===== Chef on EL7 =====

A brand new honest howto about Chef.

Tested in a clean installation of [[:centos|CentOS]] 7.x, must works in RHEL 7.x and Oracle 7.x.

==== Preliminary steps ====
Configure the hostname correctly and setup the DNS, if you not have a DNS, you must setup the names in hosts file **/etc/hosts**, for example:
<code>
192.168.122.112 chefserver
</code>

Our hostname will be **chefserver**, the certificate file will be named in the same way.

Enable HTTPS in firewalld:
<code>
$ sudo firewall-cmd --zone=public --add-port=443/tcp
$ sudo firewall-cmd --reload
</code>

Install some dependencies:
<code>
yum install git wget
</code>

==== Installation ====

=== Server ===

Check download link of Chef from: [[https://downloads.chef.io/chef-server#el|https://downloads.chef.io/chef-server#el]] and replace <link> as correspond.

<code>
$ mkdir -p /home/emonge/.chef/trusted_certs
$ sudo yum update
$ curl -L <link> -o /tmp/chef-server-core.x86_64.rpm
$ sudo yum localinstall /tmp/chef-server-core.x86_64.rpm
$ sudo chef-server-ctl reconfigure
$ sudo chef-server-ctl user-create emonge Esteban Monge emonge@gbm.net 'manager' --filename /home/emonge/.chef/emonge.pem
$ sudo chef-server-ctl org-create gbm 'GBM Corporation' --association_user emonge --filename /home/emonge/.chef/gbm-validator.pem
$ sudo chef-server-ctl install opscode-push-jobs-server
$ sudo chef-server-ctl reconfigure
$ sudo opscode-push-jobs-server-ctl reconfigure
$ sudo chef-server-ctl install opscode-reporting
$ sudo chef-server-ctl reconfigure
$ sudo opscode-reporting-ctl reconfigure
$ sudo chef-server-ctl install chef-manage
$ sudo chef-server-ctl reconfigure
$ sudo chef-manage-ctl reconfigure --accept-license
</code>

=== Workstation ===
We want install workstation in the same host that serve as server. Check download link of Chef DK from: https://downloads.chef.io/chefdk#el and replace <link> as correspond. 
<code>
$ curl -L <link> -o /tmp/chef-dk.x86_64.rpm
$ sudo yum localinstall /tmp/chef-dk.x86_64.rpm
$ cp /var/opt/opscode/nginx/ca/chefserver.crt /home/emonge/.chef/trusted_certs/
$ chown -R emonge.emonge /home/emonge/.chef/
$ knife configure -i
</code>

The wizard will ask about the personal private key file and validator private key file, you must indicate the correct path.

Edit or create the knife.rb file **/home/emonge/.chef/knife.rb with this content:
<code>
chef_server_url 'https://chefserver/organizations/gbm'
validation_client_name 'gbm-validator'
cookbook_path '/home/emonge/chef'
</code>

=== Client ===
Evidently is other host, from your chef server as the user that serve as workstation, in our case emonge, follow this steps, change $IP for your real IP, username and password, we will use root/manager for example purposes:

<code>
scp /home/emonge/chef/.chef/gbm-validator.pem $IP:/etc/chef/validation.pem
scp /var/opt/opscode/nginx/ca/chefserver.crt $IP:/etc/chef/trusted_certs/
knife  bootstrap $IP -x root -P manager --server-url https://chefserver/organizations/gbm -N client1
</code>


== AIX ==

<code>
$ sudo inutoc .
$ sudo installp -acXYd . chef
</code>


Configure file /etc/chef/client.rb:

<code>
chef_server_url  "https://idcgbmdemoesx01.novalocal/organizations/gbm"
validation_client_name "gbm-validator"
log_location   STDOUT
trusted_certs_dir "/etc/chef/trusted_certs"
Chef::Config[:follow_client_key_symlink] = true
</code>

The last line is to avoid this error: integer 137438954242 too big to convert to 'int'

==== References ====
  * https://docs.chef.io/install_server.html
  * https://github.com/chef/chef/issues/6842