We can deploy Chef using the official omnibus installer through cloud-init. This installer embeds everything needed to deploy Chef and all its dependencies. We'll then configure the Chef client to authenticate securely against the Chef Server organization, and finally apply an initial set of cookbooks.
To step through this recipe, you will need the following:
- Access to a cloud-config enabled infrastructure
- A working Chef Server and organization setup
Everything related to Chef with cloud-init is configured under the directive named chef.
As we want to use the official omnibus build (other choices are installing Chef through a Ruby gem—deprecated and too dependent on a locally installed Ruby version and through a package, which is already documented), let's define the installation type to omnibus, and ensure it is installed even if, for some reason, the Chef client was found to be already present on the system. Finally, let's explicitly define the installer full URL, so we're sure about what we install (maybe point it to a local version on your own servers).
#cloud-config chef: install_type: "omnibus" force_install: true omnibus_url: "https://www.getchef.com/chef/install.sh"
This will output something like the following in the cloud-init logs:
Getting information for chef stable for ubuntu... downloading https://omnitruck-direct.chef.io/stable/chef/metadata?v=&p=ubuntu&pv=14.04&m=x86_64 to file /tmp/install.sh.1294/metadata.txt [...] version 12.14.89 [...] Installing chef [...] Unpacking chef (12.14.89-1) ... Setting up chef (12.14.89-1) ... Thank you for installing Chef!
At this point, you'll have a valid Chef installation under /opt/chef, though not yet configured.
Three pieces of information are needed for a chef client to authenticate correctly against a pre-existing Chef Server organization: the URL of the Chef server (https://api.chef.io/organizations/iacbook), the private key allowing you to add nodes to the organization, and the name linked to this key (by default, the organization name, such as iacbook). This information is mapped like this in the cloud-config file:
#cloud-config
chef:
server_url: "https://api.chef.io/organizations/iacbook"
validation_name: "iacbook"
validation_cert: |
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAuR[...]
-----END RSA PRIVATE KEY-----With this information, the initial chef-client run will be able to authenticate itself against the Chef organization and add the node. In the cloud-init logs, this step is found at this moment:
[...] Starting Chef Client, version 12.14.89 Creating a new client identity for i-0913e870fb28af4bd using the validator key. [...]
We certainly want to apply at least an initial cookbook for configuring the instance. In this case, we'll simply apply the starter cookbook shipped with the starter kit, but we can add as many required roles and cookbooks as we want. Refer to the dedicated chapter of this book for more information on obtaining this cookbook:
#cloud-config chef: run_list: - "recipe[starter]"
In the logs, we'll see this being applied like this:
[...] Loading cookbooks [[email protected]] Storing updated cookbooks/starter/attributes/default.rb in the cache. Storing updated cookbooks/starter/recipes/default.rb in the cache. Storing updated cookbooks/starter/templates/default/sample.erb in the cache. Storing updated cookbooks/starter/files/default/sample.txt in the cache. Storing updated cookbooks/starter/metadata.rb in the cache. Processing log[Welcome to Chef, Sam Doe!] action write (starter::default line 4) Welcome to Chef, Sam Doe! Chef Run complete in 2.625856409 seconds
Our instance is now both registered and configured automatically, as early as possible, with just a few lines in the cloud-config file.