In this guide, we will cover the installation and configuration of Chef Automation server on Ubuntu 18.04 Bionic Beaver. Chef is the leading Open source, complete, continuous automation solution for both infrastructure and applications that take you all the way from development to production. Chef, the company, is the founder of the DevOps movement and has done massive work to produce the following automation engines:
- Chef – For Infrastructure Automation
- Habitat – Application automation
- INSPEC – Compliance Automation
Chef is a powerful automation solution designed to help you transform your infrastructure into a code. The Infrastructure can be on-premise, Cloud, or a hybrid environment. With Chef, you automate how the infrastructure is configured, deployed, and managed.
Chef server acts as a central repository for your cookbooks as well as for information about every node it manages. Follow our steps below to have a working Chef Server on your Ubuntu 18.04 Server.
Step 1: Update system and set hostname
Ensure all system packages are updated
sudo apt update sudo apt install curl wget
Set server hostname
sudo hostnamectl set-hostname chef-server.example.com
If you have an active DNS server, set the A record accordingly. For installations without DNSserver, set the record on
$ sudo vim /etc/hosts 192.168.18.39 chef-server.example.com
Step 2: Set AppArmor to Complaining or disabled mode
On Ubuntu 18.04. AppArmor is enabled in enforcing mode by default. Chef does not have a profile for running AppArmor so you’ve to set it to the
Complaining mode or
Check if AppArmor is enabled:
$ sudo apparmor_status apparmor module is loaded. 16 profiles are loaded. 16 profiles are in enforce mode. /sbin/dhclient /usr/bin/lxc-start /usr/bin/man /usr/lib/NetworkManager/nm-dhcp-client.action /usr/lib/NetworkManager/nm-dhcp-helper /usr/lib/connman/scripts/dhclient-script /usr/lib/snapd/snap-confine /usr/lib/snapd/snap-confine//mount-namespace-capture-helper /usr/sbin/haveged /usr/sbin/tcpdump lxc-container-default lxc-container-default-cgns lxc-container-default-with-mounting lxc-container-default-with-nesting man_filter man_groff 0 profiles are in complain mode. 1 processes have profiles defined. 1 processes are in enforce mode. /usr/sbin/haveged (802) 0 processes are in complain mode. 0 processes are unconfined but have a profile defined.
If the response is not “0 processes are in enforce mode” or “0 profiles are in enforce mode.”, set it to
Complaining or disabled mode
To set AppArmor to Complaining mode, run:
sudo aa-complain /etc/apparmor.d/*
To disable AppArmor entirely, run:
sudo invoke-rc.d apparmor kill sudo update-rc.d -f apparmor remove
Recheck the status:
Step 3: Configure Local Mail Relay
The Chef server uses email to send notifications for various events:
- Password resets
- User invitations
- Failover notifications
- Failed job notifications
Configure a local mail transfer agent on the Chef server using the guide:
Step 4: Configure NTP Time Synchronization
The Chef server is particularly sensitive to clock drift and it requires that the systems on which it is running be connected to Network Time Protocol (NTP).
ntp on Ubuntu
sudo apt install ntp
You can optionally edit
/etc/ntp.conf to add NTP servers close to you. To restrict access to NTP server, e.g from your Chef client nodes, set like below
restrict 192.168.18.0 mask 255.255.255.0 nomodify notrap
Restart ntp service after making the change
sudo systemctl restart ntp
If you have
UFW firewall enabled, don’t forget to allow ntp port
sudo ufw allow ntp
Show ntp status
sudo ntpq -p
On Chef clients, install ntp and set NTP server to Chef server IP address
$ sudo apt install ntp $ sudo vim /etc/ntp.conf
Uncomment NTP pool server lines and specify Chef server IP address
#pool 0.ubuntu.pool.ntp.org iburst #pool 1.ubuntu.pool.ntp.org iburst #pool 2.ubuntu.pool.ntp.org iburst #pool 3.ubuntu.pool.ntp.org iburst server 192.168.18.39
Step 5: Download and install Chef server package
First, check the latest version of Chef server from Chef Downloads page
As of this writing, the recent release is version
21.12.720. This is the package we will download and install
VERSION="21.12.720" wget https://packages.chef.io/files/stable/chef-workstation/$VERSION/ubuntu/18.04/chef-workstation_$VERSION-1_amd64.deb
Once the download is complete, install the package using
sudo apt install -f ./chef-workstation_$VERSION-1_amd64.deb
$ sudo dpkg -i chef-server-core_$VERSION-1_amd64.deb Selecting previously unselected package chef-server-core. (Reading database ... 105387 files and directories currently installed.) Preparing to unpack chef-server-core_20.7.96-1_amd64.deb ... Unpacking chef-server-core (20.7.96-1) ... Setting up chef-server-core (20.7.96-1) ...
Wait for the installation to complete then configure Chef Server
sudo chef-server-ctl reconfigure
This step may take a few minutes to complete since many services are configured.
Create an administrator account
The format is:
sudo chef-server-ctl user-create USER_NAME FIRST_NAME LAST_NAME EMAIL 'PASSWORD' --filename FILE_NAME
- An RSA private key is generated automatically.
- This is the user’s private key and should be saved to a safe location.
- The option
--filenamewill save the RSA private key to the specified absolute path.
sudo chef-server-ctl user-create chefadmin Chef Admin \ chefadmi[email protected] 'StrongPassword' \ --filename /home/chefadmin.pem
Also, create an organization. The syntax is:
sudo chef-server-ctl org-create short_name 'full_organization_name' \ --association_user user_name \ --filename ORGANIZATION-validator.pem
- The name must begin with a lower-case letter or digit,
- The full name must begin with a non-white space character
--association_useroption will associate the
user_namewith the admins security group on the Chef server.
- An RSA private key is generated automatically. This is the chef-validator key and should be saved to a safe location.
--filenameoption will save the RSA private key to the specified absolute path.
See example below
sudo chef-server-ctl org-create mycompany 'Company X, Inc.' \ --association_user chefadmin \ --filename /home/mycompany-validator.pem
Generated keys should be available on
# ls /home/ chefadmin.pem mycompany-validator.pem
Install Chef Manage
Chef Manage is a premium add-on that provides a graphical user interface for managing common Chef server tasks. It’s free for up to 25 nodes.
Let’s install the management console
sudo chef-server-ctl install chef-manage sudo chef-server-ctl reconfigure sudo chef-manage-ctl reconfigure
You can also install Chef Manage from a
VER="3.2.20" wget https://packages.chef.io/files/stable/chef-manage/$VER/ubuntu/18.04/chef-manage_$VER-1_amd64.deb sudo apt install ./chef-manage_$VER-1_amd64.deb sudo chef-manage-ctl reconfigure
All Chef Server services will run under the username/group
opscode. The username for PostgreSQL is
opscode-pgsql. Additional packages can be installed from https://packages.chef.io/
If you wish to use or already using UFW firewall, open ports
443 by running the commands below
sudo ufw allow proto tcp from any to any port 80,443
You should be able to access the Chef web admin dashboard on
Login with username added earlier. A fresh Chef dashboard should be similar to below
Step 6: Install Chef Development Kit on your Workstation machine
Chef Workstation is where you have Chef development Kit installed. It contains all the tools you need to develop and test your infrastructure, built by the awesome Chef community. Install Chef Development Kit / Workstation using the guides below:
For Arch Linux users, use:
Step 7: Configure knife on Chef Workstation
Knife is the command-line tool that provides an interface between your workstation and the Chef server. Next read: