Chef Installation

Chef is a powerful configuration management tool that helps automate infrastructure, manage configurations, and ensure consistency across environments. 

Chef Server: Central hub that stores cookbooks, policies, and node metadata
Chef Workstation: Used by admins to develop cookbooks and interact with the server using Knife
Chef Infra Client (Node): Target system managed by Chef
Chef Manage: Web-based UI for managing Chef Server

Download and Upload Chef Packages
Download the required RPM packages from Chef Downloads(https://www.chef.io/downloads) and upload them to the Chef Server using WinSCP or scp.
Packages used in this setup:

• Chef Infra Server: `chef-server-core-14.9.23-1.el7.x86_64.rpm`
• Chef Workstation: `chef-workstation-21.10.640-1.el7.x86_64.rpm`
• Chef Manage: `chef-manage-2.5.4-1.el7.x86_64.rpm`
• Chef Infra Client: `chef-17.6.18-1.el7.x86_64.rpm`

Install Chef Infra Server
Log in as root on the Chef Server and install the package:
# cd /tmp/chef
# dnf install chef-server-core-14.9.23-1.el7.x86_64.rpm -y
Configure the Chef Server:
# chef-server-ctl reconfigure

Chef License Acceptance

Before you can continue, 3 product licenses

must be accepted. View the license at

https://www.chef.io/end-user-license-agreement/

Licenses that need accepting:

• Chef Infra Server
• Chef Infra Client
• Chef InSpec

Do you accept the 3 product licenses (yes/no)?

> yes

Check the status of Chef services:
# chef-server-ctl status

Create Chef Admin User
Create an administrator user:
# chef-server-ctl user-create admin System Admin sysadm@ppc.com 'Welcome@123' \
--filename /etc/opscode/admin.pem

Create the Organization:

# chef-server-ctl org-create chefmng 'chefmanager' --association_user admin --filename /etc/opscode/org-validator.pem

List existing organizations:
# chef-server-ctl org-list
Verify private keys:
# find /etc/opscode/ -name "*.pem"

Install Chef Manage on the Chef Server:

# cd /tmp/chef
# dnf install chef-manage-2.5.4-1.el7.x86_64.rpm -y
# chef-server-ctl reconfigure
# chef-manage-ctl reconfigure

Type 'yes' to accept the software license agreement, or anything else to cancel.

yes

Access the UI in your browser:
https://<chef-server-ip>

Login with user "admin" & password "Welcome@123"

Install Chef Workstation:
On the Chef Workstation machine:
# cd /tmp/chef
# dnf install chef-workstation-21.10.640-1.el7.x86_64.rpm -y
Verify installation:
# chef --version
# knife --version

Set Command Executable Path:

# vi ..bash_profile

export PATH=$PATH:/opt/opscode/bin

Generate a Chef repository:
# chef generate repo chef-repo

+---------------------------------------------+

            Chef License Acceptance

Before you can continue, 1 product license

must be accepted. View the license at

https://www.chef.io/end-user-license-agreement/

License that need accepting:

  * Chef Workstation

Do you accept the 1 product license (yes/no)?

> yes

Create a `.chef` directory for Knife configuration:
# mkdir ~/chef-repo/.chef
# cd ~/chef-repo

Step 7: Configure SSH Access
Generate SSH keys on the Chef Workstation:
# ssh-keygen -b 4096
Copy the public key to the Chef Server:
# ssh-copy-id root@192.168.10.108
Copy the `.pem` files from Chef Server to Workstation:
# scp root@192.168.10.108:/root/*.pem ~/chef-repo/.chef
Verify copied keys:
# ls ~/chef-repo/.chef

Configure Knife:
Create the Knife configuration file:
# vim ~/chef-repo/.chef/config.rb
Add the following content:

current_dir = File.dirname(__FILE__)

log_level                :info

log_location             STDOUT

node_name                "admin"

client_key               "#{current_dir}/admin.pem"

chef_server_url          "https://inddcpchf01.ppc.com/organizations/chefmng"

cookbook_path            ["#{current_dir}/../cookbooks"]

Fetch SSL certificates:
# knife ssl fetch
Verify connectivity:
# knife client list

Install Chef Infra Client
On the client node:

# cd /tmp/chef
# dnf install chef-17.6.18-1.el7.x86_64.rpm -y

Step 10: Bootstrap a Client Node
From the Chef Workstation:
# knife bootstrap <chef client IP Address> --ssh-user <user name> --ssh-password <password> --node-name <chef client node name>
Verify nodes:
# knife node list
# knife node show client-node

Create Cookbook Directory
# mkdir -p ~/chef-repo/cookbooks/sample_nginx
# cd ~/chef-repo/cookbooks/sample_nginx

Generate Cookbook
# chef generate cookbook .

Edit Default Recipe
Edit `recipes/default.rb`:

package 'nginx' do
action :install
end

service 'nginx' do
action [:enable, :start]
end

file '/etc/nginx/sites-available/default' do
content 'server { listen 80; server_name localhost; location / { root /var/www/html; index index.html; } }'
notifies :restart, 'service[nginx]'
end

Upload the cookbook to Chef Server:
# knife cookbook upload sample_nginx
Bootstrap the node with the recipe:
# knife bootstrap <chef client IP Address> --ssh-user <user name> --ssh-password <password> --node-name <chef client node name>
Run Chef Client manually on the node:
# chef-client

Chef Resources:

package (Linux/Unix/Windows)

action ---> :install, :upgrade, :remove, :purge

version ---> Specify version

options ---> Extra CLI options for package manager

timeout ---> Wait time for install

Variables:

node['cookbook']['package_name'] ---> Package name (nginx, httpd, etc.)

node['cookbook']['package_version'] ---> Version to install

service (Linux/Unix/Windows)

action ---> :start, :stop, :restart, :reload, :enable, :disable

supports ---> Hash of supported actions (restart, reload, status)

subscribes ---> Trigger action on resource change

timeout ---> Wait time for service command

Variables:

node['cookbook']['service_name'] ---> Service name

node['cookbook']['service_action'] ---> Desired actions

template

source ---> Template file in cookbook (.erb)

path ---> Target path (override resource name)

owner ---> File owner

group ---> File group

mode ---> File permissions (0644)

variables ---> Hash of variables passed to template (@var)

action ---> :create, :create_if_missing, :delete

notifies ---> Trigger another resource on change

backup ---> Number of backups to keep

Variables:

node['cookbook']['doc_root'] ---> Document root (Linux)

node['cookbook']['iis_root'] ---> IIS root (Windows)

node['cookbook']['port'] ---> Port number

node['cookbook']['server_name'] ---> Server hostname

file

content ---> File content

owner ---> File owner

group ---> File group

mode ---> File permissions (0644)

backup ---> Number of backups to keep

action ---> :create, :delete, :touch

Variables:

node['cookbook']['file_path'] ---> File path

node['cookbook']['file_content'] ---> Content

user

comment ---> User description/full name

uid ---> User ID

home ---> Home directory

shell ---> Login shell

password ---> Hashed password

manage_home ---> Create home directory if true

action ---> :create, :remove, :modify, :lock, :unlock

Variables:

node['cookbook']['user_name'] ---> Username

node['cookbook']['user_home'] ---> Home directory

node['cookbook']['user_shell'] ---> Shell

node['cookbook']['user_password'] ---> Password hash

directory

owner ---> Directory owner

group ---> Directory group

mode ---> Directory permissions (0755)

recursive ---> Create parent directories if missing

action ---> :create, :delete, :nothing

Variables:

node['cookbook']['dir_path'] ---> Path

node['cookbook']['dir_owner'] ---> Owner

node['cookbook']['dir_group'] ---> Group

execute

command ---> Command to execute

cwd ---> Working directory

environment ---> Environment variables

creates ---> Skip execution if file exists

action ---> :run, :nothing

Variables:

node['cookbook']['exec_command'] ---> Command

node['cookbook']['exec_cwd'] ---> Working directory

powershell_script (Windows)

code ---> PowerShell commands to execute

cwd ---> Working directory

guard_interpreter ---> Interpreter for guards (:powershell_script)

action ---> :run, :nothing

Variables:

node['cookbook']['ps_script'] ---> Code string

node['cookbook']['ps_cwd'] ---> Working directory

cron (Linux/Unix)

minute ---> Minute field

hour ---> Hour field

day ---> Day of month

month ---> Month field

weekday ---> Day of week

command ---> Command to execute

user ---> Run as this user

action ---> :create, :delete, :run

Variables:

node['cookbook']['cron_minute'] ---> Minute

node['cookbook']['cron_hour'] ---> Hour

node['cookbook']['cron_command'] ---> Command

node['cookbook']['cron_user'] ---> User

remote_file

source ---> URL or file path to copy from

path ---> Destination path

owner ---> File owner

group ---> File group

mode ---> Permissions (0644)

action ---> :create, :create_if_missing, :delete

checksum ---> Verify file integrity (MD5/SHA256)

Variables:

node['cookbook']['remote_file_source'] ---> URL/path

node['cookbook']['remote_file_path'] ---> Destination

node['cookbook']['remote_file_owner'] ---> Owner

node['cookbook']['remote_file_mode'] ---> Permissions

git

repository ---> Git repo URL

revision ---> Branch, tag, or commit

destination ---> Local clone path

user ---> Run as user

action ---> :checkout, :sync, :export

enable_submodules ---> true/false

Variables:

node['cookbook']['git_repo'] ---> Repo URL

node['cookbook']['git_branch'] ---> Branch or tag

node['cookbook']['git_dest'] ---> Destination path

bash (Linux/Unix)

code ---> Bash commands

cwd ---> Working directory

environment ---> Environment variables

user ---> Run as this user

group ---> Run as this group

action ---> :run, :nothing

Variables:

node['cookbook']['bash_code'] ---> Commands

node['cookbook']['bash_cwd'] ---> Working directory

windows_feature

feature_name ---> Name of Windows feature

action ---> :install, :remove, :nothing

all ---> Install dependent features (true/false)

Variables:

node['cookbook']['feature_name'] ---> Feature to install

ark (Linux/Unix)

url ---> Download URL

path ---> Installation path

owner ---> Owner

group ---> Group

action ---> :put, :install, :cherry_pick

checksum ---> Verify file integrity

Variables:

node['cookbook']['ark_url'] ---> Archive URL

node['cookbook']['ark_path'] ---> Install path