===== Chef on EL7 =====
A brand new honest howto about Chef.
Tested in a clean installation of [[:centos|CentOS]] 7.x, must works in RHEL 7.x and Oracle 7.x.
==== Preliminary steps ====
Configure the hostname correctly and setup the DNS, if you not have a DNS, you must setup the names in hosts file **/etc/hosts**, for example:
192.168.122.112 chefserver
Our hostname will be **chefserver**, the certificate file will be named in the same way.
Enable HTTPS in firewalld:
$ sudo firewall-cmd --zone=public --add-port=443/tcp
$ sudo firewall-cmd --reload
Install some dependencies:
yum install git wget
==== Installation ====
=== Server ===
Check download link of Chef from: [[https://downloads.chef.io/chef-server#el|https://downloads.chef.io/chef-server#el]] and replace as correspond.
$ mkdir -p /home/emonge/.chef/trusted_certs
$ sudo yum update
$ curl -L -o /tmp/chef-server-core.x86_64.rpm
$ sudo yum localinstall /tmp/chef-server-core.x86_64.rpm
$ sudo chef-server-ctl reconfigure
$ sudo chef-server-ctl user-create emonge Esteban Monge emonge@gbm.net 'manager' --filename /home/emonge/.chef/emonge.pem
$ sudo chef-server-ctl org-create gbm 'GBM Corporation' --association_user emonge --filename /home/emonge/.chef/gbm-validator.pem
$ sudo chef-server-ctl install opscode-push-jobs-server
$ sudo chef-server-ctl reconfigure
$ sudo opscode-push-jobs-server-ctl reconfigure
$ sudo chef-server-ctl install opscode-reporting
$ sudo chef-server-ctl reconfigure
$ sudo opscode-reporting-ctl reconfigure
$ sudo chef-server-ctl install chef-manage
$ sudo chef-server-ctl reconfigure
$ sudo chef-manage-ctl reconfigure --accept-license
=== Workstation ===
We want install workstation in the same host that serve as server. Check download link of Chef DK from: https://downloads.chef.io/chefdk#el and replace as correspond.
$ curl -L -o /tmp/chef-dk.x86_64.rpm
$ sudo yum localinstall /tmp/chef-dk.x86_64.rpm
$ cp /var/opt/opscode/nginx/ca/chefserver.crt /home/emonge/.chef/trusted_certs/
$ chown -R emonge.emonge /home/emonge/.chef/
$ knife configure -i
The wizard will ask about the personal private key file and validator private key file, you must indicate the correct path.
Edit or create the knife.rb file **/home/emonge/.chef/knife.rb with this content:
chef_server_url 'https://chefserver/organizations/gbm'
validation_client_name 'gbm-validator'
cookbook_path '/home/emonge/chef'
=== Client ===
Evidently is other host, from your chef server as the user that serve as workstation, in our case emonge, follow this steps, change $IP for your real IP, username and password, we will use root/manager for example purposes:
scp /home/emonge/chef/.chef/gbm-validator.pem $IP:/etc/chef/validation.pem
scp /var/opt/opscode/nginx/ca/chefserver.crt $IP:/etc/chef/trusted_certs/
knife bootstrap $IP -x root -P manager --server-url https://chefserver/organizations/gbm -N client1
== AIX ==
$ sudo inutoc .
$ sudo installp -acXYd . chef
Configure file /etc/chef/client.rb:
chef_server_url "https://idcgbmdemoesx01.novalocal/organizations/gbm"
validation_client_name "gbm-validator"
log_location STDOUT
trusted_certs_dir "/etc/chef/trusted_certs"
Chef::Config[:follow_client_key_symlink] = true
The last line is to avoid this error: integer 137438954242 too big to convert to 'int'
==== References ====
* https://docs.chef.io/install_server.html
* https://github.com/chef/chef/issues/6842