Click the “Proceed anyway” button to bypass this screen and access the login screen. It will look something like this:
The default login credentials are as follows:
Default Username: admin Default Password: p@ssw0rd1
When you log in for the first time, you will be immediately prompted to change your password. Select a new password and then click on the “Save User” button on the bottom:
You have now configured the server to a point where we can leave it and begin our workstation configuration.
Workstation Installation
Our workstation computer is the VPS that we will use to create and edit the actual policies that dictate our infrastructure environments. This machine has a copy of the Chef repo that describes our machines and services and it uploads those to the Chef server for implementation.
We will start by simply installing
git for version control:sudo apt-get update sudo apt-get install git
This actually has two purposes. The obvious use is that we will be keeping our configuration under version control to track changes. The second purpose is to temporarily cache our password with sudo so that the following command works.
We will now download and run the client installation script from the Chef website. Type this command to complete all of these steps:
curl -L https://www.opscode.com/chef/install.sh | sudo bash
Our Chef workstation component is now installed. However it is very far from being configured.
The next step is to acquire the “chef-repo” directory structure for a properly formatted Chef repository from GitHub. We can clone the structure into our home directory by typing:
cd ~ git clone https://github.com/opscode/chef-repo.git
This will create a directory called
chef-repo in your home directory. This is where the entire configuration for your setup will be contained.
We will create a configuration directory for the Chef tools themselves within this directory:
mkdir ~/chef-repo/.chef
Within this directory, we will need to put some of the authentication files from our Chef server. Specifically, we need two private keys.
Generating and Copying Keys from the Server
Go back to your Chef server in your web browser:
https://server_domain_or_IP
Log in using the
admin user’s credentials that you changed before.
Click on the “Clients” tab in the top navigation bar. You will see two two clients called chef-validator and chef-webui:
Click on the “Edit” button associated with the
chef-validator client. Regenerate the private key by selecting that box and clicking “Save Client”:
You will be taken a screen with the newly generated values for the key file.
Note: This key will only be available once, so don’t click out of this page! If you do, you will need to regenerate the key again.
Copy the value of the private key field (the one at the bottom).
On your workstation machine, change to the Chef configuration directory we created in the repo:
cd ~/chef-repo/.chef
Open a new file for the validator key we just created:
nano chef-validator.pem
In this file, paste the contents of the key you copied from the server’s web interface (some lines have been removed for brevity here):
-----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEA6Np8f3J3M4NkA4J+r144P4z27B7O0htfXmPOjvQa2avkzWwx oP28SjUkU/pZD5jTWxsIlRjXgDNdtLwtHYABT+9Q5xiTQ37s+eeJgykQIifED23C aDi1cFXOp/ysBXaGwjvl5ZBCZkQGRG4NIuL7taPMsVTqM41MRgbAcLCdl5g7Vkri . . . . . . xGjoTVH1vBAJ7BG1RHJZlx+T9QnrK+fQu5R9mikkLHayxi13mD0C -----END RSA PRIVATE KEY-----
Ensure that there are not extra blank lines above or below the key. Save and close the file.
We will follow the same procedure to regenerate and save the admin user’s key file. This time, the key is for a user, so click on the “Users” tab on the top.
Again, click on the “Edit” button associated with the admin user, check the “Regenerate Private Key” box and click the “Save User” button:
Copy the Private key value on the next screen. Once again, this will not be shown again, so copy it correctly the first time.
Back on your workstation computer, you will need to create another file for the admin user in the same directory:
nano admin.pem
Paste the contents of the key you copied from the server’s interface (again, this is shortened):
-----BEGIN RSA PRIVATE KEY----- MIIEpAIBAAKCAQEA/apu0+F5bkVtX6qGYcfoA6sIW/aLFUEc3Bw7ltb50GoZnUPj 0Ms1N1Rv/pdVZXeBa8KsqICAhAzvwSr0H9j+AoURidbkLv4urVC9VS4dZyIRfwvq PGvAKop9bbY2WJMs23SiEkurEDyfKaqXKW687taJ9AKbH2yVx0ArPI2RwS3Sze3g . . . . . . VTkNpg3lLRSGbQkvRUP6Kt20erS2bfETTtH6ok/zW4db8B/vnBlcZg== -----END RSA PRIVATE KEY-----
Verify that there are no extra lines above or below the pasted key lines. Save and close the file.
Configure the Knife Command
We now have to configure the
knife command. This command is the central way of communicating with our server and the nodes that we will be configuring. We need to tell it how to authenticate and then generate a user to access the Chef server.
Luckily, we’ve been laying the groundwork for this step by acquiring the appropriate credential files. We can start the configuration by typing:
knife configure --initial
This will ask you a series of questions. We will go through them one by one:
WARNING: No knife configuration file found Where should I put the config file? [/home/your_user/.chef/knife.rb]
The values in the brackets ([]) are the default values that knife will use if we do not select a value.
We want to place our knife configuration file in the hidden directory we have been using:
/home/your_user/chef-repo/.chef/knife.rb
In the next question, type in the domain name or IP address you use to access the Chef server. This should begin with
https:// and end with :443:https://server_domain_or_IP:443
You will be asked for a name for the new user you will be creating. Choose something descriptive:
Please enter a name for the new user: [root] station1
It will then ask you for the admin name. This you can just press enter on to accept the default value (we didn’t change the admin name).
It will then ask you for the location of the existing administrators key. This should be:
/home/your_user/chef-repo/.chef/admin.pem
It will ask a similar set of questions about the validator. We haven’t changed the validator’s name either, so we can keep that as
chef-validator. Press enter to accept this value.
It will then ask you for the location of the validation key. It should be something like this:
/home/your_user/chef-repo/.chef/chef-validator.pem
Next, it will ask for the path to the repository. This is the
chef-repo folder we have been operating in:/home/your_user/chef-repo
Finally, it will ask you to select a password for your new user. Select anything you would like.
This should complete our knife configuration. If we look in our
chef-repo/.chefdirectory, we should see a knife configuration file and the credentials of our new user:ls ~/chef-repo/.chef admin.pem chef-validator.pem knife.rb station1.pem
No comments:
Post a Comment