Brining a chef-server into the fold

eciramella · January 6, 2017, 9:17pm

Hi all -

I’m able to install chef server via these instructions:

https://docs.chef.io/install_server.html

(I have my org and user pems in hand)

However - I’d prefer if my chef-server was managed via chef. Now that I have my chef server in hand, how do I get this registered with itself?

I’ve tried a variety of bootstrap commands to no avail.

Any suggestions or general places people trip-up?

aleksey_hariton · January 9, 2017, 8:11am

Hi,

had same question some time ago

It depends on why you want to manage chef server by Chef, because chef-server-ctl reconfigure uses chef-zero for server configuring and recipes are not convergent, they idempotent (Chef doing changes each run).

My proposal, don’t be dependent on Chef server, act like you can lost it any time. Keep your cookbooks and environments in Git and/or Supermarket, make backups of following files:

/etc/opscode/*
/var/opt/opscode/nginx/ca/*

With this files you can start new chef server with same configs, secrets, etc. so integration with application (Analytics, Supermarket etc.) will be kept.

With pivotal.pem and cheffish (https://github.com/chef/cheffish) resources you can manage organizations, users, keys etc. on your server.

eciramella · January 16, 2017, 7:04pm

Yes - kind of…

There will be nothing in my chef server that jenkins didn’t put there. That means, everything starts from github somewhere.

I still want the chef server to manage itself when it comes to applying cookbook changes to itself.

aleksey_hariton · January 17, 2017, 7:32am

Then Cheffish is the thing you need, small example for you to start (I prefer to use organizations instead of environments):

Chef::Config[:chef_server_administrators] - array of usernames to add as admins in ORG.
provisioner - user for chef-provisioning resources

# Chef server config
chef_server = {
  :chef_server_url => Chef::Config[:pivotal_chef_server_url],
  :options => {
    :signing_key_filename => Chef::Config[:pivotal_key], # Absolute path to `pivotal` key
    :client_name => 'pivotal'
  }
}

# List of Chef Server Organization
administrators = ['provisioner'].concat(Chef::Config[:chef_server_administrators] || [])

# Chef organization
# more - https://docs.chef.io/resource_chef_organization.html
chef_organization org_name do
  full_name org_name
  members administrators
  chef_server chef_server
  action :create
end

# ACLs for admin users
# more - https://docs.chef.io/resource_chef_acl.html
chef_acl 'grant admin rights for server administrators, #1 groups' do
  path "/organizations/#{org_name}/groups/*/"
  rights :all, :users => administrators
  chef_server chef_server
  action :create
end

chef_acl 'grant admin rights for server administrators, #4 containers clients' do
  path "/organizations/#{org_name}/containers/clients/"
  rights :all, :users => administrators
  chef_server chef_server
  action :create
end

aleksey_hariton · January 17, 2017, 7:32am

pivotal.pem you can find in /etc/opscode/

Topic		Replies	Views
How to manage the configuration of chef server? Chef Infra (archive)	4	429	January 29, 2015
Run recipe from Chef Client/Node Chef Infra (archive)	2	18258	August 16, 2016
GIT to manage cookbooks Chef Infra (archive)	5	2790	December 8, 2016
Getting Started Chef Infra (archive)	5	465	January 16, 2019
Genuinely automatic install of chef server Chef Infra (archive)	6	324	October 12, 2011

Brining a chef-server into the fold

Related topics