how to configure chef workstation with chef server 11

So I figured, even configuration of chef workstation with chef server 11 is a bit different.

This is how I’ve configured my chef workstation with my open source chef server 11. Please note: I’m firing all these commands from my chef workstation.

First, i created a folder where i want to have all my code.

➜ /tmp mkdir chef11
➜ /tmp cd chef11

Then clone the chef repo.

➜ chef11 git clone https://github.com/opscode/chef-repo.git
Initialized empty Git repository in /tmp/chef11/chef-repo/.git/
remote: Counting objects: 202, done.
remote: Compressing objects: 100% (121/121), done.
remote: Total 202 (delta 73), reused 160 (delta 48)
Receiving objects: 100% (202/202), 34.25 KiB | 5 KiB/s, done.
Resolving deltas: 100% (73/73), done.

Create a .chef folder inside the chef-repo and create a empty knife.rb file.

➜ chef11 cd chef-repo
➜ chef-repo git:(master) pwd
/tmp/chef11/chef-repo
➜ chef-repo git:(master) mkdir .chef
➜ chef-repo git:(master) cd .chef
➜ .chef git:(master) ls
➜ .chef git:(master) touch knife.rb

In my case, my chef server is named and chef11.linuxguy.in and is resolvable by my dns. you can use the ip or fqdn, once you configure it into your hosts file.

Anyways, what you need is admin.pem and chef-validator.pem files from the chef server 11. These are located in /etc/chef-server

Note: In earlier version of open source chef server, we needed 2 files, validation.pem and webui.pem, and they used to be in /etc/chef on the chef server.

➜ .chef git:(master) ✗ scp root@chef11.linuxguy.lan:/etc/chef-server/admin.pem .
Warning: Permanently added 'chef11.linuxguy.lan' (RSA) to the list of known hosts.
root@chef11.linuxguy.lan's password:
admin.pem 100% 1675 1.6KB/s 00:00
➜ .chef git:(master) ✗ scp root@chef11.linuxguy.lan:/etc/chef-server/chef-validator.pem .
root@chef11.linuxguy.lan's password:
chef-validator.pem 100% 1679 1.6KB/s 00:00
➜ .chef git:(master) ✗ ls
admin.pem chef-validator.pem knife.rb
➜ chef-repo git:(master) ✗ pwd
/tmp/chef11/chef-repo

Now configure your knife.rb

➜ chef-repo git:(master) ✗ knife configure -i
Overwrite /tmp/chef11/chef-repo/.chef/knife.rb? (Y/N) y
Please enter the chef server URL: [http://router.linuxguy.lan:4000] https://chef11.linuxguy.lan
Please enter a name for the new user: [arun] testuser
Please enter the existing admin name: [admin] admin
Please enter the location of the existing admin's private key: [/etc/chef/admin.pem] .chef/admin.pem
Please enter the validation clientname: [chef-validator]
Please enter the location of the validation key: [/etc/chef/validation.pem] .chef/chef-validator.pem
Please enter the path to a chef repository (or leave blank):
Creating initial API user...
Please enter a password for the new user:
Created user[testuser]
Configuration file written to /tmp/chef11/chef-repo/.chef/knife.rb
➜ chef-repo git:(master) ✗ cd .chef
➜ .chef git:(master) ✗ ls
admin.pem chef-validator.pem knife.rb testuser.pem
➜ .chef git:(master) ✗ cd ..

Now confirm whether you can access your chef server or not.

➜ chef-repo git:(master) ✗ knife user list
admin
ak
crazy
testuser

That’s it.

Enjoy.

Arun Tomar.

Note: Please leave your valuable feedback and comments to improve it or if i made any mistake.



9 Responses to “how to configure chef workstation with chef server 11”

  • Chandan Says:

    Hi Arun,

    The post is really helpful, I spent a lot of time in figuring out why its not running on port 4040. But ultimately got a reply from Philip. But this post gave a sequence of steps to perform.

    After that also I am facing a issue:
    I want to create an ec2 instance from my workstation. but when I run any command like: [specifically related to ec2 instance]

    knife ec2 server list.

    I get:
    FATAL: Cannot find sub command for: ‘ec2 server list’
    The ec2 commands were moved to plugins in Chef 0.10
    You can install the plugin with `(sudo) gem install knife-ec2

    when I did sudo gem install knife-ec2, it said gem is not available.

    I ran the below commands;
    sudo apt-get update
    sudo apt-get install ruby1.8-dev ruby1.8 ri1.8 rdoc1.8 irb1.8
    sudo apt-get install libreadline-ruby1.8 libruby1.8 libopenssl-ruby
    sudo apt-get install libxslt-dev libxml2-dev
    sudo apt-get install rubygems

    and then
    sudo gem install knife-ec2

    now I have the gem:

    But now also don’t know how to create an ec2 instance.

    On hosted chef, knife ec2 server list etc used to work.

    Looking out for a response.

    Thanks
    Chandan

      • Chandan Says:

        Thanks for your response and the lovely article.

        What I meant was with “not able to create ec2 instances is”, after installing the knife-ec2 gem also, it used to give me the same msg (when running command knife ec2 server list or create etc) as :
        FATAL: Cannot find sub command for: ‘ec2 server list’
        The ec2 commands were moved to plugins in Chef 0.10
        You can install the plugin with `(sudo) gem install knife-ec2

        Probably the reason was I was using the same putty session to create session after installing the gem,

        Now able to perform the ec2 related commands.

        One point I want to confirm:
        when I installed chef-server, the ruby version was 1.9.1, that I can confirm if I find the file “knife.rb” all are inside …./gem/1.9.1/…..

        But after running the below commands:
        sudo apt-get update
        sudo apt-get install ruby1.8-dev ruby1.8 ri1.8 rdoc1.8 irb1.8
        sudo apt-get install libreadline-ruby1.8 libruby1.8 libopenssl-ruby
        sudo apt-get install libxslt-dev libxml2-dev
        sudo apt-get install rubygems

        I get some dependencies of 1.8 also, is this wrong, or should I install ruby1.9.1-dev…etc.

        • arun Says:

          this might be because you might be having 2 versions of ruby. kindly check in which version of ruby and rubygem did you install the ec2 gem.

          Arun.

          • Chandan Says:

            Thanks for your reply, but this is not stopping me to work further. So should I really care for this?

            One more thing I wanted your help in, I am new to this, but can you please tell me what would be the efficient way of working on chef. I am more concerned about my development phase, as I don’t want to create again and again ec2 instance. Also instead of directly working on our production chef-server, is there any other way I can work on (means don’t want to upload cookbook on the production chef-server to check if its working fine everytime, instead if there any other way so that after I finalize that the cookbook is working right I will upload it to prodution chef-server and the code Repo (master branch))

  • Chandan Says:

    Also may be u can add one more step, after user copies the .pem files from its server to workstation.

    Here u have mentioned “knife configure -i”

    this will give output as
    knife: command not found

    So one may need to install it.

    I used the below one command to install chef-client which automatically gave me knife: {pls point out if this is the wrong way.}
    curl -L https://www.opscode.com/chef/install.sh | sudo bash

  • Vincent Gerris Says:

    any tips on scaling the open source chef server?
    By default it seems to be fit for 20 servers.
    I am interested in what needs to modded in what config to scale up to a hundred or more.

    • arun Says:

      Hi Vincent,

      Well, i’ve a small cloud server with 1 GB ram and 1 core cpu, and it’s currently managing 60 nodes for us. This cloud instance is dedicated for chef11 only and it’s all it’s resources like cpu and memory etc are utilized less than 25% currently. So, you could scale up your server vertically without much issue to support thousands of instances.

      Still if you need to scale it beyond 1 host, then either check with opscode, as there is no open documentation regarding this, or you could configure various chef11 services on separate servers and configure them to use them, rather than using the local services.

      Arun.

      • Vincent Gerris Says:

        thanks for sharing. Did you do a default install?
        I have been fiddling with memory settings and noticed with more memory, there seems to be more used when running the configure script.
        Anything you did to manage this? I use the -s option for example on the client side to spread load.
        Without it my current setup has performance issues already (HTTP 500 errors).

Leave a Reply