Do you think IIT Guwahati certified course can help you in your career?
Introduction
The Chef Infra Server serves as a repository for configuration data. The Chef Infra Server holds cookbooks, node policies, and metadata that characterises each registered node managed by the Chef Infra Client. One of the essential stages that users must cross is the server installation. In this essay, we will look at various Chef Infra Server scenarios. Now we will also learn about the various methods of installation.
Configuration Scenarios
The Chef Infra Server can be configured in three different scenarios:
Standalone: Standalone means that everything is done on a single system or system.
High availability: High availability machines are those that are configured for both the front-end and the back-end. Thus, allowing for failover on the back-end and load balancing on the front-end as needed.
Tiered: Tiered computers or machine is designed for front-end and back-end use, with a single back-end and front-end load balancing as needed.
Prerequisites
The Chef Infra Server requires the following prerequisites:
1) Prior to installation, an x86 64 compatible system architecture, Red Hat Enterprise Linux, and CentOS may require upgrades.
2) A resolvable hostname defined by FQDN or IP address.
3) A Network Time Protocol (NTP) connection is required to prevent clock drift.
4) If you're using host-based firewalls (iptables, ufw, etc.), make sure ports 80 and 443 are open. More information can be found in the firewalls portion of the install prerequisites.
5) A mail transfer agent that enables the Chef Infra Server to send email notifications.
6) For periodic maintenance activities, use cron and the "/etc/cron.d" directory.
7) On CentOS and Red Hat systems, disable the Apache Qpid daemon. For comprehensive instructions, refer to the Apache Qpid requirement documentation.
8) Optional requisite: A local user account under which services will be operated, a PostgreSQL local user account, and a group account under which services will be run. For further information, see UIDs and GIDs.
Standalone
The Chef Infra Server standalone installation generates a functioning installation on a single server. This installation is especially useful for installing Chef Infra Server in a virtual machine, as part of a proof-of-concept deployment, or as part of a development or testing cycle.
To install Chef Infra Server, we have to go along the following steps:
1) Go to the Chef's official website and download the bundle.
2) Upload the package to the Chef Infra server machine, then note where it is on the file system. The following instructions will presume that this location is in the "/tmp" directory.
3) Install the Chef Infra Server package on the server using the name provided by Chef. The Red Hat Enterprise Linux and CentOS command should be a root user.
sudo rpm -Uvh /tmp/chef-server-core-version>.rpm
sudo dpkg -i /tmp/chef-server-core-version>.deb"
on Ubuntu.
The Chef Infra Server will be set up after a few minutes.
4) Run the following commands to start all services:
sudo chef-server-ctl reconfigure
This phase may take a few minutes to finish since the Chef Infra Server consists of several separate services that work together to produce a functioning system.
5) To become an administrator, execute the following command:
Remember that the name must begin with a lower-case letter or digit, contain only lower-case letters, digits, hyphens, and underscores, and be between 1 and 255 characters long, such as ten20org.
The whole name must start with a non-whitespace character and be between 1 and 1023 characters long. For instance, 'Ten Org, Inc.'
The "--association_user" option associates the "user name" with the Chef Infra Server's admins' security group.
An RSA private key is automatically produced. This is the chef-validator key, which should be kept in a secure area. The —filename option saves the RSA private key to the absolute path supplied.
Update Configuration for Purchased Nodes
To use more than 25 nodes, modify the Chef Infra Server configuration so that the server recognises your purchased licences. Follow the steps below to edit your "/etc/opscode/chef-server.rb" file:
1) If the chef-server.rb file does not exist on your Chef Infra Server. Make it happen.
is a command that creates a directory in which to run the chef-server.rb script.
2) Open your favourite text editor and navigate to the newly created chef-server.rb file, for example:
sudo vi /etc/opscode/chef-server.rb
3) Copy and paste the following text. Please take care of where the single quotation (') marks are placed. If you're using the vi text editor, insert the text by using the I key.
license['nodes'] = N, where N is the amount or number of licensed nodes that have been purchased.
Save the file. If you're using vi, press the "Esc" key and then ":wq" from the sample above. To ensure that your Chef Infra Server picks up the modifications, run chef-server-ctl reconfigure.
sudo chef-server-ctl reconfigure
High Availability Chef Backend
This subject provides an overview of the Chef Infra Server cluster setup and installation process.
Overview
The Chef Infra Server may run in a high availability mode, offering automated load balancing and failover for stateful system components. The servers are often divided into two groups in this configuration: the back-end cluster and the front-end group.
1) The front-end group comprises one (or more) nodes operating the Chef Infra Server. Front-end nodes handle Chef Infra Server API queries and access to the Chef administration console. Front-end group nodes should be load balanced, and the number of nodes available to answer requests can be scaled horizontally.
2)The front-end group is served by the back-end cluster, which is made up of three nodes that work together to ensure high availability data persistence.
Installation
Before constructing the back-end HA cluster and at least one Chef Infra Server for the front-end group, ensure the following:
1) All nodes are accessible to the person who will install and configure the back-end HA cluster and front-end group.
2) The intended number of back-end and front-end nodes. Three back-end nodes are necessary. However, the number of front-end nodes can range from a single node to a load-balanced tiered architecture.
3) From the node that will be the initial bootstrap, SSH access to all boxes in the back-end HA cluster.
4) A time synchronisation strategy is in place, such as the Network Time Protocol (NTP). All nodes in the back-end HA cluster must have a drift of fewer than 1.5 seconds.
Step 1 Creating a Cluster
To start the cluster, the first node must be bootstrapped. When the cluster comes online, the node that was used to bootstrap it will be the cluster leader. After bootstrap, this node is identical to any other back-end node.
1) Install the Chef Backend package as root on the first back-end node.
Download Chef Back-end (chef-backend)
In Red Hat/CentOS, type
yum install PATH_TO_RPM
In Debian/Ubuntu, type
dpkg -i PATH_TO_DEB
2) Add the following line to "/etc/chef-backend/chef-backend.rb": "publish_address 'external_IP_address_of_this_box' # External IP address of this backend box".
3) If any of your back-ends or front-ends are in separate networks, add a "postgresql.md5_auth_cidr_addresses" line to "/etc/chef-backend/chef-backend.rb" with the following content, where "<NET-1_IN_CIDR>", ..., "<NET-N_IN_CIDR>" is a list of all the networks in which your back-ends and front-ends are.
4) Execute the "chef-backend-ctl create-cluster" command.
Step 2 Shared Credentials
The bootstrapping credentials file "/etc/chef-backend/chef-backend-secrets.json" must be shared with the other nodes. You can either copy them directly or expose them through a shared mounted directory.
After Step 4 is finished for each back-end joining the cluster, delete this file from the destination.
Step 3 Installing and Configuring Remaining Back-end Nodes
Do the following in order for each additional node. If you try to join nodes at the same time, the cluster may fail to become available:
1) On the node, install the Chef Backend package.
Download/Install Chef Back-end (chef-backend).
In Red Hat and CentOS:
yum install PATH_TO_RPM
in Debian/Ubuntu:
dpkg -i PATH_TO_DEB
2) If, in Step 1, you inserted a "postgresql.md5_auth_cidr_addresses" line to the leader's "/etc/chef-backend/chef-backend.rb": CreateCluster then updates this node's "/etc/chef-backend/chef-backend.rb" with the following content, with "postgresql.md5_auth_cidr_addresses" set to the same value as in the leader's "chef-backend.rb".
If all of the back-end and front-end clusters are on the same network, you don't need to change anything in"/etc/chef-backend/chef-backend.rb." on this node.
publish_address 'external_IP_address_of_this_box' #The External ip address of this backend box
4) Follow the prompts to select a public IP address. Alternatively, you can use the backend join-cluster command line to specify them.
chef-backend join-cluster
For further information, run :
chef-backend-ctl join-cluster --help
If you manually added the publish address line to "/etc/chef-backend/chef-backend.rb", you will not be prompted for the public IP and should not use the "--publish-address" option on the "chef-backend join-cluster" command line to specify the public IP.
5) Remove the shared chef-backend-secrets.json file from a user's HOME directory on this host.
6) Repeat these instructions for each follower node until the cluster is operational. Run the following command from any node in the back-end HA cluster:
chef-backend-ctl status
Step 4 Generating Chef Infra Server Configuration
To do this, Log into the node from Step 1 and create a chef-server front-end node configuration as follows:
This would generate a new "/etc/opscode/chef-server.rb" from any of the back-end nodes.
Copy it to the new front-end node's "/etc/opscode" directory.
Copy the following files from the first front-end node configured in Step 5 to /etc/opscode on the new front-end node: "/etc/opscode/private-chef-secrets.json."
mkdir -p /var/opt/opscode/upgrades/
on the new frontend node
Copy "/var/opt/opscode/upgrades/migration-level" from the first frontend node to the new node.
Run the command
touch /var/opt/opscode/bootstrapped
on the new front-end.
As root, run the command,
chef-server-ctl reconfigure
on the new front-end.
Step 7 Configure the Server
To create an administrator, use the following command:
We should keep in mind that the name must start with a lower-case letter or digit, contain only lower-case letters, numerals, hyphens, and underscores, and be between 1 and 255 characters long—for instance, 4thcafe.
The whole name must start with a non-whitespace character and be between 1 and 1023 characters long. For instance, 'Fourth Cafe, Inc.'
The--association_user option associates the user_name with the Chef Infra Server's admins security group.
Upgrading Chef Infra Server on Frontend Machines
1) Follow the independent upgrade process on a single front-end server.
2) Copy "/var/opt/opscode/upgrades/migration-level " from the first upgraded frontend to each remaining frontend.
3) Perform the standalone upgrade on each front-end server when the modified file has been copied to each of the remaining front-ends.
Tiered Installation
This topic explains how to configure the Chef Infra Server to have a single back end and many load-balanced front-end servers.
Prerequisites
Perform the following steps before installing the Chef Infra Server software:
Each front-end server must have access to the back-end server. The Chef Infra Server generates and manages virtual IP addresses. It must, however, be added to the DNS so that all machines in the tiered setup may access it.
Cookbook files and directories comprise persistent data on the Chef Infra Server. Before deploying the Chef Infra Server, separate discs should be dedicated completely to storing this data.
Load balancing should be utilised with front-end servers and a DNS entry for the load balancing virtual IP address. The "api fqdn" virtual IP address is added to the "chef-server.rb" file.
All necessary ports must be open. The list of ports is available in the Firewalls section (below). TCP is used for all connections to and from the Chef Infra Server. If necessary, consult the operating system's manual or your system administrators for advice on setting ports.
The Chef Infra Server's hostname must be an FQDN, including the domain suffix, and must be resolvable by both the back-end and front-end servers. For further information, see Hostnames and FQDNs.
The "chef-server-ctl" reconfiguration command will not connect the "back-end vip" to the back-end server. The simplest solution is to define "back-end vip" as the back-end system's already configured primary IP address. Assume you need to use a different address. In that case, it must be configured and bound on the system before running the "chef-server-ctl" reconfigure.
Basic Hardware Requirements
Your back-end server should meet the following hardware specifications for a tiered deployment:
1) Architecture in 64 bits
2) Total of eight cores (physical or virtual)
3) 16GB RAM
4) Storage that is both fast and redundant (SSD/RAID-based solution)
5) Back-end server: 50 GB On-premises SSD, Premium Storage in Microsoft Azure, and EBS-optimized GP2 in AWS
6) 1 gigabit Ethernet network interface
7) All other systems will be front-end servers.
Disk Configuration
Persistent data on the Chef Infra Server's back-end server is mainly made up of cookbook files and directories. Before deploying the Chef Infra Server, separate discs should be dedicated completely to storing this data. These drives should be part of an SSD or hardware RAID-based system that provides redundancy as well as high IOPS.
This configuration tutorial assumes that you have:
1) 50GB of raw, unpartitioned disc space. Disk space should grow in proportion to the number of nodes managed by the back-end server. A usual rule of thumb is to set aside 2 MB for each node.
2) The disc space is displayed as a single device. For instance, "/dev/sdb".
3) Before reconfiguring the storage, it is added to a volume group called opscode and delivered to the Chef Infra Server. Done by mounting on "/var/opt/opscode."
The commands "
pvcreate /dev/sdb," "vgcreate opscode /dev/sdb,
and
lvcreate -l 80%VG -n tiered opscode
appropriately configure disc settings on the back-end server.
Mount Storage Device
To create and mount the storage device on the back-end server, perform these steps:
Make a file system. For instance, an ext4 type named tiered: "mkfs.ext4 /dev/opscode/tiered" followed by "mkdir -p /var/opt/opscode" and finally "mount /dev/opscode/tiered /var/opt/opscode".
Backend
To configure the back-end Chef Infra Server, perform the following steps:
1) Go to https://www.chef.io/downloads/tools/infra-server and download the packages. "rpm -Uvh /tmp/chef-server-core-version>.rpm" for Red Hat and CentOS 6; "dpkg -i /tmp/chef-server-core-version>.deb" for Ubuntu.
The Chef Infra Server will be installed in a few minutes.
2) In the /etc/opscode/ directory, create a file called chef-server.rb. The required parameters and values are shown in the chef-server.rb section below.
chef-server.rb
The chef-server.rb file in the "/etc/opscode/" directory explains the tiered configuration's topology. Create a file called "chef-server.rb" on the back-end server and store it in the "/etc/opscode/" directory.
To the chef-server.rb file, add the following settings:
1) Define the topology type: "tier" topology
2) Define the back-end server: server "FQDN", :ipaddress => "IP ADDRESS", :role => "backend", :bootstrap => "http://localhost:8080/" true
Replace FQDN with the server's FQDN and IP_ADDRESS with the server's IP address. A back-end server's role is "back-end."
3) Define the virtual IP address for the back-end:
backend_vip "FQDN",
:ipaddress => "IP_ADDRESS",
:device => "eth0"
Substitute FQDN with the server's FQDN. Replace "IP_ADDRESS" with the server's virtual IP address. The ":device" argument should provide the ethernet interface that the virtual IP address should be bound. This is normally the server's public interface. In a typical tiered installation, this could simply be the main FQDN and IP address that has already been configured for the back end.
chef-server-ctl reconfigure
The command above will not bind the address "backend_vip" to an interface. This must be done when the machine boots up.
4) Define each front-end server as follows:
server "FQDN",
:ipaddress => "IP_ADDRESS",
:role => "frontend"
FQDN should be replaced with the FQDN of the front-end server. Replace "IP_ADDRESS" with the front-end server's IP address. Set the role to "front-end."
Each front-end server should have its own entry in the "chef-server.rb" file.
5) Set the FQDN for the API:
api_fqdn "FQDN"
Replace FQDN with the FQDN of the load-balanced virtual IP address, which should be the same as the FQDN for the Chef Infra Server's service URI.
Reinstall Chef Infra Server and the Chef management console. Members of a standalone and front-end group in a High Availability installation:
"reconfigure chef-server-ctl"
Frontend
To configure the Chef Infra Server for each front-end server, perform the following steps:
1) Start by installing the Chef Infra Server package.
rpm -Uvh /tmp/chef-server-core-<version>.rpm
for Red Hat and CentOS 6.
dpkg -i /tmp/chef-server-core-<version>.deb
for Ubuntu.
The Chef Infra Server will be installed in a few minutes.
2) Create the /etc/opscode/ directory, and then copy the complete contents of the /etc/opscode directory, including all certificates and the "chef-server.rb" file from the primary back-end server.
3) Reconfigure the Chef Infrastructure Server and the Chef management console (standalone and front-end group members of a High Availability installation):
chef-server-ctl reconfigure
4) Initialise the Chef Infra Server with "
chef-server-ctl start
Create an administrator and an organisation respectively on a single front-end server by running
We should remember that the name must start with a lower-case letter or digit, contain only lower-case letters, numerals, hyphens, and underscores, and be between 1 and 255 characters long. ten20org is an example.
The whole name must start with a non-whitespace character and be between 1 and 1023 characters long. For instance, 'Ten Org, Inc.'
The "--association_user" option associates the "user_name" with the Chef Infra Server's admins security group.
Enable Features
Enable extra Chef Infra Server functionalities! The packages can be downloaded directly during the installation process, or they can be downloaded to a local directory beforehand and then installed.
Use Downloads
Make use of Downloads.
By default, the install subcommand gets packages from https://packages.chef.io/. We can install the Chef management console package on systems that are not behind a firewall and have access to https://packages.chef.io/ as stated below:
Chef Manage
From a web interface, use the Chef administration console to manage data bags, attributes, run-lists, roles, environments, and cookbooks.
Run
chef-server-ctl install chef-manage
on each front-end server in the Chef Infra Server setup, followed by
chef-server-ctl reconfigure" and "chef-manage-ctl reconfigure
commands.
sudo chef-manage-ctl reconfigure --accept-license
to accept the Chef MLSA.
The Chef Infra Server is updated, and the file "/etc/opscode-manage/secrets.rb" is created. When launching the Chef management console, copy the secrets from the "/etc/opscode-manage " on one of the front-end servers to the same directory on the other front-end servers. Then, rerun chef-manage-ctl reconfigure to ensure that the copied "/etc/opscode-manage/secrets.rb" file is used correctly.
Use Local Packages
We install the Chef Manage (chef-manage) add-on for Chef Infra Server using the install subcommand and the "--path" option.
What are the proper steps for installing Chef Server?
The following is the general procedure for installing a Chef Server: The first step is to set up a Chef Server. Step two, in Workstation, create a recipe or a cookbook or download a cookbook from Chef Supermarket. Step three is to upload a Chef Server Cookbook. Connect A Node To The Chef Server In Step Four.
How do I activate more Chef Infra Server features?
There are options for enabling extra Chef Infra Server functionalities. We will need the packages for this. Packages can be downloaded directly as part of the installation procedure, or they can be downloaded to a local directory before being installed.
How do you reach a recently spun Chef supermarket?
The hostname must be resolvable from a workstation to reach the newly launched private Chef Supermarket. In order to be used in production, the hostname should have a DNS entry in an appropriate domain that each user's workstation trusts.
Conclusion
The Chef INFRA SERVER installation process can be complicated at first. Various scenarios and configurations are available during the installation procedure. We also learned about extra features and packages. Finally, in this article, we learned how to configure the Chef Infra Server.Visit our blogs on Chef to find out more. Go inside to find out how to configure Chef infra server and manage Chef infra server. If you want to dive deeper, find out about Chef Habitat Installation and Common Terms related to Chef InSpec. Explore Coding Ninjas Studio to find more exciting stuff. Happy Coding!
19+ registered 
