Lundebakkevej 5, 4684 Holmegaard

Chef install and setup

As i have a growing number of Linux servers it makes sense to script setup and ensure compliance through an automated system – I have chesen chef for this and here is my memory dump of the installation.

for the purpose of the guide I have created 3 servers all are resolvable from DNS:
192.168.112.195 chefserver.skau.dk
192.168.112.197 chefworkstation.skau.dk
192.168.112.195 chefclient.skau.dk

Lets start by getting the server installed – this is the node that will hold all the cookbooks and receipts. All commands are run as the user lars which exist on all hosts

wget https://packages.chef.io/files/stable/chef-server/12.18.14/ubuntu/18.04/chef-server-core_12.18.14-1_amd64.deb
sudo dpkg -i chef-server-core_12.18.14-1_amd64.deb
mkdir ~/.chef
sudo chef-server-ctl user-create lars Lars Skau lars@skau.dk '<supersecretpassword>' --filename ~/.chef/lars.pem
sudo chef-server-ctl org-create skauit "Skau IT" --association_user lars --filename ~/.chef/skauit.pem

Next I move on to the workstation node – it is from this node all configuration is done and it is here I create my cookbooks that later will be pushed to the chef server – so on the workstation node as the user lars:

wget  https://packages.chef.io/files/stable/chef-workstation/0.2.43/ubuntu/18.04/chef-workstation_0.2.43-1_amd64.deb
sudo dpkg -i chef-workstation_*.deb
chef generate repo chef-repo
mkdir ~/chef-repo/.chef
cd chef-repo/
ssh-keygen -b 4096
ssh-copy-id lars@192.168.112.195
scp lars@192.168.112.195:~/.chef/*.pem ~/chef-repo/.chef/

Then I need to configure knife on the workstation node.
edit ~/chef-repo/.chef/config.rb and insert the following lines:

current_dir = File.dirname(__FILE__)
log_level                :info
log_location             STDOUT
node_name                'lars'
client_key               "lars.pem"
validation_client_name   'skauit-validator'
validation_key           "skauit-validator.pem"
chef_server_url          'https://chefserver.skau.dk/organizations/skauit'
cache_type               'BasicFile'
cache_options( :path => "#{ENV['HOME']}/.chef/checksums" )
cookbook_path            ["#{current_dir}/../cookbooks"]

Last you need to fetch the server certificate to the workstation node

cd ~/chef-repo
knife fetch ssl