Setting up Hosted Chef server
Chef
Hosted Chef is operated as a cloud service by Opscode. We can quickly set up and it gives us full control, using users and groups to control the access permissions to our Chef setup. We'll configure Knife, Chef's command-line tool to interact with Hosted Chef, so that we can start managing our nodes.
Once we finish this Hosted Chef setup, we do not need our own self-hosted Chef Server, nor do we need to use Chef Solo.
Before being able to use Hosted Chef, we need to sign up for the service. There is a free
account for up to five nodes.
Visit https://www.chef.io/chef/choose-your-version/ and register.
After the register, we can use it with our chef-repo repository.
Follow the steps below:
- Navigate to http://manage.opscode.com/organizations. After logging in, we can start downloading our validation keys and configuration file.
- Select organization to be able to see its contents using the web UI.
- Regenerate the validation key for our organization and save it as *bogotobogo-chef-validator.pem in the .chef directory inside chef-repo repository.
- Generate the Knife config and put the downloaded knife.rb into the .chef
directory inside chef-repo directory as well.
Here is the generated knife.rb:
# See https://docs.chef.io/config_rb_knife.html for more information on knife configuration options current_dir = File.dirname(__FILE__) log_level :info log_location STDOUT node_name "bogotobogo" client_key "#{current_dir}/bogotobogo.pem" validation_client_name "bogotobogo-chef-validator" validation_key "#{current_dir}/bogotobogo-chef-validator.pem" chef_server_url "https://api.opscode.com/organizations/bogotobogo-chef" cache_type 'BasicFile' cache_options( :path => "#{ENV['HOME']}/.chef/checksums" ) cookbook_path ["#{current_dir}/../cookbooks"] -
k@laptop:~/Downloads$ mkdir ~/.chef k@laptop:~/Downloads$ mv ~/Downloads/knife.rb ~/.chef k@laptop:~/Downloads$ mv ~/Downloads/*.pem ~/.chef
- At this point, we have two keys in .chef directory:
k@laptop:~/chef-repo$ ls .chef bogotobogo-chef-validator.pem bogotobogo.pem knife.rbBasically, the two key files are: ORGANIZATION-validator.pem and USER.pem.
If we lost the user's private key, we can reset it:
k@laptop:~/chef-repo$ sudo knife client list bogotobogo-chef-validator
Hosted Chef uses two private keys (called validators): one for the organization and the other for every user. We need to tell Knife where it can find these two keys in our knife.rb file.
The following two lines of code in our knife.rb file tells Knife about which organization to use and where to find its private key:
validation_client_name "bogotobogo-chef-validator"
validation_key "#{current_dir}/bogotobogo-chef-validator.pem"
The following line of code in our knife.rb file tells Knife about where to find our users' private key:
client_key "#{current_dir}/bogotobogo.pem"
And the following line of code in knife.rb file tells Knife that we're using Hosted Chef. We will find our organization name as the last part of the URL:
chef_server_url "https://api.opscode.com/organizations/bogotobogo-chef"
- This Hosted Chef setup is good for us if we do not want to worry about running, scaling, and updating our own Chef Server and if we're happy with saving all our configuration data in the cloud under Opscode's control.
- If we don't need any advanced enterprise features like role-based access control or multi-tenancy, then the open source version of Chef Server might be just right for us.
Ph.D. / Golden Gate Ave, San Francisco / Seoul National Univ / Carnegie Mellon / UC Berkeley / DevOps / Deep Learning / Visualization
My YouTube channel