March 04, 2014
Here’s how I have setup my laptop running OS X Mavericks (10.9.1) for Chef.
Install VirtualBox 4.x..
Install Vagrant 1.4.1 (or higher).
Set up a sane Ruby 1.9.x environment for Chef cookbook authoring Note: On OS X Mavericks (10.9.x) the system (default) Ruby is 2.x and therefore you may not need to install a Ruby version manager (RVM, rbenv, or chruby).
Open a browser and navigate to http://www.getchef.com/chef/install. Select
OS X in the Operating System drop down. Choose the version number closest to your current OS X version, likely
x86_64 for the architecture. Copy the
curl command from the Quick Install Instructions section and run it.
Once you’ve completed the setup process for your workstation open a command prompt and verify your installation is working.
Create a directory to hold your Chef authentication keys. For example:
If you are using a hosted Chef server the Chef Starter Kit will include your account authentication key, the Chef Server authentication key, and a
knife.rb configuration file for that server. While you can leave your authentication keys in the
chef-repo the starter kit provides, I choose to copy them to my
~/.chef directory as I access multiple chef servers and centralizing the authentiation keys simplifies things.
If you are using a locally hosted open soure Chef Server, contact the administrator for that server to have an account created. Once your account has been created you can generate a new authentication key by following these steps.
Sign into your account on the Chef Server and then
Click on the
edit account link in the upper-right corner of the page
Check the box under Regenerate Private Key and click the Save User button. Note: Regenerating your private key means any previous key will no longer work.
Copy your entire private key to your workstation naming it
your-id.pem and saving it in the
~/.chef directory you created above. If you are setting up more than one workstation, copy the key to those workstations as well.
The administrator for the Chef Server can also proide you with the server’s
validator.pem. Once you have received that file, copy it to your Chef keys directory as well, calling it
Your Chef authentication keys directory should now look similar to this:
Create a directory on your workstation to be the root of all your Chef activities. For example:
The Chef Repository, or chef-repo, provides a structure for all the components of Chef: cookbooks, recipes, templates, attributes, roles, et cetera.
If you are using a hosted Chef Server, the same starter kit mentioned above will include a
chef-repo for your use. Copy it to your newly created project directory.
To create a
chef-repo yourself follow these steps:
Note: On OS X you may need to run
brew install wget to add that utility to your system.
knife is the Chef command line tool. It is an API-client that is used to communicate with the Chef Server, and also to perform some activities on your workstation. knife is included with Chef and was installed when you added Chef to your workstation.
If you are working from a stater kit you already have a completed
knife.rb file and can skip ahead to “Testing your knife.rb configuration”.
.chef directory in your chef-repo.
Using your favorite editor create a new file,
knife.rb in the
.chef directory. The file contents should look like this:
knife.rb configuration file in place you should be able to view the clients known to the your Chef Server.
Which should produce a list of all the nodes bootstrapped to that Chef Server.
Chef cookbooks can and do have dependencies on other cookbooks. Berkshelf manages those dependencies in much the same way Gem dependencies are managed by
bundler for Ruby. In order to use Berkshelf to deploy to our production Chef Server you will need to configure it. Run the following command to create a default Berkshelf configuration:
You will be prompted to provide several pieces of information.
The result of this configuration will be a
config.json file stored at
You can edit your
config.json to add the additional information shown in the example above. (The initial file will be compressed into a single line, you will have to had line breaks to achieve the format shown above.)
For more information on Berkshelf, visit [http://berkshelf.com]
I use Berkshelf to create cookbooks as it manages cookbook dependencies automatically. This is especially useful when uploading cookbooks to a Chef Server.
Create a new cookbook like so:
knife command, through its configuration, will put new cookbooks it creates in the
cookbooks directory of the parent
chef-repo where it is run, the
berks cookbook command will create the new cookbook in the directory that currently has focus. Therefore it is suggested that you change your working path to be
~/Projects/chef-repo/cookbooks before issuing the
berks cookbook command.
When you created the chef-repo directory it came with a
.gitignore file. While the chef-repo could be turned into a Git repository I choose not to do this. Each cookbook I create is its own Git repository, and nesting Git repositories is cumbersome. Through use of the
Berksfile included with each cookbook created via
berks cookbook it is possible to reference cookbooks outside of the immediate context; cookbooks from Github and other locations on your workstation..
Berkshelf will look in the current working directory for a
.berkshelf/config.json file so I have leveraged this to work with multiple Chef Servers. Currently I have three Chef Servers that I work with.
Here is a very high-level overview of how to manage multiple Chef Servers via Berkshelf.
For each Chef Server you will have a pair of keys, your
*.pem file and the Chef
validator.pem file. Place your
pem file and the
validator.pem for that server in your
~/.chef directory. Be careful to name the files differently for each server so as not to overlay existing
Edit the two new
knife.rb files and fill in the correct
pem file names.
berks configure command once for each additional Chef Server, filling in the appropriate values. After each
berks configure command rename the resulting
config.json file appropriately. Afterwards your
~/.berkshelf directory will look similar to:
Berkshelf looks for a
.berkshelf/config.json in the current working directory. We can use this fact to setup each chef repo with its own berkshelf config. Copy the files created above (
The added complexity of managing multiple sets of knife and Berkshelf configurations, multiple sets of pem files, and multiple chef-repo, there is the possibility of inadvertently working against the wrong server. Caution should be exercised.
If you’ve successfully gotten this far you should now have configured your workstation to work with one or more Chef Servers. You should have knife and Berkshelf configurations for each Chef server, and you should have a working space for each server with a chef-repo to organize your work.