on configuring chef-server locally

Developer from somewhere

After reading this article, not all the steps applied in my case. I’ve pasted the steps I had to take on my system, to get chef-dk 0.11.0-1_amd64.deb to work on the listed CentOs.

Steps to configure chef-server locally

  • use this kitchen file:
---
driver:
  name: vagrant

provisioner:
  name: chef_zero

# Uncomment the following verifier to leverage Inspec instead of Busser (the
# default verifier)
# verifier:
#   name: inspec

platforms:
- name: centos65
  driver:
    network:
      - ["private_network", {ip: "192.168.33.7"}]
    box: learningchef/centos65
    box_url: learningchef/centos65

suites:
  - name: default
    run_list:
      - recipe[chef-server::default]
    attributes:
  • with this recipe:
#
# Cookbook Name:: chef-server
# Recipe:: default
#
# Copyright (c) 2016 The Authors, All Rights Reserved.
default['chef-server']['url'] = 'https://opscode-omnibus-packages.s3.amazonaws.com/el/6/x86_64/chef-server-11.1.4-1.el6.x86_64.rpm'

package_url = node['chef-server']['url']
package_name = ::File.basename(package_url)
package_local_path = "#{Chef::Config[:file_cache_path]}/#{package_name}"

# omnibus_package is remote (i.e., a URL) let's download it
rpm_package package_name do
  source package_local_path
end

package package_local_path
# reconfigure the installation
execute 'chef-server-ctl reconfigure'
  • do a kitchen converge
  • open https://192.168.33.7 in your browser
  • login as admin/p@assw0rd1
  • change password
  • create user geo with whatever password, make him an admin
  • on the screen there will be a private key shown, copy that and save it locally to a file named geo.pem
  • in chef-repo create a .chef folder
  • copy geo.pem there
  • we need to copy the chef-validator from the host scp root@192.168.33.7:/etc/chef-server/chef-validator.pem .
  • add a new entry to /etc/hosts with the following content:
192.168.33.7 default-centos65
  • in .chef, create a file called knife.rb with the following content:
current_dir = File.dirname(__FILE__)
log_level :info
log_location STDOUT
node_name "geo"
client_key "#{current_dir}/geo.pem"
validation_client_name "chef-validator"
validation_key "#{current_dir}/chef-validator.pem"
chef_server_url "https://default-centos65:443"
cache_type "BasicFile"
cache_options( :path => "#{ENV['HOME']}/.chef/checksums" )
cookbook_path ["#{current_dir}/../cookbooks"]
  • the content of .chef should be:
.chef/
  geo.pem
  knife.rb
  chef-validator.pem
  • test that server is accessible:
$ knife client list
chef-validator
chef-webui

Potential problems you may encounter

  • I encountered this initially, when running knife client list
➜  chef-repo git:(master) ✗ knife client list
ERROR: SSL Validation failure connecting to host: default-centos65.vagrantup.com - hostname "default-centos65.vagrantup.com" does not match the server
certificate
ERROR: SSL Error connecting to https://default-centos65.vagrantup.com/clients, retry 1/5
ERROR: SSL Validation failure connecting to host: default-centos65.vagrantup.com - hostname "default-centos65.vagrantup.com" does not match the server
certificate
  • fix for it was to run knife ssl check, where I saw the following:
  ➜  chef-repo git:(master) ✗ knife ssl check
Connecting to host default-centos65.vagrantup.com:443
ERROR: The SSL cert is signed by a trusted authority but is not valid for the given hostname
ERROR: You are attempting to connect to:   'default-centos65.vagrantup.com'
ERROR: The server's certificate belongs to 'default-centos65'
  • then, I just changed the entry from default-centos65.vagrantup.com to default-centos65 in /etc/hosts
  • also, I went in knife.rb and I changed chef_server_url from: 
      chef_server_url "https://default-centos65.vagrantup.com:443"

    to

      chef_server_url "https://default-centos65:443"
  • next, run another knife ssl check, and you should see this output:
  ➜  chef-repo git:(master) ✗ knife ssl check
  Connecting to host default-centos65:443
  Successfully verified certificates from `default-centos65'