2012-05-18 20:54:51 +00:00
=================
Installing Chef
=================
Chef defines three types of entities:
2012-06-07 17:08:16 +00:00
#. **Chef Nodes:** Run `` chef-client `` , which installs and manages software.
#. **Chef Server:** Interacts with `` chef-client `` on Chef nodes.
#. **Chef Workstation:** Manages the Chef server.
2012-05-18 20:54:51 +00:00
.. image :: ../images/chef.png
See `Chef Architecture Introduction`_ for details.
2012-08-28 17:55:04 +00:00
.. _createuser:
2012-06-07 17:08:16 +00:00
Create a `` chef `` User
----------------------
The `` chef-client `` command requires the proper privileges to install and manage
installations. On each Chef node, we recommend creating a `` chef `` user with
full `` root `` privileges. For example::
ssh user@chef-node
sudo useradd -d /home/chef -m chef
sudo passwd chef
2012-06-28 18:41:08 +00:00
To provide full privileges, add the following to `` /etc/sudoers.d/chef `` . ::
2012-06-07 17:08:16 +00:00
echo "chef ALL = (root) NOPASSWD:ALL" | sudo tee /etc/sudoers.d/chef
sudo chmod 0440 /etc/sudoers.d/chef
If you are using a version of `` sudo `` that doesn't support includes, you will
need to add the following to the `` /etc/sudoers `` file::
chef ALL = (root) NOPASSWD:ALL
.. important :: Do not change the file permissions on `` /etc/sudoers `` . Use a
suitable tool such as `` visudo `` .
2012-08-28 17:55:04 +00:00
.. _genkeys:
2012-06-07 17:08:16 +00:00
Generate SSH Keys for Chef Clients
----------------------------------
Chef's `` knife `` tool can run `` ssh `` . To streamline deployments, we
recommend generating an SSH key pair without a passphrase for your
Chef nodes and copying the public key(s) to your Chef nodes so that you
can connect to them from your workstation using `` ssh `` from `` knife ``
without having to provide a password. To generate a key pair without
a passphrase, execute the following on your Chef workstation. ::
ssh-keygen
Generating public/private key pair.
Enter file in which to save the key (/ceph-admin/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /ceph-admin/.ssh/id_rsa.
Your public key has been saved in /ceph-admin/.ssh/id_rsa.pub.
You may use RSA or DSA keys. Once you generate your keys, copy them to each
OSD host. For example::
ssh-copy-id chef@your-node
Consider modifying your `` ~/.ssh/config `` file so that it defaults to
logging in as `` chef `` when no username is specified. ::
Host myserver01
Hostname myserver01.fqdn-or-ip-address.com
User chef
Host myserver02
Hostname myserver02.fqdn-or-ip-address.com
User chef
2012-05-18 20:54:51 +00:00
2012-08-28 17:55:04 +00:00
.. _installruby:
2012-05-18 20:54:51 +00:00
Installing Ruby
---------------
Chef requires you to install Ruby. Use the version applicable to your current
2012-06-07 17:08:16 +00:00
Linux distribution and install Ruby on all of your hosts. ::
2012-05-18 20:54:51 +00:00
sudo apt-get update
sudo apt-get install ruby
2012-08-28 17:55:04 +00:00
.. _installchefserver:
2012-06-07 17:08:16 +00:00
Installing Chef and Chef Server on a Server
-------------------------------------------
If you plan on hosting your `Chef Server at Opscode`_ you may skip this step,
but you must make a note of the the fully qualified domain name or IP address
of your Chef Server for `` knife `` and `` chef-client `` .
2012-05-18 20:54:51 +00:00
2012-06-07 17:08:16 +00:00
First, add Opscode packages to your APT configuration. For example::
2012-05-18 20:54:51 +00:00
sudo tee /etc/apt/sources.list.d/chef.list << EOF
2012-05-23 23:12:06 +00:00
deb http://apt.opscode.com/ $(lsb_release -cs)-0.10 main
deb-src http://apt.opscode.com/ $(lsb_release -cs)-0.10 main
2012-05-18 20:54:51 +00:00
EOF
2012-06-07 17:08:16 +00:00
Next, you must request keys so that APT can verify the packages. Copy
and paste the following line into your command line::
2012-05-18 20:54:51 +00:00
2012-06-07 17:08:16 +00:00
sudo touch /etc/apt/trusted.gpg.d/opscode-keyring.gpg && sudo gpg --fetch-key http://apt.opscode.com/packages@opscode.com.gpg.key && sudo gpg --export 83EF826A | sudo apt-key --keyring /etc/apt/trusted.gpg.d/opscode-keyring.gpg add - && sudo gpg --yes --delete-key 83EF826A
2012-05-18 20:54:51 +00:00
2012-06-07 17:08:16 +00:00
The key is only used by `` apt `` , so remove it from the `` root `` keyring by
typing `` Y `` when prompted to delete it.
2012-05-18 20:54:51 +00:00
2012-06-07 17:08:16 +00:00
Install the Opscode keyring, Chef and Chef server on the host designated
2012-06-28 18:41:08 +00:00
as your Chef Server. ::
2012-05-18 20:54:51 +00:00
2012-06-07 17:08:16 +00:00
sudo apt-get update && sudo apt-get upgrade && sudo apt-get install opscode-keyring chef chef-server
2012-05-18 20:54:51 +00:00
2012-06-07 17:08:16 +00:00
Enter the fully qualified domain name or IP address for your Chef server. For example::
http://fqdn-or-ip-address.com:4000
2012-05-18 20:54:51 +00:00
The Chef server installer will prompt you to enter a temporary password. Enter
2012-06-07 17:08:16 +00:00
a temporary password (*e.g.,* `` foo `` ) and proceed with the installation.
2012-05-18 20:54:51 +00:00
2012-06-07 17:08:16 +00:00
.. tip :: When prompted for a temporary password, you may press **OK** .
The installer wants you to re-enter the password to confirm it. To
re-enter the password, you must press the **ESC** key.
2012-05-18 20:54:51 +00:00
2012-06-07 17:08:16 +00:00
Once the installer finishes and activates the Chef server, you may enter the
fully qualified domain name or IP address in a browser to launch the
Chef web UI. For example::
2012-05-18 20:54:51 +00:00
2012-06-07 17:08:16 +00:00
http://fqdn-or-ip-address.com:4000
2012-05-18 20:54:51 +00:00
The Chef web UI will prompt you to enter the username and password.
- **login:** `` admin ``
- **password:** `` foo ``
Once you have entered the temporary password, the Chef web UI will prompt you
to enter a new password.
2012-08-28 17:55:04 +00:00
.. _installchef:
2012-06-07 17:08:16 +00:00
Install Chef on all Remaining Hosts
-----------------------------------
Install Chef on all Chef Nodes and on the Chef Workstation (if it is not the
same host as the Chef Server). See `Installing Chef Client on Ubuntu or Debian`_
for details.
First, add Opscode packages to your APT configuration. For example::
sudo tee /etc/apt/sources.list.d/chef.list << EOF
deb http://apt.opscode.com/ $(lsb_release -cs)-0.10 main
deb-src http://apt.opscode.com/ $(lsb_release -cs)-0.10 main
EOF
Next, you must request keys so that APT can verify the packages. Copy
and paste the following line into your command line::
sudo touch /etc/apt/trusted.gpg.d/opscode-keyring.gpg && sudo gpg --fetch-key http://apt.opscode.com/packages@opscode.com.gpg.key && sudo gpg --export 83EF826A | sudo apt-key --keyring /etc/apt/trusted.gpg.d/opscode-keyring.gpg add - && sudo gpg --yes --delete-key 83EF826A
The key is only used by `` apt `` , so remove it from the `` root `` keyring by
typing `` Y `` when prompted to delete it.
2012-06-28 18:41:08 +00:00
Install the Opscode keyring and Chef on all hosts other than the Chef Server. ::
2012-06-07 17:08:16 +00:00
sudo apt-get update && sudo apt-get upgrade && sudo apt-get install opscode-keyring chef
Enter the fully qualified domain name or IP address for your Chef server.
For example::
http://fqdn-or-ip-address.com:4000
2012-08-28 17:55:04 +00:00
.. _configknife:
2012-06-07 17:08:16 +00:00
2012-05-18 20:54:51 +00:00
Configuring Knife
-----------------
2012-06-07 17:08:16 +00:00
Once you complete the Chef server installation, install `` knife `` on the your
Chef Workstation. If the Chef server is a remote host, use `` ssh `` to connect. ::
2012-05-18 20:54:51 +00:00
2012-06-07 17:08:16 +00:00
ssh chef@fqdn-or-ip-address.com
2012-05-18 20:54:51 +00:00
2012-06-07 17:08:16 +00:00
In the `` /home/chef `` directory, create a hidden Chef directory. ::
2012-05-18 20:54:51 +00:00
mkdir -p ~/.chef
The server generates validation and web UI certificates with read/write
permissions for the user that installed the Chef server. Copy them from the
`` /etc/chef `` directory to the `` ~/.chef `` directory. Then, change their
ownership to the current user. ::
2012-06-07 17:08:16 +00:00
2012-06-20 22:10:23 +00:00
sudo cp /etc/chef/validation.pem /etc/chef/webui.pem ~/.chef && sudo chown $(id -u):$(id -g) ~/.chef/*.pem
2012-05-18 20:54:51 +00:00
From the current user's home directory, configure `` knife `` with an initial
API client. ::
knife configure -i
The configuration will prompt you for inputs. Answer accordingly:
*Where should I put the config file? [~/.chef/knife.rb]* Press **Enter**
to accept the default value.
*Please enter the chef server URL:* If you are installing the
client on the same host as the server, enter `` http://localhost:4000 `` .
Otherwise, enter an appropriate URL for the server.
*Please enter a clientname for the new client:* Press **Enter**
to accept the default value.
*Please enter the existing admin clientname:* Press **Enter**
to accept the default value.
*Please enter the location of the existing admin client's private key:*
Override the default value so that it points to the `` .chef `` directory.
2012-06-07 17:08:16 +00:00
(*e.g.,* `` /home/chef/.chef/webui.pem `` )
2012-05-18 20:54:51 +00:00
*Please enter the validation clientname:* Press **Enter** to accept
the default value.
*Please enter the location of the validation key:* Override the
default value so that it points to the `` .chef `` directory.
2012-06-07 17:08:16 +00:00
(*e.g.,* `` /home/chef/.chef/validation.pem `` )
2012-05-18 20:54:51 +00:00
*Please enter the path to a chef repository (or leave blank):*
Leave the entry field blank and press **Enter** .
2012-08-28 17:55:04 +00:00
.. _addcbpath:
2012-06-20 22:10:23 +00:00
Add a Cookbook Path
-------------------
2012-06-28 18:41:08 +00:00
Add `` cookbook_path `` to the `` ~/.chef/knife.rb `` configuration file
2012-06-20 22:10:23 +00:00
on your Chef workstation. For example::
2012-06-28 18:41:08 +00:00
cookbook_path '/home/{user-name}/chef-cookbooks/'
2012-06-20 22:10:23 +00:00
2012-06-28 18:41:08 +00:00
Then create the path if it doesn't already exist. ::
2012-06-20 22:10:23 +00:00
mkdir /home/{user-name}/chef-cookbooks
This is where you will store local copies of cookbooks before uploading
them to the Chef server.
2012-08-28 17:55:04 +00:00
.. _cpvalpem:
2012-05-23 23:12:06 +00:00
Copy `` validation.pem `` to Nodes
--------------------------------
2012-06-07 17:08:16 +00:00
Copy the `` /etc/chef/validation.pem `` file from your Chef server to
each Chef Node. In a command line shell on the Chef Server, for each node,
replace `` {nodename} `` in the following line with the node's host name and
execute it. ::
2012-07-10 23:11:33 +00:00
sudo cat /etc/chef/validation.pem | ssh {nodename} "exec sudo tee /etc/chef/validation.pem >/dev/null"
2012-05-18 20:54:51 +00:00
2012-08-28 17:55:04 +00:00
.. _runchefcli:
2012-06-07 17:08:16 +00:00
Run `` chef-client `` on each Chef Node
-------------------------------------
Run the `` chef-client `` on each Chef Node so that the nodes
register with the Chef server. ::
ssh chef-node
sudo chef-client
2012-05-18 20:54:51 +00:00
2012-08-28 17:55:04 +00:00
.. _verifynodes:
2012-05-18 20:54:51 +00:00
Verify Nodes
------------
Verify that you have setup all the hosts you want to use as
Chef nodes. ::
knife node list
2012-05-23 23:12:06 +00:00
A list of the nodes you've configured should appear.
2012-05-18 20:54:51 +00:00
2012-05-22 01:22:35 +00:00
See the `Deploy With Chef <../../config-cluster/chef> `_ section for information
on using Chef to deploy your Ceph cluster.
2012-05-18 20:54:51 +00:00
.. _Chef Architecture Introduction: http://wiki.opscode.com/display/chef/Architecture+Introduction
2012-06-07 17:08:16 +00:00
.. _Chef Server at Opscode: http://www.opscode.com/hosted-chef/
2012-05-18 20:54:51 +00:00
.. _Installing Chef Client on Ubuntu or Debian: http://wiki.opscode.com/display/chef/Installing+Chef+Client+on+Ubuntu+or+Debian
.. _Installing Chef Server on Debian or Ubuntu using Packages: http://wiki.opscode.com/display/chef/Installing+Chef+Server+on+Debian+or+Ubuntu+using+Packages
2012-06-07 17:08:16 +00:00
.. _Knife Bootstrap: http://wiki.opscode.com/display/chef/Knife+Bootstrap