This article will discuss installation of Chef Server on CentOS 8 / RHEL 8. Chef Infra is an open-source infrastructure Automation framework that gives you powers to define the state of your systems and automatically keep them that way.
For Puppet: Install Puppet 6.x Master / Server on CentOS 8 | RHEL 8
The Chef Server is responsible for storing your configuration policy, defined in Chef cookbooks, as well as searchable metadata for each node managed. The Nodes managed by Chef regularly check in with the Chef server to ensure that their local configurations are always kept up to date.
Chef is typically comprised of three parts:
- Workstation: This is the computer from which you write Chef cookbooks and administer your entire network.
- Chef server: This acts as a central repository for your authored cookbooks as well as for information about every node it manages.
- Nodes: This is computer that has Chef client installed and is managed by a Chef server. A node can be any physical or virtual machine in your network.
The structure is as illustrated in the diagram below.
Detailed overview:
In our previous guide, we covered the installation of Chef Server on Ubuntu 18.04 LTS. Today article will be focused on the installation of Chef Server on CentOS 8 / RHEL 8 Linux system.
Prerequisites
- A CentOS/RHEL 8 server with 8GB Ram allocated
- Assign a hostname to the Chef server which should be on its Domain name.
My server has 8GB of RAM and 4vcpus.
$ free -h
total used free shared buff/cache available
Mem: 7.6Gi 162Mi 7.2Gi 16Mi 257Mi 7.2Gi
Swap: 4.0Gi 0B 4.0Gi
$ $ lscpu
Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
Byte Order: Little Endian
CPU(s): 4
On-line CPU(s) list: 0-3
Thread(s) per core: 1
Core(s) per socket: 1
Socket(s): 4
NUMA node(s): 1
Vendor ID: GenuineIntel
CPU family: 6
Model: 94
Model name: Intel Core Processor (Skylake, IBRS)
Stepping: 3
CPU MHz: 3599.986
BogoMIPS: 7199.97
Hypervisor vendor: KVM
Virtualization type: full
L1d cache: 32K
L1i cache: 32K
L2 cache: 4096K
L3 cache: 16384K
NUMA node0 CPU(s): 0-3
Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss syscall nx pdpe1gb rdtscp lm constant_tsc rep_good nopl xtopology cpuid tsc_known_freq pni pclmulqdq ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm 3dnowprefetch invpcid_single pti ssbd ibrs ibpb stibp fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx rdseed adx smap clflushopt xsaveopt xsavec xgetbv1 arat md_clear
Step 1: Update System
Set proper hostname for Chef server machine before updating.
sudo hostnamectl set-hostname chefserver.geeksforgeeks.org --static
If you don’t have a valid DNS server in your network, add A record to /etc/hosts file.
$ sudo vi /etc/hosts
10.10.1.162 chefserver.geeksforgeeks.org chefserver
Then install basic standard packages and update the server:
sudo dnf -y install git vim wget curl bash-completion
sudo dnf -y update
sudo reboot
Step 2: Configure NTP
The Chef server is particularly sensitive to clock drift and it requires that the systems on which it is running be connected to Network Time Protocol (NTP).
Refer to our previous guide:
How To Configure NTP Server Using Chrony on RHEL 8 / CentOS 8
Step 3: Install Chef Server on CentOS 8 / RHEL 8
Visit the Chef Infra Server Downloads page choose the current or stable release version to Download.
wget https://packages.chef.io/files/stable/chef-server/13.2.0/el/8/chef-server-core-13.2.0-1.el7.x86_64.rpm
After downloading the package, install it with your distribution package manager.
sudo dnf localinstall chef-server-core-13.2.0-1.el7.x86_64.rpm
Accept installation by pressing the y key when asked.
Dependencies resolved.
===================================================================================================================================================
Package Arch Version Repository Size
===================================================================================================================================================
Installing:
chef-server-core x86_64 13.2.0-1.el7 @commandline 328 M
Transaction Summary
===================================================================================================================================================
Install 1 Package
Total size: 328 M
Installed size: 1.0 G
Is this ok [y/N]: y
Once the installation is complete, we need to reconfigure the chef server components for all Chef Server services to be configured properly and started.
sudo chef-server-ctl reconfigure
Be patient as this may take some time to complete.
.....................................................
Recipe: private-chef::partybus
* execute[set initial migration level] action run
- execute cd /opt/opscode/embedded/service/partybus && ./bin/partybus init
* ruby_block[migration-level file sanity check] action run (skipped due to not_if)
Recipe: private-chef::rabbitmq
* script[hard_kill_rabbitmq] action run
- execute "bash" "/tmp/chef-script20190920-14976-1jvsbez"
Running handlers:
Running handlers complete
Chef Infra Client finished, 482/1032 resources updated in 02 minutes 26 seconds
Chef Server Reconfigured!
Chef Server components status can be checked by running the command:
$ sudo chef-server-ctl status run: bookshelf: (pid 14851) 90s; run: log: (pid 9251) 174s run: nginx: (pid 14681) 92s; run: log: (pid 9869) 130s run: oc_bifrost: (pid 14586) 93s; run: log: (pid 8936) 194s run: oc_id: (pid 14678) 92s; run: log: (pid 8961) 190s run: opscode-erchef: (pid 14882) 90s; run: log: (pid 9395) 168s run: opscode-expander: (pid 14742) 90s; run: log: (pid 9115) 180s run: opscode-solr4: (pid 14714) 91s; run: log: (pid 9039) 184s run: postgresql: (pid 14576) 93s; run: log: (pid 8432) 206s run: rabbitmq: (pid 15362) 85s; run: log: (pid 10142) 124s run: redis_lb: (pid 9480) 164s; run: log: (pid 9479) 164s
All Chef Server services will run under the username/group opscode
. The username for PostgreSQL is opscode-pgsql
.
If you’re using firewalld, open port http and https ports.
sudo firewall-cmd --permanent --add-service={http,https}
sudo firewall-cmd --reload
Step 4: Create Admin user and Organization
Admin user account is not created automatically upon installation. We need to create one.
The syntax for creating user is:
chef-server-ctl user create USERNAME FIRST_NAME [MIDDLE_NAME] LAST_NAME EMAIL PASSWORD
Save variables required and run user creation commands.
# Set values
USERNAME="chefadmin"
FIRST_NAME="Chef"
LAST_NAME="Administrator"
EMAIL="[email protected]"
KEY_PATH="/root/chefadmin.pem"
# Create user
sudo chef-server-ctl user-create ${USERNAME} ${FIRST_NAME} ${LAST_NAME} ${EMAIL} -f ${KEY_PATH} --prompt-for-password
Used options:
- –prompt-for-password : Prompt for user password
- -f: Write private key to file specified rather than STDOUT
To view list of users, run:
$ sudo chef-server-ctl user-list
chefadmin
pivotal
Create Chef Organization
Next is to create an organization. An organization is the top-level entity for role-based access control in the Chef Infra Server. The Chef Infra Server supports multiple organizations.
The org-create
subcommand is used to create an organization. Full command syntax is:
$ chef-server-ctl org-create ORG_NAME "ORG_FULL_NAME" \
--association_user USERNAME --filename ORGANIZATION-validator.pem (options)
Notes:
- The name must begin with a lower-case letter or digit,
- The full name must begin with a non-white space character
- The
--association_user
option will associate theuser
with the admins security group on the Chef server. - An RSA private key is generated automatically. This is the chef-validator key and should be saved to a safe location.
- The
--filename
option will save the RSA private key to the specified absolute path.
Example:
sudo chef-server-ctl org-create neveropen 'ComputingForGeeks, Inc.' \
--association_user chefadmin \
--filename /root/neveropen-validator.pem
Verify organization creation:
$ sudo chef-server-ctl org-list
neveropen
You should have to RSA private keys under /root – For user and organization.
$ sudo find /root -name "*.pem" /root/chefadmin.pem /root/neveropen-validator.pem
Step 5: Install Chef Manage (Optional)
Chef Manage is a premium add-on that provides a graphical user
interface for managing common Chef server tasks. It’s free for up to 25
nodes.
Let’s install the management console
sudo chef-server-ctl install chef-manage sudo chef-server-ctl reconfigure sudo chef-manage-ctl reconfigure
You should be able to access the Chef web admin dashboard on https://serverip/login. Login with created admin user and password.
Chef Manage dashboard:
Install additional packages from https://packages.chef.io/
Learning course:
Step 6: Install Chef Workstation
Our next article will cover installation of Chef Client & Workstation on RHEL / CentOS 8.
How To Install Chef Workstation on CentOS 8 / RHEL 8
Also check related guides:
How to configure Chef Knife, Upload Cookbooks and Run a recipe on Chef Client Nodes
How to install Chef Development Kit / Workstation on Ubuntu 18.04
How to install Chef Development Kit on Arch Linux