How to install the Chef Server and Chef Client on Ubuntu 20.04

Installing Chef is a challenge, but with a bit of help, you can get it up and running in no time. Jack Wallen shows you how.

How to install the Chef Server and Chef Client on Ubuntu 20.04

Chef is a configuration management tool to assist you in the setup of machines on physical hardware, virtual machines, or in the cloud. Written in Ruby and Erlang, Chef uses a domain-specific language for writing system configuration recipes. With these recipes you are able to, by treating Infrastructure as Code, configure numerous machines at once.

Chef is used by the likes of Facebook, Etsy, Cheezburger, and Indiegogo, so it's a solution that has been proven to work.

I'm going to walk you through the process of installing the Chef Server and Client on Ubuntu 20.04. Recipes are created on the Chef Client and are then distributed via the Chef Server. I will be demonstrating the installation on Ubuntu Server 20.04. 

You can always install the client on a desktop machine if you like--especially for instances where your Chef admins need a GUI to work with. For larger deployments, where you might have numerous admins and developers working with Chef, you'll install one Server and multiple Clients.

SEE: Nextcloud Hub: User tips (free PDF) (TechRepublic)

What you'll need

  • Two running instances of Ubuntu 20.04

  • A user with sudo privileges

How to install the Chef Server

The first thing we'll do is install the Chef Server. To do this, log in to your Ubuntu Server 20.04 instance and download the server core with the command:

wget https://packages.chef.io/files/stable/chef-server/13.1.13/ubuntu/18.04/chef-server-core_13.1.13-1_amd64.deb

Once that file downloads, install the package with the command:

sudo dpkg -i chef-server-core_*.deb

After the installation completes, start the Chef Server services with the command:

sudo chef-server-ctl reconfigure

Now, we need to create a new directory that will house the security keys. Do this with the command:

mkdir ~/.chef

Next, we create a new user, as well as the key file for that user. Issue the command:

sudo chef-server-ctl user-create USERNAME FNAME LNAME EMAIL 'PASSWORD' --filename ~/.chef/USERNAME.pem

Where:

  • USERNAME is the username for the new user

  • FNAME/LNAME are the first and last names of the user

  • EMAIL is the email address of the new user

  • PASSWORD is a strong, unique password for the new user

With the new user created, it's time to create an organization. At the same time, we'll add the new user to the admins and billing admins security groups. This is done with the command:

sudo chef-server-ctl org-create ORGNAME "ORGFULLNAME" --association_user USERNAME --filename ~/.chef/ORGNAME.pem

Where ORGNAME (which must be in all lower case) is the organization name, ORGFULLNAME is the full name of the organization, and USERNAME is the name of the new user you just created.

And that's it for the Server installation.

How to install the Chef Client

Log in to your client machine and download the necessary file with the command:

wget https://packages.chef.io/files/stable/chef-workstation/20.6.62/debian/10/chef-workstation_20.6.62-1_amd64.deb

Once the file download completes, install the software with the command:

sudo dpkg -i chef-workstation*.deb

Next, create a repository on the client with the command:

chef generate repo chef-repo

Create a subdirectory within the repository, that will house the knife configurations, with the command:

mkdir ~/chef-repo/.chef

Change into that newly created repository with the command:

cd ~/chef-repo

How to generate RSA keys and copy them to the server

If you don't already have RSA keys on the client machine, generate them with the command:

ssh-keygen -b 4096

Upload the new key to the server with the command:

ssh-copy-id USER@SERVER

Where USER is the username that generated the keypair and SERVER is the IP address of the server.

How to copy the PEM files from your server to your client

Next, we must copy the PEM files from the server to the client. This is done from the server with the command:

scp USER@CLIENTIP:~/.chef/*.pem ~/chef-repo/.chef/

Where USER is the username that generated the PEM files and CLIENTIP is the IP address of the client machine.

How to add version control

Now we're going to version control into the mix, so you can easily track changes with your cookbooks. If you don't already have Git installed on your client, do so with the command:

sudo apt-get install git -y

When the installation completes, configure Git with the following two commands:

git config --global user.name NAME
git config --global user.email EMAIL

Where NAME is your name and EMAIL is your email address.

Add the .chef directory to gitignore with the command:

echo ".chef" > ~/chef-repo/.gitignore

Change into the repository with the command:

cd ~/chef-repo

Add and commit the files with the commands:

git add .
git commit -m "Initial Commit"

How to generate your first cookbook and configure knife

The next step is to generate your first cookbook with the command:

chef generate cookbook my_cookbook

Once that completes, you'll then need to create a knife configuration file with the command:

nano ~/chef-repo/.chef/config.rb

In that file, paste the following:

current_dir = File.dirname(__FILE__)
log_level                :info
log_location             STDOUT
node_name                'USER'
client_key               "USER.pem"
validation_client_name   'ORGNAME-validator'
validation_key           "ORGNAME-validator.pem"
chef_server_url          'https://SERVER/organizations/ORGNAME'
cache_type               'BasicFile'
cache_options( :path => "#{ENV['HOME']}/.chef/checksums" )
cookbook_path            ["#{current_dir}/../cookbooks"]

Where:

  • USER is the username that generated the client key

  • ORGNAME is the organization name you created

  • SERVER is either the hostname or the IP address of the Chef server

Save and close the file.

Change into the chef-repo directory with the command:

cd ~/chef-repo

Fetch the SSL files from the server with the command:

knife ssl fetch

How to bootstrap a node

The final step is to install and validate the client on the server. Before you do that, you need to edit the hosts file on the client machine with the command:

sudo nano /etc/hosts

In that file add the IP address/hostname of your Chef server in the form of:

192.168.1.17 eaonvm

Make sure to use your server's IP address and hostname. Save and close the file.

Change into the .chef directory with the command:

cd ~/chef-repo/.chef

To bootstrap the node, issue the command:

knife bootstrap SERVER -x USER -P PASSWORD --node-name NODE

Where:

  • SERVER is either the hostname or the IP address of the Chef server

  • USER is the user you've been using

  • PASSWORD is the password for USER

  • NODE is the name of the node

It can get a bit tricky here. If the bootstrapping fails, chances are it's because of how you generated the PEM files. If you used a hostname for the PEM file (instead of an IP address), you'll need to use the hostname for the bootstrapping.

Once the bootstrapping succeeds, you can verify with the command (run on the client):

knife client list

You should see returned ORG-validator (where ORG is the name of the organization you created).

And that's it. You're now ready to start creating cookbooks and using them to configure machines on your network.

Also see

Curios IT Engineer Standing in the Middle of a Working Data Center Server Room. Cloud and Internet Icon Visualization in the Foreground.

Image: iStockphoto/gorodenkoff