Learn how to install CHEF Server on CentOS 7 with this step-by-step guide. Follow our detailed instructions to set up and configure your CHEF Server efficiently on a CentOS 7 system. #centlinux #linux #chefserver
Table of Contents
What is CHEF Server?
CHEF is a configuration management tool written in Ruby and ErLang. CHEF is one of the most popular Infrastructure as Code (IAC) tools. By using CHEF, we can streamline the tasks of configuring and maintaining the organization’s servers. CHEF also includes a thin-client management console for maintaining configurations of servers.
CHEF uses Ruby for writing system configuration called “Recipes”. CHEF is distributed under Apache License 2.0 and available to download from GitHub and CHEF’s official download page.
In this article, we will install CHEF server on CentOS 7. We are also installing a management console for CHEF in this article.
Recommended Training for You: The Ultimate Chef Training Course: DevOps Automation
Linux Server Specification
We have provisioned a CentOS 7 virtual machine with following specifications.
- CPU – 3.4 Ghz (2 Cores)
- Memory – 2 GB
- Storage – 20 GB
- Operating System – CentOS 7.6
- Hostname – chef-server-01.example.com
- IP Address – 192.168.116.199 /24
Install CHEF Server on CentOS 7
Connect with chef-server-01.example.com using ssh as root user.
Currently, CHEF server is available to download at their official website.
# cd /tmp # curl -O https://packages.chef.io/files/stable/chef-server/13.0.17/el/7/chef-server-core-13.0.17-1.el7.x86_64.rpm % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 238M 100 238M 0 0 331k 0 0:12:17 0:12:17 --:--:-- 424k
Once download, install CHEF server on CentOS 7 by using rpm command.
# rpm -ivh chef-server-core-13.0.17-1.el7.x86_64.rpm warning: chef-server-core-13.0.17-1.el7.x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID 83ef826a: NOKEY Preparing... ################################# [100%] Updating / installing... 1:chef-server-core-13.0.17-1.el7 ################################# [100%]
Configure CHEF server as follows.
# chef-server-ctl reconfigure +---------------------------------------------+ Chef License Acceptance Before you can continue, 3 product licenses must be accepted. View the license at https://www.chef.io/end-user-license-agreement/ Licenses that need accepting: * Chef Infra Server * Chef Infra Client * Chef InSpec Do you accept the 3 product licenses (yes/no)? > yes Persisting 3 product licenses... â 3 product licenses persisted. +---------------------------------------------+ Starting Chef Infra Client, version 15.0.300 resolving cookbooks for run list: ["private-chef::default"] Synchronizing Cookbooks: - enterprise (0.15.1) - runit (5.1.1) - packagecloud (1.0.1) - yum-epel (3.3.0) - private-chef (0.1.1) Installing Cookbook Gems: Compiling Cookbooks... Recipe: private-chef::default * directory[/etc/opscode] action create (up to date) * directory[/etc/opscode/logrotate.d] action create - create new directory /etc/opscode/logrotate.d - change mode from '' to '0755' - change owner from '' to 'root' - change group from '' to 'root' - restore selinux security context /var/opt/opscode/local-mode-cache/cookbooks/private-chef/recipes/oc-chef-pedant.rb:41: warning: constant OpenSSL::SSL::SSLContext::METHODS is deprecated Converging 259 resources * link[/usr/bin/private-chef-ctl] action create (up to date) * link[/usr/bin/chef-server-ctl] action create (up to date) * directory[/etc/opscode] action nothing (skipped due to action :nothing) * directory[/etc/opscode/logrotate.d] action nothing (skipped due to action :nothing) * log[opscode_webui deprecation notice] action write (skipped due to only_if) Recipe: private-chef::users * linux_user[opscode] action create - create user opscode * group[opscode] action create - alter group opscode - replace group members with new list of members Recipe: private-chef::private_keys * file[/etc/opscode/pivotal.pem] action create - create new file /etc/opscode/pivotal.pem - update content in file /etc/opscode/pivotal.pem from none to 689221 - suppressed sensitive resource - change mode from '' to '0600' - change owner from '' to 'opscode' - change group from '' to 'root' - restore selinux security context * file[/etc/opscode/webui_priv.pem] action create - create new file /etc/opscode/webui_priv.pem - update content in file /etc/opscode/webui_priv.pem from none to 4d9638 - suppressed sensitive resource - change mode from '' to '0600' - change owner from '' to 'opscode' - change group from '' to 'root' - restore selinux security context * file[/etc/opscode/webui_pub.pem] action create - create new file /etc/opscode/webui_pub.pem - update content in file /etc/opscode/webui_pub.pem from none to 3e4501 - suppressed sensitive resource - change mode from '' to '0644' - change owner from '' to 'root' - change group from '' to 'root' - restore selinux security context Recipe: private-chef::default * file[/etc/opscode/dark_launch_features.json] action create - create new file /etc/opscode/dark_launch_features.json - update content in file /etc/opscode/dark_launch_features.json from none to 05b75f --- /etc/opscode/dark_launch_features.json 2019-09-04 20:24:28.821962036 +0500 +++ /etc/opscode/.chef-dark_launch_features20190904-7539-h4omrn.json 2019-09-04 20:24:28.821962036 +0500 @@ -1 +1,17 @@ +{ + "quick_start": false, + "new_theme": true, + "private-chef": true, + "sql_users": true, + "add_type_and_bag_to_items": true, + "reporting": true, + "actions": true, + "503_mode": false, + "couchdb_containers": false, + "couchdb_groups": false, + "couchdb_acls": false, + "couchdb_association_requests": false, + "couchdb_organizations": false, + "couchdb_associations": false +} - change mode from '' to '0644' - change owner from '' to 'opscode' - change group from '' to 'root' - restore selinux security context * directory[/etc/chef] action create - change mode from '0755' to '0775' - change group from 'root' to 'opscode' - restore selinux security context * directory[/var/opt/opscode] action create (up to date) * directory[/var/log/opscode] action create - create new directory /var/log/opscode - change mode from '' to '0755' - change owner from '' to 'opscode' - change group from '' to 'opscode' - restore selinux security context Recipe: enterprise::runit * component_runit_supervisor[private_chef] action create * template[/etc/systemd/system/private_chef-runsvdir-start.service] action create - create new file /etc/systemd/system/private_chef-runsvdir-start.service - update content in file /etc/systemd/system/private_chef-runsvdir-start.service from none to 27231f --- /etc/systemd/system/private_chef-runsvdir-start.service 2019-09-04 20:24:28.936962034 +0500 +++ /etc/systemd/system/.chef-private_chef-runsvdir-start20190904-7539-1hczk0s.service 2019-09-04 20:24:28.936962034 +0500 @@ -1 +1,11 @@ +[Unit] +Description=private_chef Runit Process Supervisor +After=network.target auditd.service + +[Service] +ExecStart=/opt/opscode/embedded/bin/runsvdir-start +Restart=always + +[Install] +WantedBy=multi-user.target - change mode from '' to '0644' - change owner from '' to 'root' - change group from '' to 'root' - restore selinux security context * execute[systemctl daemon-reload] action run - execute systemctl daemon-reload * execute[systemctl daemon-reload] action nothing (skipped due to action :nothing) * file[/usr/lib/systemd/system/private_chef-runsvdir-start.service] action delete (up to date) * service[private_chef-runsvdir-start.service] action enable - enable service service[private_chef-runsvdir-start.service] * service[private_chef-runsvdir-start.service] action start - start service service[private_chef-runsvdir-start.service] Recipe: private-chef::sysctl-updates * execute[sysctl-reload] action nothing (skipped due to action :nothing) * bash[dual ip4/ip6 portbind] action run (skipped due to only_if) Recipe: private-chef::fix_permissions * execute[find /opt/opscode/embedded/lib/ruby/gems/*/gems -perm /u=x,g=x,o=x -exec chmod 755 {} ;] action run - execute find /opt/opscode/embedded/lib/ruby/gems/*/gems -perm /u=x,g=x,o=x -exec chmod 755 {} ; * execute[find /opt/opscode/embedded/lib/ruby/gems/*/gems -perm /u=r,g=r,o=r ! -perm /u=x -exec chmod 644 {} ;] action run ... ... ... Recipe: private-chef::opscode-erchef * component_runit_service[opscode-erchef] action restart Recipe: <Dynamically Defined Resource> * service[opscode-erchef] action nothing (skipped due to action :nothing) * runit_service[opscode-erchef] action restart (up to date) (up to date) Recipe: private-chef::partybus * execute[set initial migration level] action run - execute cd /opt/opscode/embedded/service/partybus && ./bin/partybus init * ruby_block[migration-level file sanity check] action run (skipped due to not_if) Recipe: private-chef::rabbitmq * script[hard_kill_rabbitmq] action run - execute "bash" "/tmp/chef-script20190904-7539-il7d0v" Running handlers: Running handlers complete Chef Infra Client finished, 482/1028 resources updated in 05 minutes 44 seconds Chef Server Reconfigured!
Check status of the CHEF server components.
# chef-server-ctl status run: bookshelf: (pid 36604) 569s; run: log: (pid 30489) 749s run: nginx: (pid 36571) 575s; run: log: (pid 31865) 667s run: oc_bifrost: (pid 36483) 580s; run: log: (pid 29963) 804s run: oc_id: (pid 36560) 577s; run: log: (pid 30055) 778s run: opscode-erchef: (pid 37511) 475s; run: log: (pid 30679) 743s run: opscode-expander: (pid 36594) 571s; run: log: (pid 30282) 761s run: opscode-solr4: (pid 36586) 572s; run: log: (pid 30176) 767s run: postgresql: (pid 36479) 582s; run: log: (pid 29399) 829s run: rabbitmq: (pid 37285) 522s; run: log: (pid 32136) 660s run: redis_lb: (pid 31083) 708s; run: log: (pid 31082) 708s
Create an Admin user for CHEF server administration.
# chef-server-ctl user-create admin admin admin admin@chef-server-01.example.com 'abc123' -f /etc/chef/admin.pem
We have provided the values in the above command based on following syntax.
chef-server-ctl user-create USER_NAME FIRST_NAME LAST_NAME EMAIL 'PASSWORD' -f PATH_FILE_NAME
Create an Organization to hold CHEF server configurations.
# chef-server-ctl org-create sysadminrecipes "Ahmer's SysAdmin Recipes" --association_user admin -f /etc/chef/sysadminrecipes-validator.pem
We have provided the values according to following syntax.
chef-server-ctl org-create SHORT_ORG_NAME FULL_ORG_NAME --association_user USER_NAME --filename ORGANIZATION-validator.pem
Configure Linux Firewall
Allow HTTP and HTTPS service ports in Linux Firewall.
# firewall-cmd --permanent --add-service={http,https} success # firewall-cmd --reload success
Install CHEF Management Console on CentOS 7
Install CHEF Management console using following command.
# chef-server-ctl install chef-manage Starting Chef Infra Client, version 15.0.300 resolving cookbooks for run list: ["private-chef::add_ons_wrapper"] Synchronizing Cookbooks: - enterprise (0.15.1) - runit (5.1.1) - packagecloud (1.0.1) - yum-epel (3.3.0) - private-chef (0.1.1) Installing Cookbook Gems: Compiling Cookbooks... Converging 4 resources Recipe: private-chef::add_ons_wrapper * ruby_block[addon_install_notification_chef-manage] action nothing (skipped due to action :nothing) * remote_file[/var/opt/opscode/local-mode-cache/chef-manage-2.5.16-1.el7.x86_64.rpm] action create - create new file /var/opt/opscode/local-mode-cache/chef-manage-2.5.16-1.el7.x86_64.rpm - update content in file /var/opt/opscode/local-mode-cache/chef-manage-2.5.16-1.el7.x86_64.rpm from none to 8b14a7 (file sizes exceed 10000000 bytes, diff output suppressed) - restore selinux security context * ruby_block[locate_addon_package_chef-manage] action run - execute the ruby block locate_addon_package_chef-manage * yum_package[chef-manage] action install - install version 2.5.16-1.el7 of package chef-manage * ruby_block[addon_install_notification_chef-manage] action run - execute the ruby block addon_install_notification_chef-manage Running handlers: -- Installed Add-On Package: chef-manage - #<Class:0x0000000005722e50>::AddonInstallHandler Running handlers complete Chef Infra Client finished, 4/5 resources updated in 08 minutes 30 seconds
Now, we have to reconfigure CHEF server.
# chef-server-ctl reconfigure ... Recipe: private-chef::nginx * component_runit_service[nginx] action restart Recipe: <Dynamically Defined Resource> * service[nginx] action nothing (skipped due to action :nothing) * runit_service[nginx] action restart (up to date) (up to date) Running handlers: Running handlers complete Chef Infra Client finished, 52/553 resources updated in 01 minutes 48 seconds Chef Server Reconfigured!
Configure CHEF management console as follows.
# chef-manage-ctl reconfigure To use this software, you must agree to the terms of the software license agreement. Press any key to continue. Type 'yes' to accept the software license agreement, or anything else to cancel. yes ... ... ... Cloning resource attributes for directory[/var/log/chef-manage/worker] from prior resource Previous directory[/var/log/chef-manage/worker]: /opt/chef-manage/embedded/cookbooks/cache/cookbooks/private_chef_addon/providers/default.rb:42:in `block in create_log_directories' Current directory[/var/log/chef-manage/worker]: /opt/chef-manage/embedded/cookbooks/cache/cookbooks/private_chef_addon/providers/default.rb:42:in `block in create_log_directories' at 1 location: - /opt/chef-manage/embedded/cookbooks/cache/cookbooks/private_chef_addon/providers/default.rb:42:in `block in create_log_directories' See https://docs.chef.io/deprecations_resource_cloning.html for further details. Chef Client finished, 90/269 resources updated in 01 minutes 36 seconds chef-manage Reconfigured!
Access CHEF Management Console
Open URL https://chef-server-01.example.com/ in a web browser.
The browser displays a security warning because our CHEF server uses a self signed certificate.
Ignore the warning and continue to the website.
Login as Admin user that we have created above.
We are now at the Dashboard of CHEF Management console.
To start working on your CHEF Server, we recommend you to obtain a copy of Chef Cookbook (PAID LINK) by Packt Publishing. This book contains many recipes for common servers’ configurations.
Final Thoughts
Thank you for following this guide on how to install CHEF Server on CentOS 7. If you need further assistance or prefer a professional to handle the installation, I offer expert services on Fiverr. Visit my Fiverr profile to hire me for a seamless and efficient setup. Let me help you get your CHEF Server up and running smoothly!