Installing Chef-Server on Amazon EC2
The following article explains the simple steps needed to configure a Private Chef Server on AWS EC2 environment. We have used Ubuntu 12.04 LTS as the operating system for the Chef Server.
The Chef server is installed on m1.large EC2 instance using Ubuntu 12.04 (ami-3d4ff254). The instance capacity should be chosen depending upon the number of client nodes, concurrency expected and the size of the executable to be transferred to the clients. You can start with m1.small if your installation is small and gradually move to m1.large depending upon growth. We have noticed m1.large EC2 instance is quite sufficient for managing hundreds of nodes. It is also recommended to use EBS or EBS optimized +PIOPS for the persisting the Chef server instead of using ephemeral disks (You do not want lose the data stored in your configuration management server).
Create a security group on Amazon Web Services Firewall and enable ports 4000, 4040 and 22. Chef server communicates with other nodes on port 4000. Chef Web-UI uses port 4040. As usual port 22 is enabled for SSH.
Steps to install Chef Server:
1. To get started, first add the Opscode repository to the server’s apt sources using the code below. This code will only work on an Ubuntu 12.04 server.
echo "deb http://apt.opscode.com/ precise-0.10 main" | sudo tee /etc/apt/sources.list.d/opscode.list
2. Now add the GPG key and update the apt index:
sudo mkdir -p /etc/apt/trusted.gpg.d
gpg --keyserver keys.gnupg.net --recv-keys 83EF826A
gpg --export firstname.lastname@example.org | sudo tee /etc/apt/trusted.gpg.d/opscode-keyring.gpg > /dev/null
3. Update Latest Packages on Amazon EC2 Instance
sudo apt-get update
4. Add in the Opscode keyring. This ensures that your Opscode key is always up to date.
sudo apt-get install opscode-keyring # permanent upgradeable keyring
5. Run this to update all existing packages already present on the server
sudo apt-get upgrade
6. Install the Chef Server packages
Install chef server packages and step through the prompts. When you are prompted to enter the URL of your Chef server, enter your EC2 public DNS or Elastic IP/URL. You will then be prompted to create a password for the Chef user and for the Chef Web-UI admin user.
sudo apt-get install chef chef-server
7. Create Chef Repository and transfer Chef Certificates
mkdir -p ~/.chef
sudo cp /etc/chef/validation.pem /etc/chef/webui.pem ~/.chef
sudo chown -R $USER ~/.chef
8. Configure knife client on the server
Knife is the Chef command line management interface that allows users to interact with the Chef server API, local Chef Repository interface and other Chef nodes.
Run the knife configuration command shown below
knife configure -i
This command prepares the instance to start communicating with other Chef instances. Server location: Enter the actual EC2 DNS or Elastic IP with port 4000 so it points to Chef. Key Location: The program will request this information twice. This information will direct the Chef server to the necessary certification files.
In the first instance it will request for the admin client’s private key. Point to the key location created in the above step as shown below. This points the Chef Configuration file to the Web-UI certificate.
For the second instance, it will request for the validation key. Point to the validation.pem file created in the above step. This will direct the Chef Configuration file to the validation certificate.
9. Check whether Chef-Server is running
“ps -ef | grep chef “ will list you all chef-server related services.
This article was co-authored with ram. His linkedin handle in.linkedin.com/in/ramprasadguru