Lundebakkevej 5, 4684 Holmegaard

Chef install and setup

As i have a growing number of Linux servers it makes sense to script setup and ensure compliance through an automated system – I have chesen chef for this and here is my memory dump of the installation.

for the purpose of the guide I have created 3 servers all are resolvable from DNS:

Lets start by getting the server installed – this is the node that will hold all the cookbooks and receipts. All commands are run as the user lars which exist on all hosts

sudo dpkg -i chef-server-core_12.18.14-1_amd64.deb
mkdir ~/.chef
sudo chef-server-ctl user-create lars Lars Skau '<supersecretpassword>' --filename ~/.chef/lars.pem
sudo chef-server-ctl org-create skauit "Skau IT" --association_user lars --filename ~/.chef/skauit.pem

Next I move on to the workstation node – it is from this node all configuration is done and it is here I create my cookbooks that later will be pushed to the chef server – so on the workstation node as the user lars:

sudo dpkg -i chef-workstation_*.deb
chef generate repo chef-repo
mkdir ~/chef-repo/.chef
cd chef-repo/
ssh-keygen -b 4096
ssh-copy-id lars@
scp lars@*.pem ~/chef-repo/.chef/

Then I need to configure knife on the workstation node.
edit ~/chef-repo/.chef/config.rb and insert the following lines:

current_dir = File.dirname(__FILE__)
log_level                :info
log_location             STDOUT
node_name                'lars'
client_key               "lars.pem"
validation_client_name   'skauit-validator'
validation_key           "skauit-validator.pem"
chef_server_url          ''
cache_type               'BasicFile'
cache_options( :path => "#{ENV['HOME']}/.chef/checksums" )
cookbook_path            ["#{current_dir}/../cookbooks"]

Last you need to fetch the server certificate to the workstation node

cd ~/chef-repo
knife fetch ssl