Chef Node Bootstrap

The Chef server works as a mediator between the workstation and node, there is a need to interconnect for both the workstation and node should be in the same AZ.

Two actions will be done while bootstrapping,

  1. Adding a node to the chef server

  2. Installing chef package.

Connecting workstation with Chef-Server:

  1. First, we download the starter kit from chefManage.io.

  2. This will be downloaded in the form of zip file. If we extract this zip file, we will get the chef-repo folder.

    This folder need to place this in the chef workstation. Inside the chef-repo folder, we can see a total of three folders .chef, cookbooks, and roles.

  3. The .chef folder is responsible to establish communication between the chef-server and chef workstation. Because, inside the " .chef " folder, we can see two files. They are "knife.rb " and " privatekey.pem ". Inside "knife.rb ", there will be the URL (address) of the chef-server. Because of this URL, communication will be established between the chef-server and chef workstation. This is how we connect Chef Workstation to Chef Server.

  4. Create a chef account on “manage.chef.io”.

    Create New Organization and download the starter kit for that organization.

  5. Go to download and extract file chef-repo, after extracting we get more files inside chef-repo such as (.chef, cookbooks, gitignore, README.md, roles)

    Send chef-repo file to Linux Workstation machine,

    1. Using the software called WinSCP.

    2. Enter Login Details,

      Hostname - Public DNS of workstation machine

      Username - ec2-user

      Advance --> SSH --> Authentication --> Private key of workstation machine

    3. Login

  6. Drag Chef-repo from the left window and drop to right Linux window.

  7. In the chef-repo/.chef/config.rb file, In config.rb file, contains the URL of the chef server.

    cat config.rb

    Due to the presence of a URL in the workstation machine, the workstation gets connected to the chef server.

  8. To verify the workstation is connected to the server

    knife ssl check

Bootstrapping the Node

  1. Create Linux machine for (node1) in the same AZ of the workstation with a new security group and new key pair name <node1-key>, and save Private IP for further knife bootstrap commands.

  2. With the help of WinSCP, transfer the downloaded node1-key.pem to Chef-repo for bootstrap command.

  3. Now go to the chef workstation in chef-repo directory and execute the Bootstrap command to attach node1 to the chef-server.

    knife bootstrap <privateIP(node1)> -–ssh-user ec2-user -–sudo -i node-1key.pem -N node1

  4. To check the Node connection with the chef-server

    knife node list

  5. Upload apache-cookbook to chef-server

    Inside the chef-repo directory,

    knife cookbook upload apache-cookbook

    Confirm Uploading,

    knife cookbook list

  6. Now we will attach the recipe on node1 which we would like to run on node1, by this Run_list command,

    knife node run_list set node1 “recipe[apache-cookbook::apache-recipe]

    In this way, Node1 will get updated according to the chef-server configuration But in the above process whenever we update any recipe there is a need to upload the cookbook to the chef-server, and each time we have to call the chef-client at the Node terminal.

Automation for Node Upgradation

To automate this process:

We need to automate the above process. For this, we use the “cron tool” which is the default tool in all Linux machines used to schedule tasks to be executed automatically at frequent intervals. So in this “crontab” file, we give a chef-client command and we need to set the timing as per our requirement. Then onwards chef-client runs automatically after every frequent interval. It is only one-time effort. When we purchase any new server in a company, along with Bootstrap, we automate chef-client then and there.

Steps :

  1. Take access of the Node terminal.

  2. On node1 open "crontab" file with vi/etc/crontab.

  3. With the help of this command automation will start no need to call the chef-client again.

  4. Chef-client command to execute periodically according to “*/n crontab method”

    ***** root chef-client

    - 5 Star denote */n, (HR DAY MONTH YEAR WEEK)

  5. To verify this automation make some changes in your recipe on workstation and save the file.

  6. Upload the cookbook with knife cookbook upload apache-cookbook

  7. Open the browser and check public ip of node1, you will see updated content.