I used a desktop installation of CentOS 6 for the chef workstation but it doesn’t really matter. A minimal installation will work just as well.
Step 1: Download and install the chef client.
$curl -L https://www.opscode.com/chef/install.sh | bash
Step 2: Test the chef client installation by checking the version of chef client installed.
Step 3: This is the part where it gets a bit tricky. The main objective here is to get hold of 3 files:
Assuming you have already set up a chef server, you can find two of the files on your own chef server at the following path:
There is on difference between admin.pem and the USER.pem you want and that is admin.pem should only be used for the initial setup of the workstation. Once the workstation is set up, a new node/user should be created and its corresponding .pem file generated and used.
Copy those 2 files into your workstation. Here I am logged in as a user named “bob” and has created a .chef folder in bob’s home directory to hold the files.
Some documentations recommend putting them in a chef-repo folder, like /home/bob/chef-repo/.chef/, instead.
Step 4: Generate the knife.rb file. On the chef workstation, change to the directory where the 2 files are copied to in the previous step and run the following command:
The knife.rb file contains the settings for connecting to the chef server. During the configuration, it will ask for the values to used for most of these settings. The followings are the values I used and you should change them according:
- chef server url -> http://192.168.10.51:4000/
(This is the URL for the chef server, I had some issues with this because the iptables service was on on my chef server by default. For simplicity, I disabled the iptables service on my chef server to allow connections from the chef workstation. Make sure the workstation is able to )
- existing username -> admin
(This correspond to the admin.pem we are using for this initial set up.)
- validation clientname -> chef-validator
(This corresponds to the chef-validator.pem we are using.)
- location of validation key -> /etc/chef-server/chef-validator.pem
(This is the location where we placed the chef-validator.pem file in the previous step.)
- path to a chef repo -> /home/bob/chef-repo
(This can be any folder you prefer or you can just leave it empty.)
Step 5: With all the 3 files in the same directory, you can now test the knife connection to the chef server.
$knife client list
Step 6: Now to create a new dedicated client key for the workstation instead of using admin. Replace [node-name] with the hostname of the chef workstation.
$knife client create [node-name] -n -a -f [node-name].pem
This will generate a .pem file in the same directory. Now to update knife.rb to use this file instead.
Open up the knife.rb file:
The content of this file is quite straight forward. In fact once you know the format, it should be possible to create this file manually instead of generating it in step 4. For now, update the value of node_name to be the same as what you created earlier in this step.
cookbook_path [ '/home/bob/chef-repo/cookbooks' ]
Step 7: Test. Run the connection to the chef server again.
$knife client list
This time you should be able to see the name of the chef workstation node in the output.
Step 8: Pop the campaign!