Chef is an awesome tool with which you can configure servers in an automatic fashion. It also ensures that the configuration of the servers doesn't change over time. This lab is a quick introduction on how to install Chef and how to use Chef to do a basic automation of a Linux server.

Install Chef server

Install Ubuntu 16.04

1- Choose the installer language.

2- Launch the installation.

3- Choose the system language.

4- Choose the system location.

5- Configure the keyboard.

6- Configure the network.

7- Configure the username and password.

8- Choose if your user home will be encrypted or not.

9- Configure the time zone.

10- Create a disk partition for the installation.

11- Configure a proxy if you are using one to access the Internet. If not, leave empty.

12- Choose to install the security update automatically.

13- Choose to install OpenSSH server.

14- Install GRUB.

15- Reboot the server.

Install the Chef server components

1- Launch an SSH session to your new Ubuntu 16.04 server.

$ ssh sguyennet@10.10.40.6

2- Download the Chef server core package.

$ wget https://packages.chef.io/files/stable/chef-server/12.18.14/ubuntu/16.04/chef-server-core_12.18.14-1_amd64.deb

3- Install Chef server.

$ sudo dpkg -i chef-server-core_12.18.14-1_amd64.deb

4- Start Chef server.

$ sudo chef-server-ctl reconfigure

5- Create an administrator user.

$ sudo chef-server-ctl user-create [your_username] [your_firstname] [your_lastname] [your_mail] '[your_password]' --filename [your_username]-chef.pem

6- Create an organization. The short name of the organization must be in lower case and can't include any whitespace.

$ sudo chef-server-ctl org-create [your_organization_short_name] '[your_organization_long_name]' --association_user [your_username] --filename [your_organization_name]-validator.pem

7- Install the "Chef manage" GUI.

$ sudo -s

# chef-server-ctl install chef-manage 

8- Validate the "Chef manage" license.

# chef-server-ctl reconfigure

9- Browse to https://10.10.40.6 and accept the self-signed certificate.

10- Login with your Chef administrator user credentials.

Install and configure ChefDK

On your client machine:

1- Download ChefDK.

$ wget https://packages.chef.io/files/stable/chefdk/3.6.57/ubuntu/16.04/chefdk_3.6.57-1_amd64.deb

2- Install ChefDK.

$ sudo dpkg -i chefdk_3.6.57-1_amd64.deb

3- In the "Chef manage" GUI, go to Administration and select your organization.

4- Click on Starter Kit on the left and download the starter kit archive.

5- Install "unzip".

$ apt-get install unzip

6- Uncompress the starter kit archive.

$ unzip -e chef-starter.zip

7- Remove the starter kit archive.

$ rm chef-starter.zip

8- Accept the Chef server self-signed certificate.

$ cd chef-repo

$ knife ssl fetch

9- Check that the connection is trusted.

$ knife ssl check

10- Initialize the chef-repo as a git repo.

$ git init

$ git add *

$ git commit -m "First commit"

Download a cookbook from Supermarket

Chef Supermarket is a repository where you can find cookbooks made by the Chef team and by the community.

1- Download the chef-client cookbook from the Supermarket repository.

$ knife cookbook site install chef-client 10.0.4

2- The cookbook should now be in your local chef-repo.

$ ls -la cookbooks

3- Upload the cookbook dependencies to the Chef server.

$ knife upload cookbook cookbooks/cron

$ knife upload cookbook cookbooks/logrotate

$ knife upload cookbook cookbooks/windows

4- Upload the cookbook to the Chef server

$ knife upload cookbook cookbooks/chef-client

Bootstrap a node

Install a new Ubuntu 16.04 machine

1- Choose the installer language.

2- Launch the installation.

3- Choose the system language.

4- Choose the system location.

5- Configure the keyboard.

6- Configure the network.

7- Configure the username and password.

8- Choose if your user home will be encrypted or not.

9- Configure the time zone.

10- Create a disk partition for the installation.

11- Configure a proxy if you are using one to access the Internet. If not, leave empty.

12- Choose to install the security update automatically.

13- Choose to install OpenSSH server.

14- Install GRUB.

15- Reboot the server.

Bootstrap the new Ubuntu 16.04 machine

You need to run the knife bootstrap command from your client machine and you should be in the chef-repo directory.

The bootstrap command is going to SSH to the new Ubuntu 16.04 machine, to install the chef-client and to configure it to run every 30 minutes.

1- Bootstrap the Ubuntu 16.04 machine.

$  knife bootstrap 10.10.40.7 \
-N chef-node-01 \
-r 'recipe[chef-client]' \
-x sguyennet \
-P '********' \
--use-sudo-password \
--sudo

2- Check that the new bootstrapped machine is listed in the nodes inventory of the Chef server.

Create your own cookbook

For our first cookbook, we are going to create a banner for our machines managed by Chef.

1- Create a new cookbook locally on your client machine.

$ cd chef-repo

$ chef generate cookbook cookbooks/inkubate_banner

2- Edit the cookbook metadata and specify your name and your email.

$ vim cookbooks/inkubate_banner/metadata.rb
name 'inkubate_banner'
maintainer '[your_name]'
maintaineremail '[your_email]'
license 'All Rights Reserved'
description 'Installs/Configures inkubate_banner'
longdescription 'Installs/Configures inkubate_banner'
version '0.1.0'
chef_version '>= 13.0'

3- Edit the default recipe of the cookbook.

$ vim cookbooks/inkubate_banner/recipes/default.rb
hostname = node['hostname']
file '/etc/motd' do
  content "Welcome on #{hostname}\nThis server is managed by Chef\n\n"
end

4- Commit your code to your local git repository.

$ git add cookbooks/inkubate_banner

$ git commit -m "Add inkubate_banner cookbook"

5- Upload your cookbook to the Chef server.

$ knife upload cookbook cookbooks/inkubate_banner

6- Check that your cookbook is available on the Chef server.

7- Select your node in the nodes list and edit the run list.

8- Add your new recipe to the run list of your node.

9- SSH to your chef node.

$ ssh sguyennet@10.10.40.7

10- Execute the Chef client.

$ sudo chef-client

11- Exit the SSH session and log back in.

$ exit

$ ssh sguyennet@10.10.40.7

You should see something similar to this in the SSH banner of your node:

Welcome on chef-node-01
This server is managed by Chef

Create a role

A Chef role is a group of recipes. We are going to group our two recipes together to create a role and assign this new role to our node.

1- Click on the Policy tab and select Roles.

2- Create a new role.

3- Choose a name for your role.

4- Edit the run list of the new role.

5- Add the chef-client and the inkubate_banner recipes to the run list.

6- Click on the Nodes tab, select your node and edit the node run list.

7- Remove the two recipes that we added earlier from the node run list.

8- Add the new role to the node run list.

Congratulations! You now have the basic infrastructure to automate the installation of your servers. You can find more information on how to create your own Chef cookbook in the official documentation.