Setup Chef Workstation on Linux Server (Ubuntu)


In my last post I had explained you how we can install Chef Server on an Ubuntu server. In this post I will show you how to setup Chef Workstation on another Ubuntu server. Chef Workstation is a machine that you will prepare your recipes & cookbooks on. These recipes are then sent to Chef Server which are then used to manage nodes. Lets begin with this tutorial 🙂 Please put entries of all Chef machines in your /etc/hosts file.

Chef Server Details : –

  • Hostname – chef-server
  • IP Address – 192.168.0.63

Chef Workstation Details : –

  • Hostname – chef-workstation
  • IP Address – 192.168.0.51

1. Install Chef Development Kit. Go to https://downloads.chef.io/chef-dk & download the package for your OS. I have chosen Ubuntu for this tutorial.

root@chef-workstation:/home/shashank# dpkg -i ~shashank/chefdk_0.13.21-1_amd64.deb

2. Generate Chef Repository. Issue below command to generate Chef Repository. This will create a new directory called chef-repo

root@chef-workstation:/home/shashank# chef generate repo chef-repo
root@chef-workstation:/home/shashank# cd chef-repo

3. Create a directory to keep authentication keys. We will need authentication keys to communicate with Chef Server. If you remember, I had created 2 keys while setting up Chef Server. These keys will have to be copied to this directory.

root@chef-workstation:/home/shashank# scp *.pem shashank@192.168.0.51:~shashank/
root@chef-workstation:/home/shashank# mkdir .chef
root@chef-workstation:/home/shashank# mv ~shashank/*pem .chef/

4. Create a knife file. Create a new file knife.rb with below contents. Make changes accordingly(explained below).

root@chef-workstation:/home/shashank# vim knife.rb
log_level                :info
log_location             STDOUT
node_name                'chef-admin'
client_key               '/home/shashank/chef-repo/.chef/chef-admin.pem'
validation_client_name   'shashank-validator'
validation_key           '/home/shashank/chef-repo/.chef/chef-validator.pem'
chef_server_url          'https://chef-server/organizations/shashank'
syntax_check_cache_path  '/home/shashank/chef-repo/.chef/syntax_check_cache'
cookbook_path [ '/home/shashank/chef-repo/cookbooks' ]

A little explanation to this file. Refer to my last post for more clarity.
node_name is your chef username that you created while setting up Chef Server.
client_key is the key that you generated for chef user.
validation_client_name is organization shortname followed by hyphen validator. In my case it was “shashank”.
validation_key is organization key.
chef_server_url is URL to Chef Server’s organization. You will need to put entries in /etc/hosts on all Chef machines so as to avoid errors while executing this file.

5. Authenticate Workstation with Server. Issue below commands to fetch the SSL certificate. We need to go one directory back.

root@chef-workstation:/home/shashank# cd ..
root@chef-workstation:/home/shashank# knife ssl fetch
WARNING: Certificates from 192.168.0.63 will be fetched and placed in your trusted_cert
directory (/home/shashank/chef-repo/.chef/trusted_certs).

Knife has no means to verify these are the correct certificates. You should
verify the authenticity of these certificates after downloading.

Adding certificate for chef-server in /home/shashank/chef-repo/.chef/trusted_certs/chef-server.crt

6. Check the connectivity. Issue below command to verify the connectivity between Chef Server & Workstation.

root@chef-workstation:/home/shashank# knife client list

If there are errors like below, make sure you are putting correct entries in /etc/hosts file.

ERROR: SSL Validation failure connecting to host: 192.168.0.63 - hostname "192.168.0.63" does not match the server certificate
ERROR: SSL Error connecting to https://192.168.0.63/organizations/shashank/clients, retry 1/5
ERROR: SSL Validation failure connecting to host: 192.168.0.63 - hostname "192.168.0.63" does not match the server certificate
ERROR: SSL Error connecting to https://192.168.0.63/organizations/shashank/clients, retry 2/5
ERROR: SSL Validation failure connecting to host: 192.168.0.63 - hostname "192.168.0.63" does not match the server certificate
ERROR: SSL Error connecting to https://192.168.0.63/organizations/shashank/clients, retry 3/5

This happens because the SSL certificate was generated for hostname & not IP address. I corrected the /etc/hosts file & it fixed that. See it below 🙂

root@chef-workstation:/home/shashank# knife client list
shashank-validator

That’s all for this post 🙂 We now have a working Chef Server & a working Chef Workstation. I will explain how to setup a Chef node in my next post. Stay tuned 🙂

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s