Has anyone tried performing an unattended chef client install – installing chef client from the node itself?
There is not much information provided in the documentation. Also, I don't want chef-solo but chef-client on the node.
chef
Has anyone tried performing an unattended chef client install – installing chef client from the node itself?
There is not much information provided in the documentation. Also, I don't want chef-solo but chef-client on the node.
Updates
Original response follows
First, as of this writing, the latest version of Chef is 0.9.8. Opscode distributes Chef as RubyGems, and has up-to-date Debian/Ubuntu packages as well. RPMs for the latest version are released by a member of the community.
Second, in versions 0.8.x+ and higher, OpenID is no longer required for authentication. Merb is required for the Server because it is a Merb web application.
Opscode hosts a Chef Server as a Service called The Opscode Platform. You can signup and get started. It is free during the "feature beta", and once it leaves beta it is free for up to 5 nodes. If you sign up there's a getting started guide on Opscode's help site.
Overview of getting started:
As for Django and Apache2:
You'll need to write one that deploys your Django application code. The Apache2 cookbook contains a Definition to help set up a virtual host for web applications.
You can help improve the documentation by submitting a ticket in the "Documentation" component of the Chef project. If you have trouble with the Open Source Chef Server, the best places to ask for help are the Chef Mailing List, or the #chef IRC channel on FreeNode. If you sign up for the Platform you have access to the help site to submit support requests.
Disclosure: I work for Opscode.
Edit This question and answer are years old. The definitive best practices are taught via the Learn Chef Rally self-paced training modules produced by Chef Software, Inc. The bulk of the original answer is below.
In this answer, "Chef" or "chef-client" usually refers to Chef Infra, the product. Opscode renamed to Chef Software, Inc in 2013. In April, 2019, Chef opened the source code for all its products, along with creating consistent brand naming.
Not clear if it's better to setup roles in ruby DSL, JSON, or from the management console? Why are there multiple ways to do the same thing?
2019 Update: Policyfiles are the best workflow to use. Roles are considered an inferior practice, and Chef Software, Inc. recommends migrating to Policyfiles.
There are multiple ways to do the same thing because people have different workflows. You pick the workflow that is best for your environment. Let me explain what the differences are so you can make an informed decision.
The Ruby DSL for Roles exists to make it easier to write roles without knowing the syntax of JSON. It is a simple way to get started with Roles. Once you have made changes, you upload them to the Chef Server with knife.
knife role from file myrole.rb
This converts the role to JSON and stores it on the server. If you have an environment that enforces the Chef Repository where your roles live as the source of truth, this works quite well.
JSON is what the Chef Server stores, so you also edit JSON directly in the management console. It does require more fields than the Ruby DSL in order for Knife to recognize it properly to upload. Those details are hidden to some degree via the web UI.
The disadvantage of using the webui/management console for editing roles is they aren't in your local version control system unless you download them from the server. You can do this with knife:
knife role show myrole -Fj
The -Fj
tells knife to "display in JSON format." You can redirect the output to a .json file if you like.
Years ago update: There are additional knife commands for working with the files in the local chef repository. Currently these commands support only JSON format files. A community RFC is open which will address adding support for the Ruby DSL for these plugins. Here's a brief summary of the workflow.
Check content differences between the server and the local file.
knife diff roles/myrole.json
Upload a JSON formatted role file. The roles/
path is required. This gets mapped to the same API endpoint on the server.
knife upload roles/myrole.json
Download the content from the server overwriting the content of the file in the repository.
knife download roles/myrole.json
These commands come from knife-essentials
, which is built into the chef client package.
Can you organize cookbooks into subdirectories? eg- we have custom software that I'd like to write a cookbook for and stick that into: chef-repo/cookbooks/ourcompanystuff/customsoftwarecookbook would this be a good practice?
No. Knife has an expectation of where cookbooks should live because it uses an API to upload cookbooks to the Server. This is set in the knife.rb
with cookbook_path
. In older versions of Chef Infra, you could specify an array of paths for cookbooks, but this is being deprecated because it required more maintenance and was confusing to users.
By convention we name customer specific or site specific cookbooks with the name prefixed in the cookbook diretory. For your example, it would be:
chef-repo/cookbooks/ourcompany_customsoftware
There might be multiple different cookbooks for "ourcompany" depending on what you're doing.
Further reference:
Do I create a cookbook for each type of role that specifies what it does? Do I have these cookbooks include other cookbooks (i.e.- the cookbook for my webserver role includes the apache cookbook). I'm not sure how cookbook inter-dependencies and inheritance are handled.
There is no direct relationship or dependency between roles and cookbooks.
Roles have a run list, which specifies the recipes and other roles that should be applied to any node that has that role. Nodes have a run list that can contain roles or recipes. When Chef runs on the node, it will expand the run list for all the roles and recipes it includes, and then download the cookbooks required. In a node run list:
recipe[apache2]
Chef will download the apache2
cookbook for the node so it can apply this recipe.
You might have a cookbook specific for a role in your infrastructure. More commonly you'll have cookbooks that are for setting up certain types of services like apache2, mysql, redis, haproxy, etc. Then you would put those into appropriate roles. If you have custom application specific things that need to happen to fulfill a role, then you could write this into a custom cookbook (like I referenced above).
Further reference:
Is there anything like puppets external node classifier so nodes automatically determine their roles?
"Yes." The Chef Infra Server does node data storage (in JSON) automatically, and the server also automatically indexes all the node data for search.
Further reference:
It seems like you can configure things with knife or within the management console, or editing JSON files? This is super confusing to me why there are so many ways to do things, it's paralyzing! Is there a reason to use one or the other?
The Chef Infra Server has a RESTful API that sends and receives JSON responses. Knife and the management console are user interfaces for interacting with the API from an administration point of view.
You can use the tool you like better, though the management console doesn't have as many features as Knife. Most people that use Chef Infra prefer the command-line interface for the power and flexibility it provides, even folks who are using Chef Infra on Windows. Further, knife
is a plugin based tool that you can create new plugins to interact with the Chef Infra Server, or with other parts of your infrastruture.
Chef Infra is a set of libraries, primitives, and an API. It gives you the flexibility to build the configuration management system that works best for your infrastructure.
Further reading:
How can I automatically provision nodes with chef in my dev cluster? With puppet I fire up a VM that connects to the puppermatser and kicks off a puppet run and sets itself up (role is determined by external node classifier). How do I do this with chef? - Install chef with pem/rb files that tie it to a chef server, manually tell the node its roles with knife or editing this in the management interface, and then kicking off a chef-client run to set itself up?
You'll want to use the knife bootstrap plugin. This is a built in plugin that comes with knife. You invoke it like this:
knife bootstrap 10.1.1.112 -x root -i ~/.ssh/root_id_rsa -r 'role[webserver]'
This will:
root
user using an SSH key (you could ssh as another user and then use --sudo
).chef-client
using the comma separated run listed specified. In this example only the webserver
role is applied.This assumes that the target system has been provisioned, has an IP address and you can SSH as root. Depending on your local policies and provisioning process, you may need to adjust how this works. The knife bootstrap page on the wiki describes more about how this works.
Knife also has plugins for a number of public cloud computing providers such as Amazon EC2 and Rackspace Cloud. There are plugins available for private cloud environments like Eucalyptus and OpenStack. There are also plugins for VMware, Vsphere and others. You can see further information in the documentation.
Further reading:
Are there any other good chef resources I might be missing in my searches?
The Chef Documentation the primary source of documentation.
The Learn Chef Rally is a series of self-guided modules that you can learn all about various aspects of Chef Infra, and other Chef products.
I used to maintain a blog where I posted tips, tricks, and guides about Chef Infra: http://jtimberman.housepub.org/. I had a series called "quick tips". Due to real life circumstances and other commitments, I no longer have time to maintain the site, but I may return to it in the future.
Chef customers can get help and support on the support site:
The Chef user community is an excellent source of additional help:
Additional resources are available on Chef Software, Inc.'s web site.
I hope this helps.
Best Answer
It isn't clear from your question which OS you are doing this on and if you are doing it in a stand-alone or chef server environment.
Here are two options for stand-alone install of chef-client:
Omnibus installer
or for a specific version
Package install
Example for Ubuntu:
Bootstrap
Knife bootstrap will install the chef-client on a node in a chef server environment. Bootstrap uses the omnibus installer and then copies the required client configuration from the server.
Unattended Bootstrap
The chef-client can be installed using an unattended bootstrap. This allows the chef-client to be installed from itself, without using SSH. For example, machines are often created using environments like AWS Auto Scaling, AWS CloudFormation, Rackspace Auto Scale, and PXE. In this scenario, using tooling for attended, single-machine installs like knife bootstrap or knife CLOUD_PLUGIN create is not practical because the machines are created automatically and someone cannot always be on-hand to initiate the bootstrap process.
When the chef-client is installed using an unattended bootstrap, remember that the chef-client:
When the chef-client is installed using an unattended bootstrap, it is typically built into an image that starts the chef-client on boot. The type of image used depends on the platform on which the unattended bootstrap will take place.
Use settings in the client.rb file—chef_server_url, http_proxy, and so on—to ensure that configuration details are built into the unattended bootstrap process.
A node’s initial run-list is specified using a JSON file on the host system. When running the chef-client as an executable, use the -j option to tell the chef-client which JSON file to use. For example:
where
file.json
is similar to:You may also want to check out Provision and Bootstrap AWS instances with Chef