A brand new honest howto about Chef.
Tested in a clean installation of CentOS 7.x, must works in RHEL 7.x and Oracle 7.x.
Configure the hostname correctly and setup the DNS, if you not have a DNS, you must setup the names in hosts file /etc/hosts, for example:
192.168.122.112 chefserver
Our hostname will be chefserver, the certificate file will be named in the same way.
Enable HTTPS in firewalld:
$ sudo firewall-cmd --zone=public --add-port=443/tcp $ sudo firewall-cmd --reload
Install some dependencies:
yum install git wget
Check download link of Chef from: https://downloads.chef.io/chef-server#el and replace <link> as correspond.
$ mkdir -p /home/emonge/.chef/trusted_certs $ sudo yum update $ curl -L <link> -o /tmp/chef-server-core.x86_64.rpm $ sudo yum localinstall /tmp/chef-server-core.x86_64.rpm $ sudo chef-server-ctl reconfigure $ sudo chef-server-ctl user-create emonge Esteban Monge [email protected] 'manager' --filename /home/emonge/.chef/emonge.pem $ sudo chef-server-ctl org-create gbm 'GBM Corporation' --association_user emonge --filename /home/emonge/.chef/gbm-validator.pem $ sudo chef-server-ctl install opscode-push-jobs-server $ sudo chef-server-ctl reconfigure $ sudo opscode-push-jobs-server-ctl reconfigure $ sudo chef-server-ctl install opscode-reporting $ sudo chef-server-ctl reconfigure $ sudo opscode-reporting-ctl reconfigure $ sudo chef-server-ctl install chef-manage $ sudo chef-server-ctl reconfigure $ sudo chef-manage-ctl reconfigure --accept-license
We want install workstation in the same host that serve as server. Check download link of Chef DK from: https://downloads.chef.io/chefdk#el and replace <link> as correspond.
$ curl -L <link> -o /tmp/chef-dk.x86_64.rpm $ sudo yum localinstall /tmp/chef-dk.x86_64.rpm $ cp /var/opt/opscode/nginx/ca/chefserver.crt /home/emonge/.chef/trusted_certs/ $ chown -R emonge.emonge /home/emonge/.chef/ $ knife configure -i
The wizard will ask about the personal private key file and validator private key file, you must indicate the correct path.
Edit or create the knife.rb file **/home/emonge/.chef/knife.rb with this content:
chef_server_url 'https://chefserver/organizations/gbm' validation_client_name 'gbm-validator' cookbook_path '/home/emonge/chef'
Evidently is other host, from your chef server as the user that serve as workstation, in our case emonge, follow this steps, change $IP for your real IP, username and password, we will use root/manager for example purposes:
scp /home/emonge/chef/.chef/gbm-validator.pem $IP:/etc/chef/validation.pem scp /var/opt/opscode/nginx/ca/chefserver.crt $IP:/etc/chef/trusted_certs/ knife bootstrap $IP -x root -P manager --server-url https://chefserver/organizations/gbm -N client1
$ sudo inutoc . $ sudo installp -acXYd . chef
Configure file /etc/chef/client.rb:
chef_server_url "https://idcgbmdemoesx01.novalocal/organizations/gbm" validation_client_name "gbm-validator" log_location STDOUT trusted_certs_dir "/etc/chef/trusted_certs" Chef::Config[:follow_client_key_symlink] = true
The last line is to avoid this error: integer 137438954242 too big to convert to 'int'