Installing
Chef-Server on Amazon EC2
The following
article explains the simple steps needed to configure a Private Chef Server on
AWS EC2 environment. We have used Ubuntu 12.04 LTS as the operating system for
the Chef Server.
The
Chef server is installed on m1.large EC2 instance using Ubuntu 12.04
(ami-3d4ff254). The instance capacity should be chosen depending upon the
number of client nodes, concurrency expected and the size of the executable to
be transferred to the clients. You can start with m1.small if your installation
is small and gradually move to m1.large depending upon growth. We have noticed
m1.large EC2 instance is quite sufficient for managing hundreds of nodes. It is
also recommended to use EBS or EBS optimized +PIOPS for the persisting the Chef
server instead of using ephemeral disks (You do not want lose the data stored
in your configuration management server).
Create
a security group on Amazon Web Services Firewall and enable ports 4000, 4040
and 22. Chef server communicates with other nodes on port 4000. Chef Web-UI
uses port 4040. As usual port 22 is enabled for SSH.
Steps to install Chef Server:
1. To get started, first add the Opscode
repository to the server’s apt sources using the code below. This code will
only work on an Ubuntu 12.04 server.
echo "deb
http://apt.opscode.com/ precise-0.10 main" | sudo tee /etc/apt/sources.list.d/opscode.list
|
2. Now add the GPG key and update the apt index:
sudo mkdir -p
/etc/apt/trusted.gpg.d
gpg
--keyserver keys.gnupg.net --recv-keys 83EF826A
gpg
--export packages@opscode.com | sudo
tee /etc/apt/trusted.gpg.d/opscode-keyring.gpg >
/dev/null
3. Update Latest Packages on
Amazon EC2 Instance
sudo apt-get update
|
4. Add in the Opscode keyring. This ensures that your Opscode key is always up to date.
sudo apt-get install opscode-keyring # permanent upgradeable keyring
|
5.
Run this to update all existing packages already present on the server
sudo apt-get upgrade
|
6. Install the Chef Server
packages
Install
chef server packages and step through the prompts. When you are prompted to enter
the URL of your Chef server, enter your EC2 public DNS or Elastic IP/URL. You
will then be prompted to create a password for the Chef user and for the Chef
Web-UI admin user.
sudo apt-get install chef chef-server
|
7. Create Chef Repository and transfer Chef Certificates
mkdir -p ~/.chef
sudo
cp /etc/chef/validation.pem /etc/chef/webui.pem ~/.chef
sudo
chown -R $USER ~/.chef
8. Configure knife client on the server
Knife is the Chef
command line management interface that allows users to interact with the Chef
server API, local Chef Repository interface and other Chef nodes.
Run the knife configuration
command shown below
knife configure -i
|
This command prepares
the instance to start communicating with other Chef instances. Server location: Enter the actual EC2 DNS or Elastic IP with port
4000 so it points to Chef. Key Location: The program will request this information twice.
This information will direct the Chef server to the necessary certification
files.
In the
first instance it will request for the admin client’s private key. Point to the
key location created in the above step as shown below. This points the Chef Configuration
file to the Web-UI certificate.
[/etc/chef/webui.pem] .chef/webui.pem
|
For the second instance, it will request for the validation key. Point to the validation.pem file created in the above step. This will direct the Chef Configuration file to the validation certificate.
[/etc/chef/validation.pem] .chef/validation.pem
|
9. Check whether Chef-Server is running
“ps -ef
| grep chef “ will list you all chef-server related
services.
This article was co-authored with ram. His linkedin handle in.linkedin.com/in/ramprasadguru
No comments:
Post a Comment