In this guide, we will cover the installation and configuration of Chef Automation server on Ubuntu 18.04 Bionic Beaver. Chef is the leading Open source, complete, continuous automation solution for both infrastructure and applications that take you all the way from development to production. Chef, the company, is the founder of the DevOps movement and has done massive work to produce the following automation engines:
- Chef – For Infrastructure Automation
- Habitat – Application automation
- INSPEC – Compliance Automation
Chef is a powerful automation solution designed to help you transform your infrastructure into a code. The Infrastructure can be on-premise, Cloud, or a hybrid environment. With Chef, you automate how the infrastructure is configured, deployed, and managed.
Chef server acts as a central repository for your cookbooks as well as for information about every node it manages. Follow our steps below to have a working Chef Server on your Ubuntu 18.04 Server.
Step 1: Update system and set hostname
Ensure all system packages are updated
sudo apt update
sudo apt install curl wgetSet server hostname
sudo hostnamectl set-hostname chef-server.example.comIf you have an active DNS server, set the A record accordingly. For installations without DNSserver, set the record on /etc/hosts file
$ sudo vim /etc/hosts
192.168.18.39 chef-server.example.comStep 2: Set AppArmor to Complaining or disabled mode
On Ubuntu 18.04. AppArmor is enabled in enforcing mode by default. Chef does not have a profile for running AppArmor so you’ve to set it to the Complaining mode or disabled.
Check if AppArmor is enabled:
$ sudo apparmor_status
apparmor module is loaded.
16 profiles are loaded.
16 profiles are in enforce mode.
/sbin/dhclient
/usr/bin/lxc-start
/usr/bin/man
/usr/lib/NetworkManager/nm-dhcp-client.action
/usr/lib/NetworkManager/nm-dhcp-helper
/usr/lib/connman/scripts/dhclient-script
/usr/lib/snapd/snap-confine
/usr/lib/snapd/snap-confine//mount-namespace-capture-helper
/usr/sbin/haveged
/usr/sbin/tcpdump
lxc-container-default
lxc-container-default-cgns
lxc-container-default-with-mounting
lxc-container-default-with-nesting
man_filter
man_groff
0 profiles are in complain mode.
1 processes have profiles defined.
1 processes are in enforce mode.
/usr/sbin/haveged (802)
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.If the response is not “0 processes are in enforce mode” or “0 profiles are in enforce mode.”, set it to Complaining or disabled mode
To set AppArmor to Complaining mode, run:
sudo aa-complain /etc/apparmor.d/*To disable AppArmor entirely, run:
sudo invoke-rc.d apparmor kill
sudo update-rc.d -f apparmor removeRecheck the status:
sudo apparmor_statusStep 3: Configure Local Mail Relay
The Chef server uses email to send notifications for various events:
- Password resets
- User invitations
- Failover notifications
- Failed job notifications
Configure a local mail transfer agent on the Chef server using the guide:
Step 4: Configure NTP Time Synchronization
The Chef server is particularly sensitive to clock drift and it requires that the systems on which it is running be connected to Network Time Protocol (NTP).
Install ntp on Ubuntu
sudo apt install ntpYou can optionally edit /etc/ntp.conf to add NTP servers close to you. To restrict access to NTP server, e.g from your Chef client nodes, set like below
restrict 192.168.18.0 mask 255.255.255.0 nomodify notrap
Restart ntp service after making the change
sudo systemctl restart ntpIf you have UFW firewall enabled, don’t forget to allow ntp port
sudo ufw allow ntpShow ntp status
sudo ntpq -pOn Chef clients, install ntp and set NTP server to Chef server IP address
$ sudo apt install ntp
$ sudo vim /etc/ntp.confUncomment NTP pool server lines and specify Chef server IP address
#pool 0.ubuntu.pool.ntp.org iburst
#pool 1.ubuntu.pool.ntp.org iburst
#pool 2.ubuntu.pool.ntp.org iburst
#pool 3.ubuntu.pool.ntp.org iburst
server 192.168.18.39Step 5: Download and install Chef server package
First, check the latest version of Chef server from Chef Downloads page
As of this writing, the recent release is version 21.12.720. This is the package we will download and install
VERSION="21.12.720"
wget https://packages.chef.io/files/stable/chef-workstation/$VERSION/ubuntu/18.04/chef-workstation_$VERSION-1_amd64.debOnce the download is complete, install the package using apt command:
sudo apt install -f ./chef-workstation_$VERSION-1_amd64.debSample status
$ sudo dpkg -i chef-server-core_$VERSION-1_amd64.deb
Selecting previously unselected package chef-server-core.
(Reading database ... 105387 files and directories currently installed.)
Preparing to unpack chef-server-core_20.7.96-1_amd64.deb ...
Unpacking chef-server-core (20.7.96-1) ...
Setting up chef-server-core (20.7.96-1) ...Wait for the installation to complete then configure Chef Server
sudo chef-server-ctl reconfigureThis step may take a few minutes to complete since many services are configured.
Create an administrator account
The format is:
sudo chef-server-ctl user-create USER_NAME FIRST_NAME LAST_NAME EMAIL 'PASSWORD' --filename FILE_NAME- An RSA private key is generated automatically.
- This is the user’s private key and should be saved to a safe location.
- The option
--filenamewill save the RSA private key to the specified absolute path.
Example:
sudo chef-server-ctl user-create chefadmin Chef Admin \
chefadmi[email protected] 'StrongPassword' \
--filename /home/chefadmin.pemAlso, create an organization. The syntax is:
sudo chef-server-ctl org-create short_name 'full_organization_name' \
--association_user user_name \
--filename ORGANIZATION-validator.pem- The name must begin with a lower-case letter or digit,
- The full name must begin with a non-white space character
- The
--association_useroption will associate theuser_namewith the admins security group on the Chef server. - An RSA private key is generated automatically. This is the chef-validator key and should be saved to a safe location.
- The
--filenameoption will save the RSA private key to the specified absolute path.
See example below
sudo chef-server-ctl org-create mycompany 'Company X, Inc.' \
--association_user chefadmin \
--filename /home/mycompany-validator.pemGenerated keys should be available on /home directory
# ls /home/
chefadmin.pem mycompany-validator.pemInstall Chef Manage
Chef Manage is a premium add-on that provides a graphical user interface for managing common Chef server tasks. It’s free for up to 25 nodes.
Let’s install the management console
sudo chef-server-ctl install chef-manage
sudo chef-server-ctl reconfigure
sudo chef-manage-ctl reconfigureYou can also install Chef Manage from a .deb package
VER="3.2.20"
wget https://packages.chef.io/files/stable/chef-manage/$VER/ubuntu/18.04/chef-manage_$VER-1_amd64.deb
sudo apt install ./chef-manage_$VER-1_amd64.deb
sudo chef-manage-ctl reconfigureAll Chef Server services will run under the username/group opscode. The username for PostgreSQL is opscode-pgsql. Additional packages can be installed from https://packages.chef.io/
If you wish to use or already using UFW firewall, open ports 80 & 443 by running the commands below
sudo ufw allow proto tcp from any to any port 80,443You should be able to access the Chef web admin dashboard on https://serverip/login
Login with username added earlier. A fresh Chef dashboard should be similar to below
Step 6: Install Chef Development Kit on your Workstation machine
Chef Workstation is where you have Chef development Kit installed. It contains all the tools you need to develop and test your infrastructure, built by the awesome Chef community. Install Chef Development Kit / Workstation using the guides below:
For Arch Linux users, use:
Step 7: Configure knife on Chef Workstation
Knife is the command-line tool that provides an interface between your workstation and the Chef server. Next read:
