Chef -Configuration Management Tool

Chef -Configuration Management Tool

Part -2 (Bootstrapping, Roles)

Atharva Deshpande's photo
Atharva Deshpande
·

7 min read

Table of contents

In a previous blog, we have seen the installation, workstation interpretation, cookbooks, and drafting recipes. There we create two cookbooks with some recipes. With reference to the previous blog https://teckbakers.hashnode.dev/chef-the-configuration-management-tool.

In this blog, we are going to connect the Workstation to Chef-server using chef-repo and Chef-server to node using bootstrapping.

Connect a workstation to chef-server to the node using chef-repo, bootstrap

The Chef server works as a mediator between the workstation and node, there is a need to interconnect for both the workstation and node should be in the same AZ.

Two actions will be done while bootstrapping,

  1. Adding a node to the chef server

  2. Installing chef package.

Connecting workstation with chef server through Chef.id/chef-repo

First, we download the starter kit from chefManage.io. This will be downloaded in the form of zip file. If we extract this zip file, we will get the chef-repo folder. This chef-repo folder we need to place this in the chef workstation. Inside the chef-repo folder, we can see a total of three folders. They are .chef, cookbooks, and roles.

The .chef folder is responsible to establish communication between the chef-server and chef workstation. Because, inside the " .chef " folder, we can see two files. They are "knife.rb " and " privatekey.pem ". Inside "knife.rb ", there will be the URL (address) of the chef-server. Because of this URL, communication will be established between the chef-server and chef workstation. This is how we connect Chef Workstation to Chef Server.

Steps to follow

  1. Create a chef account on “manage.chef.io

    Create New Organization and download the starter kit for that organization.

  2. Go to download and extract file chef-repo, after extracting we get more files inside chef-repo such as (.chef, cookbooks, gitignore, README.md, roles)

    Send chef-repo file to Linux Workstation machine,

    1. Using the software called WinSCP.

      Open a New session

    2. Enter Login Details,

      Hostname - Public DNS of workstation machine

      Username - ec2-user

      Advance --> SSH --> Authentication --> Private key of workstation machine

    3. Login

  3. Drag Chef-repo from the left window and drop to right Linux window. (by ls command in you can check whether Chef-repo is showing in your workstation or not)

  4. In the chef-repo/.chef/config.rb file,

    In config.rb file, contains the URL of the chef server

    cat config.rb

    Due to the presence of a URL in the workstation machine, the workstation gets connected to the chef server.

  5. To verify the workstation is connected to the server

    knife ssl check

Connecting the chef-server with the node using Bootstrapping

It is the process of adding a chef node to the chef server or we can call it, bringing any machine into the chef environment. In this bootstrapping process, total of three actions will be performed automatically.

  • Node gets connected to chef-server.

  • The Chef server will install the chef package in the chef node.

  • Cookbooks will be applied to the chef node.

It is only a one-time effort. As and when we purchase any new machine in the company, immediately we add that server to the chef server. At a time, we can bootstrap one machine. We can't bootstrap multiple machines at a time.

Bootstrapping steps

  1. Create Linux machine for (node1) in the same AZ of the workstation with a new security group and new key pair name <node1-key>, and save Private IP for further knife bootstrap commands.

  2. With the help of WinSCP, transfer the downloaded node1-key.pem to Chef-repo for bootstrap command.

  3. Now go to the chef workstation in chef-repo directory and execute the Bootstrap command to attach node1 to the chef-server.

knife bootstrap <privateIP(node1)> -–ssh-user ec2-user -–sudo -i node-1key.pem -N node1

To check the Node connection with the chef-server

knife node list

  1. Moving cookbooks in chef-repo to avoid cookbooks confusion:

    Moving ec2-user/Cookbooks to ec2-user/chef-repo/Cookbooks

    mv cookbooks/apache-cookbook chef-repo/cookbooks

    mv cookbooks/Zee-cookbook chef-repo/cookbooks

  2. Upload apache-cookbook to chef-server

    Inside the chef-repo directory,

    knife cookbook upload apache-cookbook

    Confirm Uploading,

    knife cookbook list

  3. Now we will attach the recipe on node1 which we would like to run on node1, by this Run_list command,

    knife node run_list set node1 “recipe[apache-cookbook::apache-recipe]

    Function of run_list

    This is an ordered list of recipes that we are going to apply to nodes. ‘We mention all recipes in the cookbook and then we upload that cookbook to the chef-server. Then, we attach all recipes to node's run-list in sequence order. When chef-client runs, it applies all recipes to nodes in the same order whatever the order you mention in run-list. Because sometimes order is important especially when we deal with dependent recipes.

  4. Now to implement whatever is present inside Chef-server on a node, we have to take access to the node terminal and run the chef-client over it,

    chef-client

In this way, Node1 will get updated according to the chef-server configuration But in the above process whenever we update any recipe there is a need to upload the cookbook to the chef-server, and each time we have to call the chef-client at the Node terminal.

Automation for Node Upgradation

To automate this process:

By default, the chef-client runs manually. So we need to automate this manually. For this, we use the “cron tool” which is the default tool in all Linux machines used to schedule tasks to be executed automatically at frequent intervals. So in this “crontab” file, we give a chef-client command and we need to set the timing as per our requirement. Then onwards chef-client runs automatically after every frequent interval. It is only one-time effort. When we purchase any new server in a company, along with Bootstrap, we automate chef-client then and there.

Steps :

  1. Take access of the Node terminal

  2. Create and Edit the "crontab" file

    With the help of this command automation will start no need to call the chef-client again=2 Chef-client command to execute periodically according to “*/n crontab method”

    ***** root chef-client

    Were 5 Star denote */n, (HR DAY MONTH YEAR WEEK)

Just to verify, Create one more Linux Machine Node2 with user data as echo”* root chef-client”>> etc/crontab, use bootstrap command to connect with the chef-server and attach the recipe to Node2 run_list.

You will notice the Node2 Updation.

How to see Delete everything from inside chef-server

Run the below command in the Chef-repo directory,

  • To see cookbook list

    knife cookbook list

  • To delete cookbook

    knife cookbook delete cookbookName -y

  • To see Node list

    knife node list

  • To delete Node

    knife cookbook delete nodeName -y

  • To see list of client present inside chef-server

    knife client list

  • To delete clients

    knife client delete clientname -y

Roles

Roles are nothing but a Custom run-list.

We create roles & upload to the chef server & assign them to nodes. If we have so many nodes, need to add a cookbook to run-list of all those nodes, it is very difficult to attach to all node's run-list. So, we create a role & attach that role to all those nodes once. Next time onwards, add a cookbook to that role. Automatically, that cookbook will be attached to all those nodes.

So the role is a one-time effort. Instead of adding cookbooks to each & every node's run-list always, just create a role & attach that role to nodes. When we add a cookbook to that role, it will be automatically applied to all nodes those assigned to that role.

Step to create Role

Inside the chef-repo directory, we have roles directory which contains the default.rb ruby file.

  • Create One more file with roleName.rb and edit with name, description, and run-list details.

    vi roleName.rb

    Edit this file with,

    Name “Engineer”

    Description “webserver role”

    run_list “recipe[apache-cookbook::apache-recipe]”

    You can add multiple run-list, In these case Apache recipe will reflect on the node after bootstrapping

  • Upload the role to chef server

    Back to the chef-repo directory,

    knife role from file roles/RoleName.rb

  • If you want to see the created role

    knife role list

  • Create No. of nodes as you wish, Bootstrap them

    knife bootstrap <privateIP(node)> -–ssh-user ec2-user -–sudo -i nodeNokey.pem -N nodeNo

  • Now connect these nodes to roles one by one.

    knife node run-list set nodeNo “role[RoleName]”

  • UPLOAD cookbook to server

    knife cookbook upload apache-cookbook

    Now we can check the public IP of any node on the webserver, every node will behave like a server.

Here we conclude chef's topic,

Stay tuned!!

For any query, you can contact to Atharva Deshpande

chefconfiguration managementDevopsansibleDevops articles