Sunday, January 27, 2013

Installing Chef Server in Amazon EC2

Installing Chef-Server on Amazon EC2

The following article explains the simple steps needed to configure a Private Chef Server on AWS EC2 environment. We have used Ubuntu 12.04 LTS as the operating system for the Chef Server.

The Chef server is installed on m1.large EC2 instance using Ubuntu 12.04 (ami-3d4ff254). The instance capacity should be chosen depending upon the number of client nodes, concurrency expected and the size of the executable to be transferred to the clients. You can start with m1.small if your installation is small and gradually move to m1.large depending upon growth. We have noticed m1.large EC2 instance is quite sufficient for managing hundreds of nodes. It is also recommended to use EBS or EBS optimized +PIOPS for the persisting the Chef server instead of using ephemeral disks (You do not want lose the data stored in your configuration management server).
Create a security group on Amazon Web Services Firewall and enable ports 4000, 4040 and 22. Chef server communicates with other nodes on port 4000. Chef Web-UI uses port 4040. As usual port 22 is enabled for SSH.

Steps to install Chef Server:

1. To get started, first add the Opscode repository to the server’s apt sources using the code below. This code will only work on an Ubuntu 12.04 server.

echo "deb precise-0.10 main" | sudo tee /etc/apt/sources.list.d/opscode.list

2. Now add the GPG key and update the apt index:
sudo mkdir -p /etc/apt/trusted.gpg.d
gpg --keyserver --recv-keys 83EF826A
gpg --export | sudo tee /etc/apt/trusted.gpg.d/opscode-keyring.gpg > /dev/null

3. Update Latest Packages on Amazon EC2 Instance

sudo apt-get update

4. Add in the Opscode keyring. This ensures that your Opscode key is always up to date.

sudo apt-get install opscode-keyring # permanent upgradeable keyring

5. Run this to update all existing packages already present on the server

sudo apt-get upgrade

6. Install the Chef Server packages
Install chef server packages and step through the prompts. When you are prompted to enter the URL of your Chef server, enter your EC2 public DNS or Elastic IP/URL. You will then be prompted to create a password for the Chef user and for the Chef Web-UI admin user.

sudo apt-get install chef chef-server

7. Create Chef Repository and transfer Chef Certificates

mkdir -p ~/.chef
sudo cp /etc/chef/validation.pem /etc/chef/webui.pem ~/.chef
sudo chown -R $USER ~/.chef

8. Configure knife client on the server

Knife is the Chef command line management interface that allows users to interact with the Chef server API, local Chef Repository interface and other Chef nodes.
Run the knife configuration command shown below

knife configure -i

This command prepares the instance to start communicating with other Chef instances. Server location: Enter the actual EC2 DNS or Elastic IP with port 4000 so it points to Chef. Key Location: The program will request this information twice. This information will direct the Chef server to the necessary certification files.

In the first instance it will request for the admin client’s private key. Point to the key location created in the above step as shown below. This points the Chef Configuration file to the Web-UI certificate.

[/etc/chef/webui.pem] .chef/webui.pem

For the second instance, it will request for the validation key. Point to the validation.pem file created in the above step. This will direct the Chef Configuration file to the validation certificate.

[/etc/chef/validation.pem] .chef/validation.pem

9. Check whether Chef-Server is running

“ps -ef | grep chef “ will list you all chef-server related services.

This article was co-authored with ram. His linkedin handle

No comments:

Need Consulting help ?


Email *

Message *

All posts, comments, views expressed in this blog are my own and does not represent the positions or views of my past, present or future employers. The intention of this blog is to share my experience and views. Content is subject to change without any notice. While I would do my best to quote the original author or copyright owners wherever I reference them, if you find any of the content / images violating copyright, please let me know and I will act upon it immediately. Lastly, I encourage you to share the content of this blog in general with other online communities for non-commercial and educational purposes.