getting started with opscode's chef

08 Aug 2011

i am mostly writing this to document how i went about getting started with chef. in the past i've use puppet for configuration management across servers but because a coworker of mine uses chef on some of the servers, i thought i would, too.

so, mostly i've been sitting looking at how-to's and quickstart guides. nothing really caught my eye. the goal i thought i wanted was to create a chef-server from which everything would be pulled/pushed/etc acting as the main brains. but i will probably just use opscode's managed server which might make my life a lot easier. so let's get started.

first steps

following the quickstart guide, i installed ruby on my arch linux laptop. this is the machine from which i'll be using to knife everything. after installing ruby, i made sure gem was updated by running sudo gem update --system and verifying the version. now i'm at the point where i want to figure out how to get chef to provision a new server on my ec2 stuff.

after moving the files required by chef into .chef, i installed knife-ec2 with gem install knife-ec2 and added my aws credentials to .chef/knife.rb with the following information:

knife[:aws_access_key_id] = "..."
knife[:aws_secret_access_key] = "........."

now knife ec2 server list shows me the instances i have running.

now i tested whether i could create a node and provision it with knife. i installed a couple cookbooks, chef-client and ubuntu, using the following command:

$ knife cookbook site install chef-client
$ knife cookbook site install ubuntu

i actually just ended up removing the entire cookbook directory and cloning the opscode repo of cookbooks and then uploaded those:

$ knife cookbook upload -a

and launched my instance with the following command:

$ knife ec2 server create "role[ubuntu],role[chef-client]" -I ami-1aad5273 -f t1.micro -S optimus-fs --ssh-user ubuntu --region us-east-1

i guess everything is working, but when i look at knife show node, i don't see the roles i created. but i think that was because i didn't actually create roles, so none of those recipes were run. there are a few recipes i do want to run, so we'll do that.

figuring out cookbooks, recipes, and roles

so now i have to figure out how to create a cookbook of recipes that i need to provision one of my servers. i have a few different types, but the 3 main servers i have are tomcat web apps, php web apps on apache, and mysql database servers.

there are also a couple of things i need on every machine i create and that is the ssh keys of the admins. this shouldn't be necessary since using ec2 my plan is to kill unruly instances, but it will be a good exercise in getting to know cookbooks and recipes.

so, there are a few packages i know i want to install, users, sudo, and ubuntu (because i'm using ubuntu, so why not?). these will comprise my 'base' role that every machine i have will run.

because the users cookbook gets its users from the users data bag, i created my user with this command knife data bag create users ren and pasted

{
  "id": "ren",
  "groups": "sysadmin",
  "ssh-keys": "ssh-rsa AA...RP ren@banana"
}

so far so good. REMEMBER, you need to upload your roles, so issue

$ rake roles

before trying to continue.

i started editing the role from knife, knife role create base. i added stuff like "recipe[users]", "recipe[sudo]", "recipe[ubuntu]" to the list. so now i'm retrying the command i used earlier to provision a server,

$ knife ec2 server create "role[base]" -I ami-1aad5273 -f t1.micro -S optimus-fs --ssh-user ubuntu --region us-east-1

and seeing how it goes.

to be continued...