How to bootstrap an AWS EC2 node and manage it using Chef Server
Here in this article, we will setup up an On Premise Chef server for managing our Cookbooks in a central location, setup Chef Workstation where in you author your cookbooks and upload them to Chef server and launch an ec2 instance which will be bootstrapped and configured using cookbook uploaded into Chef server.
Test Environment
Chef Server node
Workstation node
Managed node
Procedure
Step1: Install and Configure Chef Server with Management Console
In this step we are going to install Chef server and Chef Management Console on Chef Server node and startup the components using reconfigure. Also we are creating a user and an Organization which can be managed using the user.
sudo yum –y install chef-server-core-12.16.2-1.el7.x86_64.rpm
sudo chef-server-ctl user-create chefadmin chef admin chefadmin@chef.io 'xxx' --filename /root/chefadmin.pem
sudo chef-server-ctl org-create chefenv 'Chef Admin, Inc.' --association_user chefadmin --filename /root/chefenv-validator.pem
sudo chef-server-ctl install chef-manage
sudo chef-server-ctl reconfigure
sudo chef-manage-ctl reconfigure
sudo chef-server-ctl status
Output:
run: bookshelf: (pid 8937) 74s; run: log: (pid 1689) 1790s
run: nginx: (pid 8952) 73s; run: log: (pid 1691) 1790s
run: oc_bifrost: (pid 8970) 73s; run: log: (pid 1695) 1790s
run: oc_id: (pid 9001) 72s; run: log: (pid 6478) 904s
run: opscode-erchef: (pid 9049) 71s; run: log: (pid 1693) 1790s
run: opscode-expander: (pid 9056) 72s; run: log: (pid 1679) 1792s
run: opscode-solr4: (pid 9091) 72s; run: log: (pid 1680) 1791s
run: postgresql: (pid 9098) 71s; run: log: (pid 1701) 1791s
run: rabbitmq: (pid 9055) 72s; run: log: (pid 1699) 1791s
run: redis_lb: (pid 9841) 19s; run: log: (pid 1682) 1791s
Step2: Install Chef DK on Workstation
Here we are going to configure the Chef workstation node to act as Development platform for generating and authoring your cookbooks and recipes.
sudo yum -y install chefdk-2.1.11-1.el7.x86_64.rpm
sudo chef --version
Output:
Chef Development Kit Version: 2.1.11
chef-client version: 13.2.20
delivery version: master (73ebb72a6c42b3d2ff5370c476be800fee7e5427)
berks version: 6.3.0
kitchen version: 1.17.0
inspec version: 1.33.1
Step3: Configure your workstation to communicate with the Chef Server
For this step you need to download your chefadmin user private RSA key and knife.rb configuration file from Chef management console and copy into your workstation under .chef directory. This will enable knife to authenticate and communicate with the Remote Chef server.
Location:
/root/chefspace/.chef
Files:
-rw-r--r--. 1 root root 441 Aug 28 06:32 knife.rb
-rw-r--r--. 1 root root 1679 Aug 28 06:32 chefadmin.pem
You will need to fetch the Chef server certificate and store it in the local trust store for ssl validation of the Chef server.
sudo knife ssl fetch
sudo knife ssl check
Output:
Connecting to host rhel-101.rhpds.opentlc.com:443
Successfully verified certificates from `rhel-101.rhpds.opentlc.com'
Step4: Upload your sample cookbook onto Chef server
Here, just create a simple helloworld cookbook under your chef workspace and upload the cookbook to the Chef server.
sudo knife cookbook upload helloworld
Output:
Uploading helloworld [0.1.0]
Uploaded 1 cookbook.
Step5: Create an EC2 t2.micro instance on AWS
We have our Chef server setup with a cookbook uploaded into it and workstation setup with Chef DK installed and communicating with Chef server. Now, launch t2.micro ec2 instance which we would be managing using Chef server. You can follow the procedure provided in below AWS article for launching an ec2 instance.
Make sure that you have allowed SSH, HTTP and HTTPS ports on your ec2 instance and you are able to SSH into instance and have working internet connectivity.
The important things that you need to capture from the launched EC2 instance are its Public IP address or Public DNS and your Private RSA key which you can download while launching the EC2 instance in wizard mode.
Step6: Bootstrap using key based authentication
knife bootstrap ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com --ssh-user ec2-user --sudo --identity-file /root/mychefadminec2.pem --node-name node1-rhel7 --run-list 'recipe[helloworld]'
Output:
Creating new client for node1-rhel7
Creating new node for node1-rhel7
Connecting to ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com
ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com -----> Installing Chef Omnibus (-v 13)
ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com downloading https://omnitruck-direct.chef.io/chef/install.sh
ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com to file /tmp/install.sh.1339/install.sh
ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com trying curl...
ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com el 7 x86_64
ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com Getting information for chef stable 13 for el...
ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com downloading https://omnitruck-direct.chef.io/stable/chef/metadata?v=13&p=el&pv=7&m=x86_64
ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com to file /tmp/install.sh.1345/metadata.txt
ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com trying curl...
ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com sha1 d3d26412b6304c92f72749d00e62e0191ceada05
ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com sha256 fe051b504856a74ccce1fd23ff92c296506cb8292a3933c71069ae915e7a4a00
ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com url https://packages.chef.io/files/stable/chef/13.3.42/el/7/chef-13.3.42-1.el7.x86_64.rpm
ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com version 13.3.42
ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com downloaded metadata file looks valid...
ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com downloading https://packages.chef.io/files/stable/chef/13.3.42/el/7/chef-13.3.42-1.el7.x86_64.rpm
ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com to file /tmp/install.sh.1345/chef-13.3.42-1.el7.x86_64.rpm
ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com trying curl...
ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com Comparing checksum with sha256sum...
ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com Installing chef 13
ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com installing with rpm...
ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com warning: /tmp/install.sh.1345/chef-13.3.42-1.el7.x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID 83ef826a: NOKEY
ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com Preparing... ################################# [100%]
ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com Updating / installing...
ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com 1:chef-13.3.42-1.el7 ################################# [100%]
ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com Thank you for installing Chef!
ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com Starting the first Chef Client run...
ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com Starting Chef Client, version 13.3.42
ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com resolving cookbooks for run list: ["helloworld"]
ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com Synchronizing Cookbooks:
ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com - helloworld (0.1.0)
ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com Installing Cookbook Gems:
ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com Compiling Cookbooks...
ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com Converging 1 resources
ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com Recipe: helloworld::default
ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com * file[/tmp/hello] action create
ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com - create new file /tmp/hello
ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com - update content in file /tmp/hello from none to a591a6
ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com --- /tmp/hello 2017-08-28 11:18:36.796112684 +0000
ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com +++ /tmp/.chef-hello20170828-1420-96ju1t 2017-08-28 11:18:36.796112684 +0000
ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com @@ -1 +1,2 @@
ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com +Hello World
ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com - restore selinux security context
ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com
ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com Running handlers:
ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com Running handlers complete
ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com Chef Client finished, 1/1 resources updated in 03 seconds
Step7: Validate the bootstrapped node
Now let’s try to ssh onto the bootstrapped node and verify the content of “/tmp/hello” file.
sudo ssh ec2-user@ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com -i /root/mychefadminec2.pem
cat /tmp/hello
Hello World
Hope you enjoyed reading this article. Thank you..
Leave a Reply
You must be logged in to post a comment.