IT Operations Management (ITOM)
cancel

A step-by-step guide to configuring CSA (4.5 and up) with Chef Server – Service Provider

A step-by-step guide to configuring CSA (4.5 and up) with Chef Server – Service Provider

Ops_Guest

Guest post by Narinder Jain, Technical Ambassador

The Chef server is the highly scalable foundation of the Chef automation platform. It helps users create a flexible, dynamic infrastructure across multiple datacenters, public and private clouds, and in heterogeneous environments.

The Chef Server stores and holds all the cookbooks, recipes and metadata that illustrates each and every registered node which is being managed by the chef-client and the policies that are applied to nodes. Clients communicate with the server in order to get the correct configuration details from the server such as recipes, templates, and file distributions. They then apply it to the nodes.

Organizations, which already have or would like to experiment with chef system, could use the capabilities within the Hewlett Packard Enterprise Cloud Service Automation integration with chef. CSA hides the complexity of managing the infrastructure though higher level of abstraction.

In this blog I will focus on installing and configuring Chef Server in CSA cloud services software. I will explain how we install Chef Server on a Linux node, connect to it properly and then configure it in CSA as a provider.

When you install Chef Server on a Linux, make sure you are aware of few configuration issues for the Chef Server to work, before we can configure it into the CSA, as a provider. So let’s get going.

Ubuntu and CentOS (Redhat) are the most common Linux distribution available out there. This blog covers these two implementations. Other distributions will also work— but are not covered in this blog.

You can use Chef Server for free — and many additional Chef features are free for up to 25 nodes. For pricing information and to purchase licensing for additional nodes, see Chef Server pricing page.

Download page:

  https://downloads.chef.io/chef-server/

Download appropriate distribution:

CentOS: chef-server-core-version#.deb

Ubuntu: chef-server-core-version#.rpm

download Chef Server.png

Copy the installation on /tmp directory of the server.

As a root user, install the Chef Server package on the server, using the name of the package provided by Chef. For Red Hat and CentOS:

$ rpm -Uvh /tmp/chef-server-core-<version>.rpm

For Ubuntu:

$ dpkg -i /tmp/chef-server-core-<version>.deb
  1. After a few minutes, the Chef server will be installed.
  2. Run the following to start all of the services:

 

3.	$ chef-server-ctl reconfigure

Because the Chef server is composed of many different services that work together to create a functioning system, this step may take a few minutes to complete.

4. Run the following command to create an administrator:

5.	$ chef-server-ctl user-create USER_NAME FIRST_NAME LAST_NAME EMAIL 'PASSWORD' --filename FILE_NAME

An RSA private key is generated automatically. This is the user’s private key and should be saved to a safe location. The --filename option will save the RSA private key to a specified path.

For example:

$ chef-server-ctl user-create joesmith Joe Smith joesmith@chef.io 'abc123' --filename /path/to/joesmith.pem

 6. Run the following command to create an organization:

7.	$ chef-server-ctl org-create short_name 'full_organization_name' --association_user user_name --filename ORGANIZATION-validator.pem

The name must begin with a lower-case letter or digit, may only contain lower-case letters, digits, hyphens, and underscores, and must be between 1 and 255 characters. For example: HPE.

The full name must begin with a non-white space character and must be between 1 and 1023 characters. For example: 'HPE Inc.'.

The --association_user option will associate the user_name with the admins security group on the Chef server.

An RSA private key is generated automatically. This is the chef-validator key and should be saved to a safe location. The --filename option will save the RSA private key to a specified path.

For example:

 

$ chef-server-ctl user-create joesmith Joe Smith joesmith@chef.io 'abc123' --filename /path/to/joesmith.pem

6. Run the following command to create an organization:

7.	$ chef-server-ctl org-create short_name 'full_organization_name' --association_user user_name --filename ORGANIZATION-validator.pem

The name must begin with a lower-case letter or digit, may only contain lower-case letters, digits, hyphens, and underscores, and must be between 1 and 255 characters. For example: HPE.

The full name must begin with a non-white space character and must be between 1 and 1023 characters. For example: 'HPE Inc.'.

The --association_user option will associate the user_name with the admins security group on the Chef server.

An RSA private key is generated automatically. This is the chef-validator key and should be saved to a safe location. The --filename option will save the RSA private key to a specified path.

For example:

$ chef-server-ctl org-create 4thcoffee 'HPE Inc.' --association_user joesmith --filename /path/to/joesmith.pem

After chef server is installed on the machine, one should be able to access the chefserver remotely. 

Please configure your network properly for CentOS or Ubuntu to verify that you can access the server machine within the network or from outside. 

CSA will use the ssh credential to execute the knife commands on the server. To configure the server properly, please test that you can ssh into the server. You should also be able to access https://chefserver-ip-address the chef server machine from web. 

Configuring the chef provider 

If for some reason you cannot access the chef server machine by the above methods you will not be able to configure the chef provider in the CSA. 

You need to open some of the ports or disable the firewall on your Linux machine which will allow you to ssh and connect to the chef server via a browser. 

When logging for the first time on the chef server, login credentials will be provided on the left, please use the admin credential to logon to the chef server. Please change the password after the initial login. 

chef server.png

 Click on the client tab.
The Screen shows list of clients the chef server has. Please select “Create” to create a new client.

Chef Server environment.png

 Give a new name for the client, and select the checkbox admin, to give the new client admin privileges. Then select Create Client.

Chef Server Client.png

 

Chef Server Messages.png

Copy the “Private key” text completely by highlighting all the text with in the box, in the clipboard. This will be used in configuring the provider properties in CSA. 

Private key.png

Logon to CSA as an admin. Click on provider tile, and select Chef Provider. Enter Display Name, Description, Service Access point (the FQDN, or ip address of the chef server). Please note UserId and password is the ssh credential to the chef server, please enter working credentials, and select save.

 

change image.png

One last step before CSA is properly configured with the chef server. Please select Properties tab and select create. Enter values for Type (string), Name (is the name of client we had created earlier on the chef server, in this case ‘chefclient’), Display Name, Description (optional), and Property Value this is where you will paste the Private Key value from the chef server we had copied in the previous step. Then select Create.

 String type.png

Chef Server provider is configured properly in CSA now and you can use it in your designs.

Some of the issues one might face are the following:

1. Not using the private key in properties.
2. Not providing ssh credentials
3. Networking issues with the Chef server.
Once the chef provider is configured in the CSA without errors, you are ready to create new designs using either CSA’s sequential or topology design.

 e.g of message of wrong url or password

Provider validation failed.png

 Learn more about these capabilities in Cloud Service Automation here. 

 

 

 

 

 

 

 

 

 

 

  • infrastructure management
0 Kudos
About the Author

Ops_Guest