Chef on EL7

A brand new honest howto about Chef.

Tested in a clean installation of CentOS 7.x, must works in RHEL 7.x and Oracle 7.x.

Configure the hostname correctly and setup the DNS, if you not have a DNS, you must setup the names in hosts file /etc/hosts, for example:

192.168.122.112 chefserver

Our hostname will be chefserver, the certificate file will be named in the same way.

Enable HTTPS in firewalld:

$ sudo firewall-cmd --zone=public --add-port=443/tcp
$ sudo firewall-cmd --reload

Install some dependencies:

yum install git wget

Check download link of Chef from: https://downloads.chef.io/chef-server#el and replace <link> as correspond.

$ mkdir -p /home/emonge/.chef/trusted_certs
$ sudo yum update
$ curl -L <link> -o /tmp/chef-server-core.x86_64.rpm
$ sudo yum localinstall /tmp/chef-server-core.x86_64.rpm
$ sudo chef-server-ctl reconfigure
$ sudo chef-server-ctl user-create emonge Esteban Monge [email protected] 'manager' --filename /home/emonge/.chef/emonge.pem
$ sudo chef-server-ctl org-create gbm 'GBM Corporation' --association_user emonge --filename /home/emonge/.chef/gbm-validator.pem
$ sudo chef-server-ctl install opscode-push-jobs-server
$ sudo chef-server-ctl reconfigure
$ sudo opscode-push-jobs-server-ctl reconfigure
$ sudo chef-server-ctl install opscode-reporting
$ sudo chef-server-ctl reconfigure
$ sudo opscode-reporting-ctl reconfigure
$ sudo chef-server-ctl install chef-manage
$ sudo chef-server-ctl reconfigure
$ sudo chef-manage-ctl reconfigure --accept-license

We want install workstation in the same host that serve as server. Check download link of Chef DK from: https://downloads.chef.io/chefdk#el and replace <link> as correspond.

$ curl -L <link> -o /tmp/chef-dk.x86_64.rpm
$ sudo yum localinstall /tmp/chef-dk.x86_64.rpm
$ cp /var/opt/opscode/nginx/ca/chefserver.crt /home/emonge/.chef/trusted_certs/
$ chown -R emonge.emonge /home/emonge/.chef/
$ knife configure -i

The wizard will ask about the personal private key file and validator private key file, you must indicate the correct path.

Edit or create the knife.rb file **/home/emonge/.chef/knife.rb with this content:

chef_server_url 'https://chefserver/organizations/gbm'
validation_client_name 'gbm-validator'
cookbook_path '/home/emonge/chef'

Evidently is other host, from your chef server as the user that serve as workstation, in our case emonge, follow this steps, change $IP for your real IP, username and password, we will use root/manager for example purposes:

scp /home/emonge/chef/.chef/gbm-validator.pem $IP:/etc/chef/validation.pem
scp /var/opt/opscode/nginx/ca/chefserver.crt $IP:/etc/chef/trusted_certs/
knife  bootstrap $IP -x root -P manager --server-url https://chefserver/organizations/gbm -N client1

$ sudo inutoc .
$ sudo installp -acXYd . chef

Configure file /etc/chef/client.rb:

chef_server_url  "https://idcgbmdemoesx01.novalocal/organizations/gbm"
validation_client_name "gbm-validator"
log_location   STDOUT
trusted_certs_dir "/etc/chef/trusted_certs"
Chef::Config[:follow_client_key_symlink] = true

The last line is to avoid this error: integer 137438954242 too big to convert to 'int'

• https://docs.chef.io/install_server.html
• https://github.com/chef/chef/issues/6842