Installing workstation for managing Chef server

by Leave a Comment

A workstation is a computer that is configured to run knife, to synchronize with the chef-repo, and interact with a single Chef server. The workstation is the location from which most users will do most of their work.

We need ti install on our workstation:

  • knife
  • chef-sdk
  • chef-repo
  • ruby

 

Let's start.

#wget https://opscode-omnibus-packages.s3.amazonaws.com/el/6/x86_64/chefdk-0.7.0-1.el6.x86_64.rpm

#rpm -Uhv chefdk-0.7.0-1.el6.x86_64.rpm

 

 

After the installation, you can verify that all of the components are available in their expected location through the new chef command:

 

# chef verify

Running verification for component 'berkshelf'

Running verification for component 'test-kitchen'

Running verification for component 'chef-client'

Running verification for component 'chef-dk'

Running verification for component 'chef-provisioning'

Running verification for component 'chefspec'

Running verification for component 'rubocop'

Running verification for component 'fauxhai'

Running verification for component 'knife-spork'

Running verification for component 'kitchen-vagrant'

Running verification for component 'package installation'

Running verification for component 'openssl'

……………..

———————————————

Verification of component 'rubocop' succeeded.

Verification of component 'knife-spork' succeeded.

Verification of component 'openssl' succeeded.

Verification of component 'berkshelf' succeeded.

Verification of component 'chef-dk' succeeded.

Verification of component 'fauxhai' succeeded.

Verification of component 'test-kitchen' succeeded.

Verification of component 'chef-provisioning' succeeded.

Verification of component 'kitchen-vagrant' succeeded.

Verification of component 'chefspec' succeeded.

Verification of component 'chef-client' succeeded.

Verification of component 'package installation' succeeded.

 

Install ruby if you have no it. Then:

 

#echo 'eval "$(chef shell-init bash)"' >> ~/.bash_profile

#chef generate app chef-repo

 

Generate chef repo:

 

#chef generate app chef-repo

 

Create .chef Directory

The .chef directory is used to store three files:

  • knife.rb
  • ORGANIZATION-validator.pem
  • vovando.pem

Download files listed above into .chef directory, after that try to connect with knife to Chef server.

[root@.chef]# knife cookbook list

ERROR: SSL Validation failure connecting to host: chef – SSL_connect returned=1 errno=0 state=error: certificate verify failed

ERROR: Could not establish a secure connection to the server.

Use `knife ssl check` to troubleshoot your SSL configuration.

If your Chef Server uses a self-signed certificate, you can use

`knife ssl fetch` to make knife trust the server's certificates.

 

Original Exception: OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=error: certificate verify failed

Get SSL Certificates

Chef server 12 enables SSL verification by default for all requests made to the server, such as those made by knife and the chef-client. The certificate that is generated during the installation of the Chef server is self-signed, which means there isn’t a signing certificate authority (CA) to verify. In addition, this certificate must be downloaded to any machine from which knife and/or the chef-client will make requests to the Chef server.

Use the knife ssl fetch command to pull the SSL certificate down from the Chef server:

[root@.chef]# knife ssl fetch

WARNING: Certificates from chef will be fetched and placed in your trusted_cert

directory (/root/chef-repo/.chef/trusted_certs).

 

Knife has no means to verify these are the correct certificates. You should

verify the authenticity of these certificates after downloading.

 

[root@.chef]# knife user list

vovando

 

Is it working? Good. 

That's all for today.