Ubuntu 9.10 karmic and Chef

Quick notes on installing chef configuration management on Ubuntu 9.10 Karmic

Quick notes on installing chef configuration management on Ubuntu 9.10 Karmic, this is mostly taken directly from the chef wiki pages but kind of putting it all together and noting problems I ran into.

My automated install is a pretty tight server install:

%packages
openssh-server
curl
nfs-common
portmap
libnss-ldap
libpam-ldap
vlan

I want to install the newest version which is at opscode and not the version in karmic universe so I add the apt repo to the system.

echo “deb http://apt.opscode.com/ karmic universe” > /etc/apt/sources.list.d/opscode.list
curl http://apt.opscode.com/packages@opscode.com.gpg.key | sudo apt-key add –
apt-get update
# actually install chef-server
sudo apt-get install rubygems ohai chef chef-server

I have to manually install git for this server as its usually installed by chef

sudo apt-get -y install git-core

Now I install apache, and the apache modules

sudo apt-get -y install apache2

# module setup
for a2mod in proxy proxy_http proxy_balancer ssl rewrite headers
do
sudo a2enmod $a2mod
done

Now I create the virtual host:

Create /etc/apache2/sites-available/chef_server.repo with the following info, but replace server_fqdn with your chef fully qualified domain name.

<VirtualHost *:443>
ServerName server_fqdn
DocumentRoot /usr/share/chef-server/public

<Proxy balancer://chef_server>
BalancerMember http://127.0.0.1:4000
Order deny,allow
Allow from all
</Proxy>

LogLevel info
ErrorLog /var/log/apache2/chef_server-error.log
CustomLog /var/log/apache2/chef_server-access.log combined

SSLEngine On
SSLCertificateFile /etc/chef/certificates/server_fqdn.pem
SSLCertificateKeyFile /etc/chef/certificates/server_fqdn.pem

RequestHeader set X_FORWARDED_PROTO ‘https’

RewriteEngine On
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
RewriteRule ^/(.*)$ balancer://chef_server%{REQUEST_URI} [P,QSA,L]
</VirtualHost>

<VirtualHost *:444%gt;
ServerName server_fqdn
DocumentRoot /usr/share/chef-server/public

<Proxy balancer://chef_server_openid>
BalancerMember http://127.0.0.1:4001
Order deny,allow
Allow from all
</Proxy>

LogLevel info
ErrorLog /var/log/apache2/chef_server-error.log
CustomLog /var/log/apache2/chef_server-access.log combined

SSLEngine On
SSLCertificateFile /etc/chef/certificates/server_fqdn.pem
SSLCertificateKeyFile /etc/chef/certificates/server_fqdn.pem

RequestHeader set X_FORWARDED_PROTO ‘https’

RewriteEngine On
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
RewriteRule ^/(.*)$ balancer://chef_server_openid%{REQUEST_URI} [P,QSA,L]
</VirtualHost>

Checkout the chef repo:

cd
git clone git://github.com/opscode/chef-repo.git
cd chef-repo

Time to create your ssl cert

rake ssl_cert FQDN=chef.int.domain

Not sure what I am doing wrong here but I now run the install that for some reason does not copy the certs I just generated over … so I manually copy them over

rake install
cd /root/chef-repo/certificates
cp -a * /etc/chef/certificates/

Now we should be ready to restart apache and see if everything is working

sudo /etc/init.d/apache2 restart

We need to enable the chef virtual site

sudo a2ensite chef_server.repo
/etc/init.d/apache2 reload

now you should be able to bring up the Chef web interface in your browser, if you followed the directions in this writeup it will only work with https.

https://chef.int.domain/

Since I already have a open ldap gateway server configured I am able to log right in and confirm a running install, for more info on that see:

http://mrmiller.nonesensedomains.com/2009/09/18/chef-openid-to-ldap-gateway/

I always like to do a reboot after configuring a new host as even the best make mistakes from time to time and this way I can confirm that everything is starting/running as expected.

Next time I document my work on migrating the roles and cookbooks from my existing install on CentOS 5.3.

Additional notes:

I update my servers as part of the install, but found out that the couchdb that was with the Karmic on release would not start (local mirror was out of date). This was fixed by running

apt-get update
apt-get upgrade -y

I forgot to enable the chef virtual host at first and when I pulled up the URL in my browser got the following error: “SSL received a record that exceeded the maximum permissible length.”. Enabling the site and restarting apache fixed that right up.

Ref:

http://wiki.opscode.com/display/chef/Package+Installation+on+Debian+and+Ubuntu

http://wiki.opscode.com/display/chef/How+to+Proxy+Chef+Server+with+Apache

One thought on “Ubuntu 9.10 karmic and Chef”

Leave a Reply

Your email address will not be published. Required fields are marked *