在机架空间上使用jclouds-chef安装厨师客户端

Question

I am running into a problem trying to automate everything. I was trying to create few brand new servers on rackspace

1. Node 1 - Chef Server installed.
2. Node 2 - Chef Client
3. Node 3 - Chef Client and was able to install chef-server on node 1 and was trying to install chef client on other nodes using jclouds-chef api. I am running the code from my local machine and connecting to rackspace.

Q1 . How do I get knife tool configured on Node 1 remotely with out interactive our with interactive. Is there any way to do it using the jclouds ?

Q2 . How do I get the client.pem file and validation. pem file which are not available on my local machine when i try to use the above example to configure the nodes with chef client.

Q3 . How do I get client.pem created using a script or do it remotely ?

Any help will be appreciated.

Answer 1

The tricky part here is installing the Chef Server. The Chef API does not provide a way to get the private key for the clients; it allows you to regenerate and download it, but in the first instance you need to have a valid one to perform that call to the API.

The easiest approach is to generate a key pair locally, and then use it to configure the client and validator in the Chef Server and configure the client nodes with them too. This involves a tricky step by storing the private key in the internal Chef Server database (it uses Postgres), but this has worked fine for me.

This could be a script to install and configure a Chef Server, and override the keys for the default client and validator with a known ones.

First of all, generate the key pairs locally. This can be done programmatically, or with the following commands:

# Generate the keys for the client and the validator
ssh-keygen -t rsa -N "" -f client.pem      # This creates the client.pem and client.pem.pub
ssh-keygen -t rsa -N "" -f validator.pem   # This creates the validator.pem and validator.pem.pub

Once the keys have been generated, you can use the following script to install and configure the Chef Server.

# Install the Chef Server (assumes an Ubuntu operating system)
# You can get the URLs for other operating systems at http://www.getchef.com
wget https://opscode-omnibus-packages.s3.amazonaws.com/ubuntu/12.04/x86_64/chef-server_11.0.11-1.ubuntu.12.04_amd64.deb
dpkg -i chef-server_11.0.11-1.ubuntu.12.04_amd64.deb
chef-server-ctl reconfigure

# Install the client public keys in the database
CLIENTKEY=`cat client.pem.pub`
VALIDATORKEY=`cat validator.pem.pub`
/opt/chef-server/embedded/bin/psql -U opscode_chef -c "update clients set public_key = \"$CLIENTKEY\" where name = 'chef-validator'"
/opt/chef-server/embedded/bin/psql -U opscode_chef -c "update clients set public_key = \"$VALIDATORKEY\" where name = 'chef-webui'"

# Override the default keys with the auto-generated ones
cp -f client.pem /etc/chef-server/chef-webui.pem
cp -f validator.pem /etc/chef-server/chef-validator.pem

At this point you will have the Chef Server installed and with the default clients configured with the generated keys.

Having these scripts will help you with the bootstrap process. You may have to upload the generated keys to the node first. You can do it using an ssh client as shown in the jclouds compute guide .

Once you have the node with the Chef server configured, provisioning the client nodes is pretty straightforward with jclouds-chef. You can follow the Chef guide or the procedure described in this stack overflow question .