Thursday, August 7, 2014

Installing Chef solo, knife solo and confirming chef-solo runs with knife solo

Very begging of installing and setting up chef to use knife solo mainly for me.

Updating the latest packages and git

$ sudo yum -y update git
Installing Chef
$ curl -L https://www.opscode.com/chef/install.sh | sudo bash
Installing knife-solo
$ sudo /opt/chef/embedded/bin/gem install knife-solo --no-ri --no-rdoc
$ knife -v
Chef: 11.14.2
Confirming the path in which knife is installed
$ ll `which knife`
lrwxrwxrwx 1 root root 19 Aug  5 04:32 /usr/bin/knife -> /opt/chef/bin/knife
Configuring knife
$ knife configure \
-y \
--defaults \
-r /home/ec2-user/chef-repo
WARNING: No knife configuration file found
*****

You must place your client key in:
  /home/ec2-user/.chef/ec2-user.pem
Before running commands with Knife!

*****

You must place your validation key in:
  /etc/chef-server/chef-validator.pem
Before generating instance data with Knife!

***** 
Place the secret key file at /home/ec2-user/.chef/ec2-user.pem.
Initializing repository
$ knife solo init chef-repo
Creating kitchen...
Creating knife.rb in kitchen...
Creating cupboards...
Uninstalling Chef (if needed)
$ yum -y remove `rpm -q chef`
Creating cookbook
$ knife cookbook create hello -o site-cookbooks
Creating recipes
site-cookbooks/recipe/hello/default.rb
log "Hello, Chef!"
Creating node object file to execute recipe
This is just to confirm that knife solo runs at localhost.
node/localhost.json
{
  "run_list" : [
     "recipe[hello]"
  ]
}
Running chef-solo on remote host (Here, at localhost)
$ knife solo cook localhost
Running Chef on localhost...
Checking Chef version...
Uploading the kitchen...
Generating solo config...
Running Chef...
[2014-08-08T06:21:43+00:00] WARN: 
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
SSL validation of HTTPS requests is disabled. HTTPS connections are still
encrypted, but chef is not able to detect forged replies or man in the middle
attacks.

To fix this issue add an entry like this to your configuration file:

```
  # Verify all HTTPS connections (recommended)
  ssl_verify_mode :verify_peer

  # OR, Verify only connections to chef-server
  verify_api_cert true
```

To check your SSL configuration, or troubleshoot errors, you can use the
`knife ssl check` command like so:

```
  knife ssl check -c /home/ec2-user/chef-solo/solo.rb
```

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Starting Chef Client, version 11.14.2
Compiling Cookbooks...
Converging 1 resources
Recipe: hello::default
  * log[Hello, Chef!] action write
  

Running handlers:
Running handlers complete
Chef Client finished, 1/1 resources updated in 1.430750102 seconds
If the SSL warning message appears, it is possible to disable by adding an entry on solo.rb. The detail is show at official HP, knife ssl check.
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
SSL validation of HTTPS requests is disabled. HTTPS connections are still
encrypted, but chef is not able to detect forged replies or man in the middle
attacks.

To fix this issue add an entry like this to your configuration file:

```
  # Verify all HTTPS connections (recommended)
  ssl_verify_mode :verify_peer

  # OR, Verify only connections to chef-server
  verify_api_cert true
```

To check your SSL configuration, or troubleshoot errors, you can use the
`knife ssl check` command like so:

```
  knife ssl check -c /home/ec2-user/chef-solo/solo.rb
```

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
~/chef-repo/.chef/knife.rb
ssl_verify_mode :verify_peer
Next is to install chef and cookbook on a remote host with knife solo and install a package.

2 comments:

  1. Realy Good article……I have no word to say.
    you know what I never read this kind of long article before these days ! ! You are amazing

    ReplyDelete
  2. A medium size pocket knife is easy to carry and provides the benefits of a versatile larger knife blade. Best knife

    ReplyDelete