Wednesday, October 7, 2015

Chef Setup for Nutanix on Acropolis

In addition to using Ansible to help configure VMs on Acropolis, Chef is another popular option that allows anyone using it to quickly set their desired state of a given host. In the Chef nomenclature, a Chef server keeps a content library of configurations, ‘cookbooks’ that can be written personally in Ruby or downloaded from any shared sources including Chef’s or Github. A cookbook contains one or more ‘recipes’ which can range from installing packages, copying files, customizing files based on a template, or even running arbitrary blocks of ruby code on any node with the ‘chef-client’ receiving a ‘run_list’ of one or more cookbook recipes to execute. A group of cookbook recipes can also be organized deterministically into a ‘role’ so that by associating a node with a role will in effect associate all of that role’s recipes that may come from a group of unrelated or interdependent recipes.

To begin working with Chef on Nutanix, you’ll need at least one OS template of your choice.  While recipes may have multiple supported OS options embedded within them, some may only be for Ubuntu or CentOS or Windows as they may rely specifically on a single OS package manager like apt or yum.

  1. Now that NOS 4.5 is GA, instead of uploading an ISO via sftp, you can use the Image Configuration Service.
  2. Using the gear icon in the upper-right, select Image Configuration.

  3. Give the image a name and select ISO. From the Upload button, select your local ISO image to download or the public URL if accessible from your Nutanix cluster.
  4. Now when you create your base VM, you can choose the ISO and clone from the Image service.
  5. From the HTML5 console, install your base VM as you normally would.

The rest of the examples assume you have an Ubuntu 14.04 base template in a single server configuration. You could also install Chef server with RHEL as well as in an HA configuration, directions straight from the Chef source here.  With NOS 4.5, you also have built-in HA restart capability for any VMs deployed on AHV. Feel free to customize the chef admin user and organization to your preference below.

  1. Clone from your Ubuntu14.04 template and make sure you have a unique IP and hostname.
  2. You can run the following set of commands as root, or use sudo with your admin user.
  3. apt-get update
  4. Wget
  5. Dpkg –I chef-server-core_12.2.0-1_amd6.deb
  6. Chef-server-ctl reconfigure
  7. chef-server-ctl user-create chefadmin chef admin chefadmin@nutanixdc.local password --filename chefadmin.pem
  8. chef-server-ctl org-create nutanix "test Nutanix cluster" --association_user chefadmin --filename nutanix-validator.pem

These additional packages are optional but very useful as you learn more about using Chef in your environment. The Chef web management console allows you to view your nodes, reports and policies from a web GUI. The Chef push jobs server allows jobs to be issued from the server to nodes instead of having to run the ‘chef-client’ from each node to pull a new configuration down. This feature is more akin to using Ansible to issue playbooks against sets of servers. Chef sync allows you to replicate all of your cookbooks, roles, metadata, and databags across different sites if you are running Chef actively across multiple sites. Finally the reporting package allows you to have the ‘chef-client’ run logs available in your management console where you can see where configuration may be failing or even if successful, quickly determine which nodes were recently updated and with what.
  1. Chef-server-ctl install opscode-manage
  2. Chef-server-ctl reconfigure
  3. Opscode-manage-ctl reconfigure
  4. Chef-server-ctl install opscode-push-jobs-server
  5. Chef-server-ctl reconfigure
  6. Opscode-push-jobs-server-ctl reconfigure
  7. Chef-server-ctl install chef-sync
  8. Chef-server-ctl reconfigure
  9. Chef-sync-ctl reconfigure
  10. Chef-server-ctl install opscode-reporting
  11. Chef-server-ctl reconfigure
  12. Opscode-reporting-ctl reconfigure
  13. Add the chefserver A record to DNS. You will want the FQDN of the chefserver resolvable from all client nodes.
  14. If you login to the web interface as your chef admin user, you should now be able to see a dashboard of your Chef deployment.

In addition to the web management console, you can use ‘knife’ from the command line either from the Chef server or from a separate client.
  1. Install the chef client: apt-get install chef
  2. Set up the initial communication configuration to point to your Chef server: knife configure
    • Where should I put the config file: /root/.chef/knife.rb
    • Please enter the Chef server URL (make sure to enter the organization you created when you first installed the Chef server): https://chefserver.nutanixdc.local:443/organizations/nutanix
    • Please enter an existing username for the API: chefadmin
    • Please enter the validation clientname: Nutanix-validator
    • Enter the location of the validation key: /root/.chef/Nutanix-validator.pem
  3. Make sure your chefadmin.pem and Nutanix-validator.pem are in your ~/.chef directory for the user running knife.
  4. If you start getting errors or can’t connect to your server to run any knife commands, check the paths of your .pem files. Also you will want to check Google or stackoverflow for issues you may run into. For example, if your hostname has changed, you will definitely want to know how to regenerate the Chef certificates here:
  5. If you are using self-signed certificates, you’ll need to ‘trust’ your certificates as certificate-based authentication is now mandatory for all chef communication between client and server: knife ssl fetch
  6. Now run a basic command to verify you can communicate successfully with the chef server: knife client list
Now we need to get a VM prepared with the chef-client and registered as a node to deploy configurations to it.
  1. From the Chef server, we can run the knife bootstrap command to initialize the node and add it to Chef's host inventory: knife bootstrap hostname_or_ip -x username -P password
  2. You can add an optional argument to the bootstrap command if you're not using root: --sudo 
  3. You can also add an initial run-list of recipes or roles with the optional argument (more optional details here): --run-list recipe[nginx]
From here, it is not just useful but mandatory to understand git as this is how you’ll be writing and understanding others’ cookbooks. An easy way to store your cookbooks is to create a free account on and redirect the default chef-repo to your own repo under your account name. Also you'll want to be relatively knowledgeable about Ruby as this is the lingua franca of Chef. As a quick example, we can deploy an nginx server onto our sample VM.
  1. apt-get install git –y
  2. git clone
  3. git remote rm origin
  4. git remote add origin
  5. git commit –m “first”
  6. git push –u origin master
  7. cd ~/chef-repo/cookbooks
  8. knife cookbook site install nginx
  9. knife node run_list add node_name recipe[nginx]
  10. On the client node, you'll want to run as root: chef-client
  11. You should now have nginx running on that host and you can browse other cookbooks to apply to your hosts via the Chef supermarket or, of course, via Google or Github.

Additional links:

No comments:

Post a Comment