In this post, I will show you how to get started with the open-source version of Chef using knife.
- A working Chef server
- An admin account on the Chef server
- A supported version of Linux (this might work on OS X too, but I haven’t tested it)
We’ll start off by installing the Chef client on your management workstation:
$ curl -L https://www.opscode.com/chef/install.sh | sudo bash
Assuming all went well, we now have the knife command at our disposal.
We now have to point knife at our Chef server. Most documentation will tell you to copy /etc/chef-server/chef-validator.pem from your Chef server, and let knife send that over to nodes upon bootstrapping. While this works well, I much prefer to have each user use his/her own validation key. Our Chef server is shared, and it makes a lot of sense for us this way.
To create an administrative client:
- Login to Chef server
- Click on ‘Clients’
- Click on ‘Create’
- Type in a unique name for the client and check the ‘Admin’ checkbox
- Click on ‘Create Client’ and save the private key on the next page as ~/.chef/validator.pem
If you do not have your user private key, you’ll need to go to Users-><your username>->Regenerate Private Key->Save User and save that key to ~/.chef/user.pem.
Now, we can go ahead with our knife setup. On your workstation, run the following:
$ knife configure -i
You’ll be asked a series of questions, as shown below:
$ knife configure -i
WARNING: No knife configuration file found
Where should I put the config file? [/root/.chef/knife.rb]
Please enter the chef server URL: [https://my-client-name.server.com:443] https://chef.server.com
Please enter a name for the new user: [root] my-client-name # this can be any username
Please enter the existing admin name: [admin] ameir
Please enter the location of the existing admin's private key: [/etc/chef-server/admin.pem] ~/.chef/user.pem
Please enter the validation clientname: [chef-validator] my-client-name # this is the unique name created earlier
Please enter the location of the validation key: [/etc/chef-server/chef-validator.pem] ~/.chef/validator.pem
Please enter the path to a chef repository (or leave blank):
Creating initial API user...
Please enter a password for the new user:
Configuration file written to /root/.chef/knife.rb
You should now be able to use knife.
You can test by doing knife client list. This will perform an API call to the Chef server, and use your Chef user private key for authentication. You should see at least your computer listed, if you followed the instructions as-is.
The next step would be to bootstrap a node. This can be done by doing:
knife bootstrap <fqdn of node> -r 'recipe[recipe_name]' -x root