Brining a chef-server into the fold


#1

Hi all -

I’m able to install chef server via these instructions:

https://docs.chef.io/install_server.html

(I have my org and user pems in hand)

However - I’d prefer if my chef-server was managed via chef. Now that I have my chef server in hand, how do I get this registered with itself?

I’ve tried a variety of bootstrap commands to no avail.

Any suggestions or general places people trip-up?


#2

Hi,

had same question some time ago :slight_smile:

It depends on why you want to manage chef server by Chef, because chef-server-ctl reconfigure uses chef-zero for server configuring and recipes are not convergent, they idempotent (Chef doing changes each run).

My proposal, don’t be dependent on Chef server, act like you can lost it any time. Keep your cookbooks and environments in Git and/or Supermarket, make backups of following files:

/etc/opscode/*
/var/opt/opscode/nginx/ca/*

With this files you can start new chef server with same configs, secrets, etc. so integration with application (Analytics, Supermarket etc.) will be kept.

With pivotal.pem and cheffish (https://github.com/chef/cheffish) resources you can manage organizations, users, keys etc. on your server.


#3

Yes - kind of…

There will be nothing in my chef server that jenkins didn’t put there. That means, everything starts from github somewhere.

I still want the chef server to manage itself when it comes to applying cookbook changes to itself.


#4

Then Cheffish is the thing you need, small example for you to start (I prefer to use organizations instead of environments):

Chef::Config[:chef_server_administrators] - array of usernames to add as admins in ORG.
provisioner - user for chef-provisioning resources

# Chef server config
chef_server = {
  :chef_server_url => Chef::Config[:pivotal_chef_server_url],
  :options => {
    :signing_key_filename => Chef::Config[:pivotal_key], # Absolute path to `pivotal` key
    :client_name => 'pivotal'
  }
}

# List of Chef Server Organization
administrators = ['provisioner'].concat(Chef::Config[:chef_server_administrators] || [])

# Chef organization
# more - https://docs.chef.io/resource_chef_organization.html
chef_organization org_name do
  full_name org_name
  members administrators
  chef_server chef_server
  action :create
end

# ACLs for admin users
# more - https://docs.chef.io/resource_chef_acl.html
chef_acl 'grant admin rights for server administrators, #1 groups' do
  path "/organizations/#{org_name}/groups/*/"
  rights :all, :users => administrators
  chef_server chef_server
  action :create
end

chef_acl 'grant admin rights for server administrators, #4 containers clients' do
  path "/organizations/#{org_name}/containers/clients/"
  rights :all, :users => administrators
  chef_server chef_server
  action :create
end

#5

pivotal.pem you can find in /etc/opscode/