(Last Updated On: November 28, 2018)

In this guide, we will cover the installation and configuration of Chef Automation server on Ubuntu 18.04 Bionic Beaver.  Chef is the leading Open source, complete, continuous automation solution for both infrastructure and applications that take you all the way from development to production. Chef, the company, is the founder of the DevOps movement and has done massive work to produce the following automation engines:

  1. Chef – For Infrastructure Automation
  2. Habitat – Application automation
  3. INSPEC – Compliance Automation

Chef is a powerful automation solution designed to help you transform your infrastructure into a code. The Infrastructure can be on-premise, Cloud, or a hybrid environment. With Chef, you automate how the infrastructure is configured, deployed, and managed.

Chef server acts as a central repository for your cookbooks as well as for information about every node it manages. Follow our steps below to have a working Chef Server on your Ubuntu 18.04 Server.

Step 1: Update system and set hostname

Ensure all system packages are updated

sudo apt update
sudo apt install curl wget

Set server hostname

sudo hostnamectl set-hostname chef-server.example.com

If you have an active DNS server, set the A record accordingly. For installations without DNSserver, set the record on /etc/hosts file

192.168.18.39 chef-server.example.com

Step 2: Set AppArmor to Complaining or disabled mode

On Ubuntu 18.04. AppArmor is enabled in enforcing mode by default. Chef does not have a profile for running AppArmor so you’ve to set it to the Complaining mode or disabled.

Check if AppArmor is enabled:

$ sudo apparmor_status
apparmor module is loaded.
16 profiles are loaded.
16 profiles are in enforce mode.
   /sbin/dhclient
   /usr/bin/lxc-start
   /usr/bin/man
   /usr/lib/NetworkManager/nm-dhcp-client.action
   /usr/lib/NetworkManager/nm-dhcp-helper
   /usr/lib/connman/scripts/dhclient-script
   /usr/lib/snapd/snap-confine
   /usr/lib/snapd/snap-confine//mount-namespace-capture-helper
   /usr/sbin/haveged
   /usr/sbin/tcpdump
   lxc-container-default
   lxc-container-default-cgns
   lxc-container-default-with-mounting
   lxc-container-default-with-nesting
   man_filter
   man_groff
0 profiles are in complain mode.
1 processes have profiles defined.
1 processes are in enforce mode.
   /usr/sbin/haveged (802) 
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.

If the response is not “0 processes are in enforce mode” or “0 profiles are in enforce mode.”, set it to Complaining or disabled mode

To set AppArmor to Complaining mode, run:

sudo aa-complain /etc/apparmor.d/*

To disable AppArmor entirely, run:

sudo invoke-rc.d apparmor kill
sudo update-rc.d -f apparmor remove

Recheck the status:

sudo apparmor_status

Step 3: Configure Local Mail Relay

The Chef server uses email to send notifications for various events:

  • Password resets
  • User invitations
  • Failover notifications
  • Failed job notifications

Configure a local mail transfer agent on the Chef server using the guide:

How to install and configure Postfix as a Send-Only SMTP Server on Ubuntu 18.04 LTS

Step 4: Configure NTP

The Chef server is particularly sensitive to clock drift and it requires that the systems on which it is running be connected to Network Time Protocol (NTP).

Install ntp on Ubuntu 18.04

sudo apt install ntp

You can optionally edit /etc/ntp.conf to add NTP servers close to you

To restrict access to NTP server, e.g from your Chef client nodes, set like below

restrict 192.168.18.0 mask 255.255.255.0 nomodify notrap

Restart ntp service after making the change

sudo systemctl restart ntp

If you have UFW firewall enabled, don’t forget to allow ntp port

sudo ufw allow ntp

Show ntp status

sudo ntpq -p

On Chef clients, install ntp and set NTP server to Chef server IP address

sudo apt install ntp
sudo vim /etc/ntp.conf

Uncomment NTP pool server lines and specify Chef server IP address

#pool 0.ubuntu.pool.ntp.org iburst
#pool 1.ubuntu.pool.ntp.org iburst
#pool 2.ubuntu.pool.ntp.org iburst
#pool 3.ubuntu.pool.ntp.org iburst

server  192.168.18.39

Step 5: Download and install Chef server package

First, check the latest version of Chef server from Chef Downloads page

As of this writing, the recent release is version 12.18.14. This is the package we will download and install

VERSION="12.18.14"
wget https://packages.chef.io/files/stable/chef-server/${VERSION}/ubuntu/18.04/chef-server-core_${VERSION}-1_amd64.deb

Once the download is complete, install the package using dpkg command

sudo dpkg -i chef-server-core_${VERSION}-1_amd64.deb

Sample status

$ sudo dpkg -i chef-server-core_${VERSION}-1_amd64.deb
Selecting previously unselected package chef-server-core.
(Reading database ... 105387 files and directories currently installed.)
Preparing to unpack chef-server-core_12.18.14-1_amd64.deb ...
Unpacking chef-server-core (12.18.14-1) ...
Setting up chef-server-core (12.18.14-1) ...

Wait for the installation to complete then configure Chef Server

sudo chef-server-ctl reconfigure

This step may take a few minutes to complete since many services are configured.

Create an administrator account

The format is:

sudo chef-server-ctl user-create USER_NAME FIRST_NAME LAST_NAME EMAIL 'PASSWORD' --filename FILE_NAME
  • An RSA private key is generated automatically.
  • This is the user’s private key and should be saved to a safe location.
  • The option--filename will save the RSA private key to the specified absolute path.

Example:

sudo chef-server-ctl user-create chefadmin Chef Admin \
[email protected] 'StrongPassword' \
--filename /home/chefadmin.pem

Also, create an organization. The syntax is:

sudo chef-server-ctl org-create short_name 'full_organization_name' --association_user user_name --filename ORGANIZATION-validator.pem
  • The name must begin with a lower-case letter or digit,
  • The full name must begin with a non-white space character
  • The --association_user option will associate the user_name with the admins security group on the Chef server.
  • An RSA private key is generated automatically. This is the chef-validator key and should be saved to a safe location.
  • The --filename option will save the RSA private key to the specified absolute path.

See example below

chef-server-ctl org-create mycompany 'Company X, Inc.' \
--association_user chefadmin \
--filename /home/mycompany-validator.pem

Generated keys should be available on /home directory

# ls /home/
chefadmin.pem  mycompany-validator.pem

Install Chef Manage

Chef Manage is a premium add-on that provides a graphical user interface for managing common Chef server tasks. It’s free for up to 25 nodes.

Let’s install the management console

sudo chef-server-ctl install chef-manage 
sudo chef-server-ctl reconfigure 
sudo chef-manage-ctl reconfigure

You can also install Chef Manage from a .deb package

VER="2.5.16"
wget https://packages.chef.io/files/stable/chef-manage/${VER}/ubuntu/16.04/chef-manage_${VER}-1_amd64.deb
sudo dpkg -i chef-manage_${VER}-1_amd64.deb
sudo chef-manage-ctl reconfigure

All Chef Server services will run under the username/group opscode. The username for PostgreSQL is opscode-pgsql. Additional packages can be installed from https://packages.chef.io/

If you wish to use or already using UFW firewall, open ports 80 & 443 by running the commands below

sudo ufw allow proto tcp from any to any port 80,443

You should be able to access the Chef web admin dashboard on https://serverip/login

Login with username added earlier. A fresh Chef dashboard should be similar to below

Step 6: Install Chef Development Kit on your Workstation machine

Chef Workstation is where you have Chef development Kit installed. It contains all the tools you need to develop and test your infrastructure, built by the awesome Chef community. Install Chef Development Kit / Workstation using the guides below:

How to install Chef Development Kit / Workstation on Ubuntu 18.04

For Arch Linux users, use:

How to install Chef Development Kit on Arch Linux

Step 7: Configure knife on Chef Workstation

Knife is the command-line tool that provides an interface between your workstation and the Chef server.  Next read:

How to configure Chef Knife, Upload Cookbooks and Run a recipe on Chef Client Nodes