Chef
Just like Puppet, Chef operates using master - node architecture. A standard Chef configuration consist of Chef Workstation, Chef Infra Server and Chef Node. Chef enables you to configure your server environment via code snippets called recipes. A collection of recipes is called a cookbook. These cookbooks are authored on Chef Workstations, and uploaded to the Chef Infra Server, from which the Chef Node fetches the configuration. Chief has an enterprise version, and an open-source version. You can read the documentation freely, but most guides and tutorials are locked behind an enforced account that requests your company information.
Installing Chef Infra Server.#
Before installing, make sure the servers have the following:
An x86_64 compatible system architecture; Red Hat Enterprise Linux and CentOS may require updates prior to installation
A resolvable hostname that is specified using a FQDN or an IP address
A connection to Network Time Protocol (NTP) to prevent clock drift
If host-based firewalls (iptables, ufw, etc.) are being used, ensure that ports 80 and 443 are open. See the firewalls section of the install prerequisites for additional details.
A local mail transfer agent that allows the Chef Infra Server to send email notifications
Using cron and the /etc/cron.d directory for periodic maintenance tasks
Disabling the Apache Qpid daemon on CentOS and Red Hat systems. See the Apache Qpid of the prerequisite documentation for detailed steps.
Optional. A local user account under which services will run, a local user account for PostgreSQL, and a group account under which services will run. See UIDs and GIDs for more information.
Source: https://docs.chef.io/server/install_server/
Download the Infra Server from https://community.chef.io/downloads/tools/infra-server
However, if you check you can see that the newest supported linux version is 18.04 and the version is 12.19.31. For some reason this page details old information. However a newer version can be found from https://docs.chef.io/release_notes_server/
Source: https://docs.chef.io/server/install_server/
wget https://packages.chef.io/files/stable/chef-server/15.10.12/ubuntu/22.04/chef-server-core_15.10.12-1_amd64.deb
This downloads chef-server version 15.10.12 that runs on Ubuntu 22.04 focal, however this seems to also run on Ubuntu 24.04.
at this point it's good to make sure that the server system hostname is equal to the hostname you get when you use nslookup <server ip>. This is because SSL certs are self-issued and might not work with a different hostname.
Add package to repository with
sudo dpkg -i /tmp/chef-server-core-<version>.deb
Once the client is installed, use the below command to start all the services and generate new files (for example if the hostname changed).
sudo chef-server-ctl reconfigure
After this create a administrator user with the below command:
sudo chef-server-ctl user-create USER_NAME FIRST_NAME LAST_NAME EMAIL 'PASSWORD' --filename /home/ubuntu/<user>.pem
After this create an organization:
sudo chef-server-ctl org-create short_name 'full_organization_name' --association_user user_name --filename ORGANIZATION-validator.pem
# Note: --association_user user associates a user to the group as an admin.
After this the Infra Server should be ready. After this we can start installing Chef Workstation.
Installing Chef Workstation#
Download Chef Workstation to your linux workstation. In this example we're using Ubuntu 24.04 running in WSL
wget https://packages.chef.io/files/stable/chef-workstation/24.6.1066/ubuntu/22.04/chef-workstation_24.6.1066-1_amd64.deb
# The newest package is only available for 22.04, but seems to work on 24.04 aswell.
After this, use the package manager to install the application:
dpkg -i chef-workstation_24.6.1066-1_amd64.deb
You can verify if the installation was successfull with chef -v
Connecting Chef Workstation to Chef Infra Server.#
After this you stil need to configure Chef Workstation. Add the chef initialization content to your bash:
echo 'eval "$(chef shell-init bash)"' >> ~/.bashrc
Chef Workstation uses a repository to store the configuration files. This repository should be added to git for version control, but in this scenario we'll just create a local repo that can be added to git later.
chef generate repo <repo-name>
After this, you need to fetch the <user>.pem file from infra server and copy it to ~/.chef/ folder on the Chef Workstation. This is the pem file you found inside the location where you put the file in the user creation phase.
After this on the Chef Workstation, use the command knife configure to initialize the connection to the Infra Server.
Please enter the chef server URL: [https://<CSC.CLOUD.URL/organizations/<organization name>]
Please enter an existing username or clientname for the API: <user>
When this is done, you need to fetch the self signed certificate from the infra server. You can do this with the command
knife ssl fetch
When all of this is done, you can test the SSL connection with the command knife ssl check
Connecting to host xxxxx:443
Successfully verified certificates from `xxxx`
The connectin should be now established.
Adding a infra node#
You can add your development server, or any workstation to chef as a node. This way nodes fetch the configuration from the Infra Server.
First you need to add a SSH key pair to your server node. Save the public key to the workstation. This way you should be able to connect to the node server with SSH from your workstation.
After this, let's use a bootstrap to handle the installation.
On the workstation, use the command knife bootstrap <node server ip> -U ubuntu --sudo
When the installation is finished, you can check the nodes with the command knife client list
ClientServer
InfraServer-validator
Create a cookbook and upload it to infra server#
Cookbooks include multiple recipes. These include the instructions for the servers and how they're supposed to operate. The Chef Infra Language is based on ruby, so some familiarity is needed with the language. More info can be found in https://docs.chef.io/cookbooks/
Go inside the chef-repo directory, and navigate inside the cookbook folder.
Inside there create a new cookbook
chef generate cookbook <name>
After this move inside the recipe folder
cd <cookbook>/recipes
Inside here you will find a default.rb file.
Add the following to the file to install docker on the node server:
execute "update-upgrade" do
command "sudo apt-get update && sudo apt-get -y -o Dpkg::Options::='--force-confdef' -o Dpkg::Options::='--force-confold' upgrade"
action :run
end
execute "Install ca-certificates curl " do
command "sudo apt-get install ca-certificates curl -y"
action :run
end
execute "Keyrings " do
command "sudo install -m 0755 -d /etc/apt/keyrings"
action :run
end
execute "curl " do
command "sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc"
action :run
end
execute "chmod" do
command "sudo chmod a+r /etc/apt/keyrings/docker.asc"
action :run
end
execute 'add_docker_repo' do
command <<-EOH
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
tee /etc/apt/sources.list.d/docker.list > /dev/null
EOH
not_if { ::File.exist?('/etc/apt/sources.list.d/docker.list') }
end
execute 'apt_update' do
command 'apt-get update'
end
After this, save the file.
To upload the cookbook to the infra server, use the command knife cookbook upload <cookbook>
To enable this cookbook to be used on the infra node, use the command knife node run_list add InfraNodeName "recipe[<cookbook>]"
To see the update node status use the command knife node list
To pull the configuration from the infra server to the node, either login to the node server and use the command sudo chef-client, or from your workstation, use the command knife ssh 'name:<nodeserver>' 'sudo chef-client' -x ubuntu
This should run the cookbook on the node server. This should install all the apt dependencies needed for the docker installation.