New chef-client installation


#1

Folks,

I’m creating binary packages to install chef-client on machines in my
organization. I want chef-client installation to be completely isolated
from other components, chef-client update should be done only via binary
packages. Currently I’m doing this in the following way (without couple
of minor details):

  1. Create chroot environment.
  2. Install all dependencies to build ruby and chef
  3. Build ruby using ruby-build
  4. Install chef
  5. Clone chef-client and logrotate cookbooks into chef installation for
    setup during installation
  6. Create binary package

Postinst script does the following:

  1. Creates minimal /etc/chef/client.rb with correct chef_server_url and
    node_name
  2. Creates /etc/chef/validation.pem
  3. Runs chef-client to register with server
  4. Creates config file for chef-solo with cookbook_path pointing to
    local directory with chef-client and logrotate cookbooks
  5. Creates json file for chef-solo with run list containing
    "recipe[chef-client::delete_validation]",
    “recipe[chef-client::config]”, “recipe[chef-client::service]”
  6. Runs chef-solo

After completion I get registered and properly configured chef-client
with empty run list.

I wonder if sequence above is correct way of doing this or something can
be done better. I also wonder why do we have chef-client cookbook and
set of files in lib/ruby/gems/1.9.1/gems/chef-10.16.2/distro, it seems
there is duplication here.

Thanks,
Kirill.


#2

On Wednesday, December 19, 2012 at 1:37 PM, Kirill Timofeev wrote:

Folks,

I’m creating binary packages to install chef-client on machines in my organization. I want chef-client installation to be completely isolated from other components, chef-client update should be done only via binary packages. Currently I’m doing this in the following way (without couple of minor details):

Create chroot environment.
Install all dependencies to build ruby and chef
Build ruby using ruby-build
Install chef
Clone chef-client and logrotate cookbooks into chef installation for setup during installation
Create binary package

Postinst script does the following:

Creates minimal /etc/chef/client.rb with correct chef_server_url and node_name
Creates /etc/chef/validation.pem
Runs chef-client to register with server
Creates config file for chef-solo with cookbook_path pointing to local directory with chef-client and logrotate cookbooks
Creates json file for chef-solo with run list containing “recipe[chef-client::delete_validation]”, “recipe[chef-client::config]”, "recipe[chef-client::service]"
Runs chef-solo

After completion I get registered and properly configured chef-client with empty run list.

You might look at omnibus-chef, which is how Opscode makes the packages here: http://www.opscode.com/chef/install/ (https://github.com/opscode/omnibus-chef). Alternatively, you could probably repackage the official packages with your custom client.rb and validation.pem

I wonder if sequence above is correct way of doing this or something can be done better. I also wonder why do we have chef-client cookbook and set of files in lib/ruby/gems/1.9.1/gems/chef-10.16.2/distro, it seems there is duplication here.
There are several packaging systems with different feature sets that we accommodate. Rubygems, for example, doesn’t have any support for installing manages or running post install scripts, while debian and red hat packages that meet the upstream packaging guidelines need to include these things in the standard locations. Depending on preference and expertise with the various packaging systems/related ecosystems, people tend to prefer different package/install mechanisms.

Beyond just installation, the chef-client cookbook allows people to manage chef with chef (upgrades, changes to client config, etc.).

Thanks,
Kirill.

Daniel DeLeo