As some of you may know I was recently DDoSed and Was Terminated by Linode for being flooded with 5.11MB/s of Traffic 3 times over a 5 day period. This left me looking for a new solution. I only had a ZNC Server and a couple of DNS Servers with them so it was no big Loss. (For DNS I now use AWS Route 53 its awesome) Any way in my search I came across DigitalOcean and must say I am very impressed with their Pricing, and no bullshit infrastructure. I thought while I was at it I would get better acquainted with chef as although I have used chef in the past I never setup my own chef server so decided to do so. I also found out how simple it is to bootstrap and run an SSD Cloud Instance on DigitalOcean with  Chef.

Preperation

To get started you will need a DigitalOcean account. If you sign up through this link you can get started with a free $10. In the interest of full disclosure if you spend $25 I  get $25 in my account too! Once you have your account create a CentOS 6 x64 Virtual Machine. I highly recommend 2GB RAM Minimum if you want to follow these instructions as Chef does get OOM Killed pretty quickly with any lower.

Server Installation

Now that you have your VM you will want to grab the Chef Server (For RHEL) and Chef Development Kit (For your OS) from https://downloads.chef.io Stick the Server rpm on your server and simply to.

[root@chef ~] # yum localinstall chef-server-core-12.0.7-1.el6.x86_64.rpm

This will install the chef server core. Once you have done so you will need to add your FQDN into your /etc/hosts file. Mine looks like this

127.0.0.1   infrastructure.affix.me localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

This will let chef detect your FQDN when configuring itself for the first time. To Configure Chef you use the chef-server-ctl tool you got when you installed chef. You call the tool with the reconfigure argument

[root@chef ~] # chef-server-ctl reconfigure

Since this is the first time you have configured chef go ahead and grab a beer/tea/coffee since this step will take a little time.

Server Configuration

If you have followed me so far you should have the workings of a chef server! now we need to configure the server before setting up your Workstation. Since chef can have multiple organisations and users we will need to configure a user.

[root@chef ~] # chef-server-ctl user-create <username> <firstname> <lastname> <email> <password> --filename <path/to/certificate>

So mine will look like this

[root@chef ~] # chef-server-ctl user-create affix Keiran Smith affix@affix.me p@$$w0rd --filename /var/chef/certs/affix.pem

Now we have our user, We need to associate them with an organisation.

chef-server-ctl org-create <short_name> <long_name> --association_user <user> --filename </path/to/certificate>

So mine will be

chef-server-ctl org-create afxme affix.me --association_user affix --filename /var/chef/certs/chef-validator.pem

And thats it. You have configured your chef server!

Workstation Setup

So now we need to configure our workstation. Hopefully you downloaded your package for your OS. I am using MacOSX however this will work for everyone. Simply install the package for your OS. Now we need a repo. For speed we can use the pre-created repo available on github. This is not the recommended method however it does work. Clone the repo.

[user@desktop ~] # git clone https://github.com/chef/chef-repo.git

Now you have the repo cloned we need to add a .chef folder.

[user@desktop ~] # cd chef-repo
[user@desktop chef-repo] # mkdir .chef

Once you have got this far we need to configure the knife tool. Knife is your gateway to becoming a great chef! these parts take place inside the .chef folder

[root@chef chef-repo] # cd .chef

Now we ned to place the certificates we generated above in this directory. This is how knife communicates with the chef server. Download these using your method of choice, I use scp.

[user@desktop .chef] # scp root@IP_OR_FQDN:.
[user@desktop .chef] # scp root@IP_OR_FQDN: .

Awesome so far you have your certificates. Now we need to create a file called knife.rb inside the .chef folder. The contents should be as follows.

current_dir = File.dirname(__FILE__)
log_level                :info
log_location             STDOUT
node_name                "<user>"
client_key               "#{current_dir}/<user.pem>"
validation_client_name   "<short_name>-validator"
validation_key           "#{current_dir}/<validator.pem>"
chef_server_url          "https://<FQDN>/organizations/<short_name>"
syntax_check_cache_path  "#{ENV['HOME']}/.chef/syntaxcache"
cookbook_path            ["#{current_dir}/../cookbooks"]

It is VERY important you use your FQDN in the chef_server_url, failure to do so will cause issues with SSL Validation. Now we need to fetch our SSL Certificate. Do this from the chef-repo directory

[user@desktop chef-repo] # knife ssl fetch
WARNING: Certificates from your.fqdn.tld will be fetched and placed in your trusted_cert
directory (/Users/<you>/chef-repo/.chef/trusted_certs).

Knife has no means to verify these are the correct certificates. You should
verify the authenticity of these certificates after downloading.

Adding certificate for infrastructure.affix.me in /Users/admin/chef-repo/.chef/trusted_certs/your_fqdn_tld.crt

If all went well you can now check your chef installation.

[user@desktop chef-repo] # knife ssl check
Connecting to host your.fqdn.tld:443
Successfully verified certificates from `your.fqdn.tld'
[user@desktop chef-repo] # knife client list
short_name-validator

Congratulations if you followed this guide you should now have a working chef Server and Workstation Setup. Stay Tuned for Part 2 Where we will learn how to create and Bootstrap SSD Cloud Server with DigitalOcean and Chef! Get Your $10 and DigitalOcean Account Here : https://www.digitalocean.com/?refcode=368a394500c1

One thought to “[Part1] Cooking with Chef and Digital Ocean”

Leave a Reply