Welcome to today’s guide on how to install Chef Server and Workstation on Ubuntu 20.04 (Focal Fossa). Chef is a powerful automation solution designed to help you transform your infrastructure into a code. The Infrastructure can be on-premise, Cloud, or a hybrid environment. With Chef, you automate how the infrastructure is deployed, configured, and managed. The Chef server acts as a central repository for your cookbooks as well as for information about every node it manages.
The company behind Chef automation server has worked on other automation tools which are:
- Chef – For Infrastructure Automation
- Habitat – Application automation
- INSPEC – Compliance Automation
Follow the steps in the next sections below to install and configure Chef Server on Ubuntu 20.04 Linux server.
Step 1: Update system and set hostname
We need to update our system to ensure all installed packages are latest releases.
sudo apt update
sudo apt -y upgradeSet server hostname that will be the DNS name of your Chef Server deployed on Ubuntu 20.04.
sudo hostnamectl set-hostname chef-server.neveropen.techIf you have an active DNS server, set the A record accordingly. For installations without DNSserver, set the record on /etc/hosts file:
$ sudo vim /ect/hosts
192.168.200.10 chef-server.example.com
Also install some other basic packages on your Ubuntu machine.
sudo apt -y install curl wget bash-completionAfter installing these packages and upgrading your machine I recommend you perform a reboot.
sudo rebootStep 2: Configure Local Mail Relay
The Chef server uses email to send notifications for various events:
- Password resets
- User invitations
- Failover notifications
- Failed job notifications
Configure a local mail transfer agent on the Chef server using the guide:
Step 3: Configure NTP Time synchronization
The Chef server is particularly sensitive to clock drift and it requires that the systems on which it is running be connected to Network Time Protocol (NTP).
Install chrony package on Ubuntu 20.04.
sudo apt -y install chronySet correct timezone for date to be picked automatically.
sudo timedatectl set-timezone Africa/NairobiYou can choose to restrict access to NTP server, e.g from your Chef client nodes, set like below:
restrict 192.168.18.0 mask 255.255.255.0 nomodify notrap
Where 192.168.18.0 is the IP subnet of your local network. Restart ntp service after making the change:
sudo systemctl restart chrony
If you have UFW firewall enabled, don’t forget to allow ntp port:
sudo ufw allow ntpShow ntp status:
sudo chronyc sourcesConfirm time synchronization:
$ timedatectl
Local time: Fri 2020-07-10 20:38:57 EAT
Universal time: Fri 2020-07-10 17:38:57 UTC
RTC time: Fri 2020-07-10 17:38:58
Time zone: Africa/Nairobi (EAT, +0300)
System clock synchronized: yes
NTP service: active
RTC in local TZ: no
On Chef clients, install ntp and set NTP server to Chef server IP address
sudo apt install chrony
sudo vim /etc/ntp.confUncomment NTP pool server lines and specify Chef server IP address
#pool 0.ubuntu.pool.ntp.org iburst
#pool 1.ubuntu.pool.ntp.org iburst
#pool 2.ubuntu.pool.ntp.org iburst
#pool 3.ubuntu.pool.ntp.org iburst
server 192.168.18.39Step 4: Download and install Chef server package
First, check the latest version of Chef server from Chef Downloads page
As of this writing, the recent release is version 14.11.21. This is the package we will download and install:
VERSION="14.11.21"
wget https://packages.chef.io/files/stable/chef-server/${VERSION}/ubuntu/18.04/chef-server-core_${VERSION}-1_amd64.debOnce the download is complete, install the package using dpkg command:
sudo apt install ./chef-server-core_${VERSION}-1_amd64.debSample status:
....
The following NEW packages will be installed:
chef-server-core
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/246 MB of archives.
After this operation, 956 MB of additional disk space will be used.
Get:1 /home/ubuntu/chef-server-core_14.11.21-1_amd64.deb chef-server-core amd64 14.11.21-1 [246 MB]
Selecting previously unselected package chef-server-core.
(Reading database ... 63527 files and directories currently installed.)
Preparing to unpack .../chef-server-core_14.11.21-1_amd64.deb ...
Unpacking chef-server-core (14.11.21-1) ...
Setting up chef-server-core (14.11.21-1) ...
Thank you for installing Chef Infra Server!
Run 'chef-server-ctl reconfigure' to configure your Chef Infra Server
For more information on getting started see https://docs.chef.io/server/Wait for the installation to complete then configure Chef Server:
sudo chef-server-ctl reconfigureBefore the configuration is started you need to accept license agreement.
....
Before you can continue, 3 product licenses
must be accepted. View the license at
https://www.chef.io/end-user-license-agreement/
Licenses that need accepting:
* Chef Infra Server
* Chef Infra Client
* Chef InSpec
Do you accept the 3 product licenses (yes/no)?
> yes
Persisting 3 product licenses...
✔ 3 product licenses persisted.
+---------------------------------------------+Create an administrator account
The format is:
sudo chef-server-ctl user-create USER_NAME FIRST_NAME LAST_NAME EMAIL 'PASSWORD' --filename FILE_NAME- An RSA private key is generated automatically.
- This is the user’s private key and should be saved to a safe location.
- The option
--filenamewill save the RSA private key to the specified absolute path.
Example:
sudo chef-server-ctl user-create chefadmin Chef Admin \
[email protected] 'StrongPassword' \
--filename /home/chefadmin.pemAlso, create an organization. The syntax is:
sudo chef-server-ctl org-create short_name 'full_organization_name' --association_user user_name --filename ORGANIZATION-validator.pem- The name must begin with a lower-case letter or digit,
- The full name must begin with a non-white space character
- The
--association_useroption will associate theuser_namewith the admins security group on the Chef server. - An RSA private key is generated automatically. This is the chef-validator key and should be saved to a safe location.
- The
--filenameoption will save the RSA private key to the specified absolute path.
See example below:
chef-server-ctl org-create mycompany 'Company X, Inc.' \
--association_user chefadmin \
--filename /home/mycompany-validator.pemGenerated keys should be available on /home directory
# ls /home/
chefadmin.pem mycompany-validator.pemInstall Chef Manage
Chef Manage is a premium add-on that provides a graphical user interface for managing common Chef server tasks. It’s free for up to 25 nodes.
Let’s install the management console:
sudo chef-server-ctl install chef-manage
sudo chef-server-ctl reconfigure
sudo chef-manage-ctl reconfigureYou can also install Chef Manage from a .deb package:
VER="3.2.20"
wget https://packages.chef.io/files/stable/chef-manage/${VER}/ubuntu/18.04/chef-manage_${VER}-1_amd64.deb
sudo apt install -f ./chef-manage_${VER}-1_amd64.deb
sudo chef-manage-ctl reconfigureAll Chef Server services will run under the username/group opscode. The username for PostgreSQL is opscode-pgsql. Additional packages can be installed from https://packages.chef.io/
If you wish to use or already using UFW firewall, open ports 80 & 443 by running the commands below:
sudo ufw allow proto tcp from any to any port 80,443You should be able to access the Chef web admin dashboard on https://serverip/login
Login with username added earlier. A fresh Chef dashboard should be similar to below
Step 5: Install Chef Development Kit on your Workstation machine
Chef Workstation is where you have Chef development Kit installed. It contains all the tools you need to develop and test your infrastructure, built by the awesome Chef community. Install Chef Development Kit / Workstation using the guides below:
For Arch Linux users, use:
Step 6: Configure knife on Chef Workstation
Knife is the command-line tool that provides an interface between your workstation and the Chef server. Next read:
