activate'
        from /usr/lib/ruby/1.8/merb-core/core_ext/kernel.rb:142:in `load_dependency'
        from /usr/lib/ruby/1.8/merb-core/bootloader.rb:405:in `load_dependencies'
        from /usr/lib/ruby/1.8/merb-core/bootloader.rb:405:in `each'
        from /usr/lib/ruby/1.8/merb-core/bootloader.rb:405:in `load_dependencies'
        from /usr/lib/ruby/1.8/merb-core/bootloader.rb:393:in `run'
        from /usr/lib/ruby/1.8/merb-core/bootloader.rb:99:in `run'
        from /usr/lib/ruby/1.8/merb-core/server.rb:172:in `bootup'
        from /usr/lib/ruby/1.8/merb-core/server.rb:42:in `start'
        from /usr/lib/ruby/1.8/merb-core.rb:170:in `start'
        from /usr/sbin/chef-server:86

Fix the offending line:
$ sed -ie ‘142s/Gem.activate(dep)/dep.to_spec.activate/’ /usr/lib/ruby/1.8/merb-core/core_ext/kernel.rb
$ /etc/init.d/chef-server start
$ /etc/init.d/chef-server-webui start

Chef – Configure Knife Admin

Install Ruby, Ruby gems, and Chef-client

Mac OSX

Install X-Code from Mac Appstore
Open Xcode and do the following :  Xcode >> Preferences >> Downloads >> Command Line Tools
$ cd /tmp
$ curl -O http://production.cf.rubygems.org/rubygems/rubygems-1.8.24.tgz
$ tar zxf rubygems-1.8.24.tgz
$ cd rubygems-1.8.24
$ ruby setup.rb –no-format-executable
$ sudo gem install chef

CentOS6

$ yum -y install ruby ruby-devel ruby-ri ruby-rdoc ruby-shadow gcc gcc-c++ automake autoconf make curl dmidecode git
$ cd /tmp
$ curl -O http://production.cf.rubygems.org/rubygems/rubygems-1.8.24.tgz
$ tar zxf rubygems-1.8.24.tgz
$ cd rubygems-1.8.24
$ ruby setup.rb –no-format-executable
$ sudo gem install chef

Ubuntu

$ apt-get install -y curl git ruby1.9.1 rubygems1.9.1 chef

Copy the validation.pem and webui.pem

This is the key that allow you to register your host as a client to the chef server
$ scp root@chef-server:/etc/chef/validation.pem  /etc/chef/validation.pem

This is the key that allows you to authenticate yourself as an admin user to the chef server
Chef requires an existing admin to authorize a new admin
$ scp root@chef-server:/etc/chef/webui.pem  /etc/chef/webui.pem

Run Knife Configure

$ knife configure -i
Example Output:

Overwrite /root/.chef/knife.rb? (Y/N) y
Please enter the chef server URL: [http://chef-server:4000] http://chef-server:4000
Please enter a clientname for the new client: [root] jtran
Please enter the existing admin clientname: [chef-webui]
Please enter the location of the existing admin client's private key: [/etc/chef/webui.pem]
Please enter the validation clientname: [chef-validator]
Please enter the location of the validation key: [/etc/chef/validation.pem]
Please enter the path to a chef repository (or leave blank):
Creating initial API user...
Created client[jtran]
Configuration file written to /root/.chef/knife.rb

Verify Knife is working

$ knife client list
Example Output:

  jtran
  chef-webui
  chef-validator

Chef – Attribute overriding

Let’s pretend we have a cookbook named “wonka”

in ~/chef-repo/cookbooks/wonka/attributes/default.rb

default[:wonka][:gobstopper]  = "everlasting"
default[:wonka][:kazoozle]    = "alittle"

We want to override the value of [:wonka][:gobstopper] for a node named “oompaloompa01”

Without an override defined your json should look something like the following
You can issue:
$ knife node edit ooompaloopma01

{
  "run_list": [
    "recipe[chocolate_factory::default]"
  ],
  "chef_environment": "development",
  "name": "oompaloompa01",
  "normal": {
    "chef_environment": "development",
    "name": "oompaloopma01",
    "normal": {
      "tags": [

      ]
    },
    "tags": [

    ]
  }
}

Now let’s say you want to define default[:wonka][:gobstopper] = “allgone” with an override
Your json should look like the following

{
  "run_list": [
    "recipe[chocolate_factory::default]"
  ],
  "chef_environment": "development",
  "name": "oompaloompa01",
  "normal": {
    "chef_environment": "development",
    "name": "oompaloopma01",
    "wonka": {
      "gobstopper": [
        "allgone"
      ]
    },
    "normal": {
      "tags": [

      ]
    },
    "tags": [

    ]
  }
}

that should commit the override to that specific node.
you can check the values of a node’s attributes with the following command ( where the attribute group you want to look at is “wonka” )
$ knife node show oompaloompa01 -a wonka

Now just run chef-client on oompaloopa01 and you should see the override take effect.

Chef – Encrypted Data-bags example

Create your encrypt/decrypt “key”

$ openssl rand -base64 512 > ~/.chef/encrypted_data_bag_secret

Create a new “data bag” named “mysecrets”

$ knife data bag create mysecrets

Create a new json with information that you want encrypted.

This will be stored inside the “data bag” named “mysecrets”
This will use the “key” you created earlier to encrypt
We will store this as “marioworld”

$ knife data bag create mysecrets marioworld –secret-file ~/.chef/encrypted_data_bag_secret
* This will prompt open an editor to add items to json

{ "id": "marioworld",
"user": "luigi"
"pass": "yahoo"
}

Now Create a simple recipe and template file that will utilize this encrypted “data bag”

Create the Recipe

$ knife cookbook create databag-test
$ cd ~/chef-repo/cookbooks/recipes/
$ vi default.rb

#
# Cookbook Name:: databag-test
# Recipe:: default
#
# Copyright 2012, James Tran
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#

# This is where you will store a copy of your key on the chef-client
secret = Chef::EncryptedDataBagItem.load_secret("/etc/chef/encrypted_data_bag_secret")

# This decrypts the data bag contents of "mysecrets->marioworld" and uses the key defined at variable "secret"
luigi_keys = Chef::EncryptedDataBagItem.load("mysecrets", "marioworld", secret)

template "/tmp/databag" do
     variables(:mypass => luigi_keys['pass'],
               :myuser => luigi_keys['user'])
     owner "root"
     mode  "0644"
     source "databag_test.erb"
end

Create the Template

$ cd ~/chef-repo/cookbooks/databag-test/templates
$ vi databag_test.erb

Username: <%= @myuser %>
Password: <%= @mypass %>

Copy your “key” to the node

$ scp ~/.chef/encrypted_data_bag_secret root@somenode:/etc/chef/

Add the recipe to a node and run chef-client

$ knife node run_list add somenode “recipe[databag-test]”
$ knife ssh “name:somenode” -x root “chef-client”

Verify the contents of the new file created at /tmp/databag

$ knife ssh “name:somenode” -x root “cat /tmp/databag”

Username: luigi
Password: yahoo

Chef – Useful knife commands

Bootstrap

Bootstrap a chef-client system:
* This will login to 192.168.5.111 and login as jtran and run “chef-client” command with sudo and apply the recipe[ntp]
* you will be prompted for a password otherwise pass flag -P <PASSWORD>
$ knife bootstrap 192.168.5.111 -x jtran –sudo -r ‘recipe[ntp]’
Boostrap with a template file ( each OS needs their own bootstrap script )
$ knife bootstrap 192.168.5.111 -x jtran –sudo -r ‘recipe[ntp]’ –template-file ~/chef-repo/bootstrap/precise.rb
Bootstrap with proxy
$ knife bootstrap 192.168.5.111 –bootstrap-proxy http://proxyhost:3128 -x jtran –sudo  -r ‘recipe[ntp]’

Common Error:
Knife bootstrap: ERROR: TypeError: can’t convert false into String
This happens when knife can’t find the .chef directory in it’s current working directory, you should also be able to move to your ~/chef-repo directory to get around this error.

SSH

For help type:
knife ssh –help

-a = attribute that’s not FQDN ( example is ipaddress )
-x = username to login with
-P = password
-E = environment

This will ssh with the attribute: ipaddress ( default is to use hostname ) with user “root” and password “none” and execute for all system with role “webserver”
$ knife ssh -a ipaddress -x root -P none ‘role:webserver’ ‘uptime’

This is an example of a wildcard match for hosts in the chef-server database
$ knife ssh -a ipaddress -x root -P none ‘name:host1*’ ‘uptime’
‘name:host1*’  = query names that match host1*
‘uptime’ = command to run

The following would run chef client on all of your nodes
$ knife ssh ‘name:*’ ‘sudo chef-client’

The following would run chef client on all the nodes with the role “webapp”
$ knife ssh ‘role:webapp’ ‘sudo chef-client’

ssh to single node:
$ knife ssh ‘name:webserver01’ ‘sudo chef-client’

Run chef client on all nodes with role  “webapp” in environment “dev”
$ knife ssh -E dev ‘role:webapp’ ‘sudo chef-client’

Node Information

Get all the attributes of a node
$ knife node show nodename -a node

Get all the attributes of a certain attribute group
* example is you have attributes in your attributes/default.rb like default[:whynot][:zoidberg] = “woopwoop”
$ knife node show nodename -a whynot

Ruby – :Symbols and “Strings”

I’m no ruby expert.
Actually i only know enough to write a bit of chef recipes.
If you read enough chef recipes you’ll notice a syntax like the following occur often

default[:mario][:powerup] = "mushroom"

and sometimes you’ll see it as

default["luigi"]["powerup"] = "fireflower"

So what’s the difference?

SYMBOL

A symbol is immutable. This means you’re not reassigning values to it later. It stays as is, like a hillbilly in a trailer home.
:bowser

STRING

A string is mutable. This means you can keep changing the value of it on the fly. Like a gigolo in a bad economy.
“bowser”
 

All of this information was stolen from another extremely useful and thorough blog at: www.robertsosinski.com
He’s exponentially better at explaining this than i am.

Chef – Simple Cookbook Example

* this assumes your cookbook home is ~/chef-repo/cookbooks

$ knife create cookbook mytomcat
$ vi ~/chef-repo/cookbooks/mytomcat/recipes/default.rb

#
# Cookbook Name:: mytomcat
# Recipe:: default

#
# Copyright 2012, James Tran
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#

 # This allows chef to create users and their passwords
gem_package "ruby-shadow" do
  action :install
end

# Create a unix group
group "webadmin" do
     gid 100001
end

# To create an encrypted password use the following:
# openssl passwd -1 "theplaintextpassword"

# Create a unix user
user "webadmin" do
     comment "Web Administrator"
     uid 10001
     gid "web"
     home "/home/webadmin"
     shell "/bin/bash"
     password "$1$2QYepl2p$.7ckFmevVtpBZpokJCuSd."
end

# Create a directory
directory "/opt/apps/" do
     owner "webadmin"
     group "web"
     mode "0755"
     action :create
     recursive true
end

# Run a bash shell -  download and extract tomcat
bash "install_tomcat" do
     user "root"
     cwd "/opt/apps"
     code <<-EOH
       wget http://mirrors.ibiblio.org/apache/tomcat/tomcat-7/v7.0.27/bin/apache-tomcat-7.0.27.tar.gz
       tar -xzf apache-tomcat-7.0.27.tar.gz
       chown -R webadmin:webadmin /opt/apps
     EOH
     not_if "test -d /opt/apps/apache-tomcat-7.0.27"
end

Chef-Solo – How to run a cookbook

*requires: base installation of debian or ubuntu

Install Ruby and Chef

Ubuntu:

$ apt-get install ruby1.9.1 rubygems1.9.1 chef git -y

Debian:

$ echo "gem: --bindir=/usr/bin --no-ri --no-rdoc" >> /etc/gemrc
$ apt-get install ruby1.9.1 rubygems1.8 git-core -y >> gem install chef
$ echo "PATH=\$PATH:$GEMDIR" >> ~/.bashrc

Create your cookbook directory and copy cookbooks into it

$ mkdir -p /root/chef-solo/cookbooks && cd /root/chef-solo/cookbooks
$ git clone https://github.com/opscode-cookbooks/ntp.git

Create “solo.rb”

$ cat>solo.rb<<EOF
file_cache_path "/root/chef-solo"
cookbook_path "/root/chef-solo/cookbooks"
EOF

Create “solo.json”

$ cat>solo.json<<EOF
{
  "run_list": [ "recipe[ntp::default]" ]
}
EOF

Run Chef Solo

$ chef-solo -c solo.rb -j solo.json
Example output:
[Sat, 23 Jun 2012 03:03:58 +0000] INFO: *** Chef 10.12.0 ***
[Sat, 23 Jun 2012 03:03:58 +0000] INFO: Setting the run_list to ["recipe[ntp::default]"] from JSON
[Sat, 23 Jun 2012 03:03:58 +0000] INFO: Run List is 
] [Sat, 23 Jun 2012 03:03:58 +0000] INFO: Run List expands to [ntp::default] [Sat, 23 Jun 2012 03:03:58 +0000] INFO: Starting Chef Run for ubuntu01.home [Sat, 23 Jun 2012 03:03:58 +0000] INFO: Running start handlers [Sat, 23 Jun 2012 03:03:58 +0000] INFO: Start handlers complete. [Sat, 23 Jun 2012 03:03:58 +0000] INFO: Processing package[ntpdate] action install (ntp::default line 24) [Sat, 23 Jun 2012 03:03:58 +0000] INFO: Processing template[/etc/default/ntpdate] action create (ntp::default line 28) [Sat, 23 Jun 2012 03:03:58 +0000] INFO: template[/etc/default/ntpdate] backed up to /var/chef/backup/etc/default/ntpdate.chef-20120623030358 [Sat, 23 Jun 2012 03:03:58 +0000] INFO: template[/etc/default/ntpdate] mode changed to 644 [Sat, 23 Jun 2012 03:03:58 +0000] INFO: template[/etc/default/ntpdate] updated content [Sat, 23 Jun 2012 03:03:58 +0000] INFO: Processing package[ntp] action install (ntp::default line 35) [Sat, 23 Jun 2012 03:04:09 +0000] INFO: package[ntp] installed version 1:4.2.6.p3+dfsg-1ubuntu3.1 [Sat, 23 Jun 2012 03:04:09 +0000] INFO: Processing directory[/var/log/ntpstats/] action create (ntp::default line 57) [Sat, 23 Jun 2012 03:04:09 +0000] INFO: Processing service[ntp] action enable (ntp::default line 64) [Sat, 23 Jun 2012 03:04:09 +0000] INFO: Processing service[ntp] action start (ntp::default line 64) [Sat, 23 Jun 2012 03:04:09 +0000] INFO: Processing template[/etc/ntp.conf] action create (ntp::default line 69) [Sat, 23 Jun 2012 03:04:09 +0000] INFO: template[/etc/ntp.conf] backed up to /var/chef/backup/etc/ntp.conf.chef-20120623030409 [Sat, 23 Jun 2012 03:04:09 +0000] INFO: template[/etc/ntp.conf] mode changed to 644 [Sat, 23 Jun 2012 03:04:09 +0000] INFO: template[/etc/ntp.conf] updated content [Sat, 23 Jun 2012 03:04:09 +0000] INFO: template[/etc/ntp.conf] sending restart action to service[ntp] (delayed) [Sat, 23 Jun 2012 03:04:09 +0000] INFO: Processing service[ntp] action restart (ntp::default line 64) [Sat, 23 Jun 2012 03:04:11 +0000] INFO: service[ntp] restarted [Sat, 23 Jun 2012 03:04:11 +0000] INFO: Chef Run complete in 12.81987 seconds [Sat, 23 Jun 2012 03:04:11 +0000] INFO: Running report handlers [Sat, 23 Jun 2012 03:04:11 +0000] INFO: Report handlers complete