Skip to content

Instantly share code, notes, and snippets.

@clarkdave

clarkdave/bootstrap-chef-server-12.sh

Last active June 29, 2017 20:07
Show Gist options
  • Save clarkdave/bf27d411c0e2adfd32d55a99566526a2 to your computer and use it in GitHub Desktop.
Save clarkdave/bf27d411c0e2adfd32d55a99566526a2 to your computer and use it in GitHub Desktop.
Download ZIP
[CHEF] Bootstrap a Chef Server 12
Raw
bootstrap-chef-server-12.sh
#!/bin/bash -ex
# Use this script template to bootstrap a Chef Server (version 12)
#
# - bootstraps the Chef server using chef-solo and the official chef-server cookbook
# (https://github.com/chef-cookbooks/chef-server)
# - uses Lego (acme client) to generate and renew an SSL certificate for the server
# - installs the manage (web ui), push jobs and reporting addons (free for < 25 nodes)
# - configures a few sane defaults (no sign ups from web ui)
#
# Once bootstrapped, you'll need set up users & organisations, or restore from a backup. See:
# https://docs.chef.io/install_server.html#standalone
#
# This has been tested on Ubuntu 16.04, but doesn't rely on anything specific except bash. The
# chef-server cookbook itself supports RHEL 6+ and Ubuntu 14.04+
#
# It's required that this server already has a valid hostname and fqdn, e.g.
#
# echo "my-chef-server" > /etc/hostname
# hostname -F /etc/hostname
# echo "$(hostname -I) $(hostname)" >> /etc/hosts
#
email="[email protected]"
fqdn="chef.example.com"
# install lego (acme client)
wget -qO- https://github.com/xenolf/lego/releases/download/v0.3.1/lego_linux_amd64.tar.xz | tar xvJC
mv lego/lego /usr/local/bin
# get certificates
mkdir /etc/lego
if [ ! -e "/etc/lego/certificates/$fqdn.crt" ]; then
lego \
--email="$email" \
--domains="$fqdn" \
--accept-tos \
--path=/etc/lego \
run
fi
# renew weekly
cat > /etc/cron.weekly/lego <<-SCRIPT
#!/bin/bash -ex
chef-server-ctl stop nginx
lego --email="$email" --domains="$fqdn" --accept-tos --path=/etc/lego renew
chef-server-ctl start nginx
SCRIPT
chmod +x /etc/cron.weekly/lego
# install chef-solo
curl -L https://www.chef.io/chef/install.sh | bash
mkdir -p /var/chef/cache /var/chef/cookbooks
# download chef-server cookbook and its dependencies
chef_cookbook() {
wget -qO- "http://supermarket.chef.io/cookbooks/$1/versions/$2/download" \
| tar xvzC /var/chef/cookbooks
}
chef_cookbook system 0.11.2
chef_cookbook chef-server 5.4.0
chef_cookbook chef-ingredient 1.1.0 # chef-server requires < 2.0 of chef-ingredient
chef_cookbook yum-chef 3.0.2
chef_cookbook yum 5.0.1
chef_cookbook apt-chef 2.0.1
chef_cookbook apt 6.1.2
chef_cookbook packagecloud 0.3.0
chef_cookbook compat_resource 12.19.0
chef_cookbook cron 4.1.3
chef_cookbook hostsfile 2.4.5
cat > configuration.rb <<-RUBY
notification_email '$email'
nginx['non_ssl_port'] = false
nginx['ssl_certificate'] = '/etc/lego/certificates/$fqdn.crt'
nginx['ssl_certificate_key'] = '/etc/lego/certificates/$fqdn.key'
RUBY
# set server configuration
cat > dna.json <<-JSON
{
"system": {
"enable_cron": true
},
"chef-server": {
"api_fqdn": "$fqdn",
"accept_license": true,
"addons": {
"manage": "2.5.4",
"push-jobs-server": "2.2.1",
"reporting": "1.7.3"
},
"configuration": "$(sed -E ':a;N;$!ba;s/\r{0,1}\n/\\n/g' configuration.rb)"
}
}
JSON
# install chef-server
chef-solo \
--json-attributes dna.json \
--override-runlist 'recipe[system::default],recipe[chef-server::default],recipe[chef-server::addons]'
# configure chef-manage
cat > /etc/chef-manage/manage.rb <<-RUBY
disable_sign_up true
org_creation_enabled false
email_from_address 'Chef Notifications <$email>'
RUBY
chef-manage-ctl reconfigure
# now, if needed, create a user and organisation, or restore from a backup
# https://docs.chef.io/install_server.html#standalone
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment