Chef is a configuration management tool developed by Opscode. You can use Chef to contextualize virtual machines started via Phantom. While you can use Hosted Chef with Phantom, you might want to use your own Chef server to avoid any of the restrictions of Hosted Chef (Hosted Chef is free for up to five nodes). For this purpose, we make available a Chef Server appliance that you can deploy with Phantom.
Our Chef Server appliance is available on all FutureGrid Nimbus clouds and on EC2. Chef server is installed and configured at boot time by a user-data script.
To run the Chef Server appliance with Phantom, you need to first create a launch configuration that we will call chef-server. For FutureGrid clouds, select the image Debian-6.0.7-amd64-userdata.gz. On EC2, you can use a Ubuntu 12.04 AMI, for example ami-d9d6a6b0 in the us-east-1 region.
Select the User Data contextualization method and use the following content for the User Data field. Don’t forget to change replace_me! to a more secure password. You can also change my-username to the username of your choice.
#!/bin/bash CHEF_WEBUI_ADMIN_PASSWORD="replace_me!" export DEBIAN_FRONTEND=noninteractive apt-get update > /dev/null apt-get -q -y --force-yes install lsb-release uuid-runtime wget > /dev/null echo "deb http://apt.opscode.com/ `lsb_release -cs`-0.10 main" | tee /etc/apt/sources.list.d/opscode.list mkdir -p /etc/apt/trusted.gpg.d gpg --keyserver keys.gnupg.net --recv-keys 83EF826A gpg --export packages@opscode.com | tee /etc/apt/trusted.gpg.d/opscode-keyring.gpg > /dev/null apt-get update > /dev/null apt-get -q -y --force-yes install opscode-keyring > /dev/null CHEF_AMQP_PASSWORD=`uuidgen` HOSTNAME=`hostname` cat > /tmp/config.dat < /dev/null mkdir -p /.chef cp /etc/chef/validation.pem /etc/chef/webui.pem /.chef knife configure -i --admin-client-key /.chef/webui.pem --validation-client-name chef-validator --validation-key /.chef/validation.pem --user root --defaults -r "" --yes knife client create my-username --config /.chef/knife.rb -d -a -f /tmp/my-username.pem
Enable your selected site and save the launch configuration (see step 1).
Switch to the domains tab and create a domain called chef-server using the launch configuration we just created and a number of VMs of 1. Start the domain and wait until the VM is running. Once it is running, click on it to reveal the details and take note of its hostname (see step 2).
Once the virtual machine is running, you will need to connect to it via SSH to retrieve your Chef Server certificates. Download the user certificate from /tmp/my-username.pem (or a different path if you customized it) and store it in ~/.chef on your local machine. Create ~/.chef/knife.rb with the following content (customize the chef_server_url with your own server’s hostname).
log_level :info log_location STDOUT node_name 'my-username' client_key '~/.chef/my-username.pem' chef_server_url 'http://vm-148-105.uc.futuregrid.org:4000'
You can verify that knife is correctly configured by running a knife command, for instance knife client list. If knife is not installed on your workstation, follow the instructions on the Opscode website.
Also download the file /etc/chef/validation.pem from the Chef Server. You will need it to configure Phantom to use your Chef Server for contextualizing nodes, which is explained in the Phantom documentation.
You can connect to the Chef Server web interface through http://$HOSTNAME:4040. Log in as admin using the password set in CHEF_WEBUI_ADMIN_PASSWORD (see step 3).
Step 1:
Step 2:
Step 3: