Last active
December 11, 2015 23:18
-
-
Save thomasmassmann/4675413 to your computer and use it in GitHub Desktop.
Install a chef server on debian with fabric.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| upstream chef_server { | |
| server 127.0.0.1:4000 fail_timeout=0; | |
| } | |
| upstream chef_server_webui { | |
| server 127.0.0.1:4040 fail_timeout=0; | |
| } | |
| server { | |
| listen 443 default ssl; | |
| ssl_certificate /etc/chef/certificates/chef-api.crt; | |
| ssl_certificate_key /etc/chef/certificates/chef-api.key; | |
| server_name %(chef_api)s.%(domain)s; | |
| access_log /var/log/nginx/chef-server.access.log; | |
| error_log /var/log/nginx/chef-server.error.log warn; | |
| root /opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-server-webui-10.12.0/public; | |
| location @chef_server { | |
| proxy_set_header X-Forwarded-Proto https; | |
| proxy_set_header Host $http_host; | |
| proxy_pass http://chef_server; | |
| } | |
| location / { | |
| try_files $uri @chef_server; | |
| } | |
| } | |
| server { | |
| listen 80; | |
| server_name %(chef_api)s.%(domain)s; | |
| access_log /var/log/nginx/chef-server.access.log; | |
| error_log /var/log/nginx/chef-server.error.log warn; | |
| rewrite ^(.+)$ https://%(chef_api)s.%(domain)s$1 permanent; | |
| } | |
| server { | |
| listen 443; | |
| ssl_certificate /etc/chef/certificates/chef.crt; | |
| ssl_certificate_key /etc/chef/certificates/chef.key; | |
| server_name %(chef)s.%(domain)s; | |
| access_log /var/log/nginx/chef-server.access.log; | |
| error_log /var/log/nginx/chef-server.error.log warn; | |
| root /opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-server-webui-10.12.0/public; | |
| location @chef_server_webui { | |
| proxy_set_header X-Forwarded-Proto https; | |
| proxy_set_header Host $http_host; | |
| proxy_pass http://chef_server_webui; | |
| } | |
| location ~ ^.+\.css$ { | |
| expires 120h; | |
| try_files $uri @chef_server_webui; | |
| } | |
| location ~ ^.+\.js$ { | |
| expires 24h; | |
| try_files $uri @chef_server_webui; | |
| } | |
| location / { | |
| try_files $uri @chef_server_webui; | |
| } | |
| } | |
| server { | |
| listen 80; | |
| server_name %(chef)s.%(domain)s; | |
| access_log /var/log/nginx/chef-server.access.log; | |
| error_log /var/log/nginx/chef-server.error.log warn; | |
| rewrite ^(.+)$ https://%(chef)s.%(domain)s$1 permanent; | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """Fabric script that installs a chef server.""" | |
| # -*- coding: utf-8 -*- | |
| from fabric import api, contrib, operations | |
| DEPENDENCIES = ['sudo', 'vim'] | |
| DEPENDENCIES_CHEF = ['opscode-keyring', 'chef', 'chef-server'] | |
| api.env.chef_api_prefix = 'chef-api' | |
| api.env.chef_prefix = 'chef' | |
| api.env.domain = 'yourdomain.com' | |
| def bootstrap(): | |
| """Bootstrap a chef server.""" | |
| api.sudo('aptitude update') | |
| api.sudo('aptitude install -y lsb-release') | |
| api.sudo('echo "deb http://apt.opscode.com/ `lsb_release -cs`-0.10 main" ' | |
| '| sudo tee /etc/apt/sources.list.d/opscode.list') | |
| api.sudo('mkdir -p /etc/apt/trusted.gpg.d') | |
| api.sudo('gpg --keyserver keys.gnupg.net --recv-keys 83EF826A') | |
| api.sudo('gpg --export [email protected] | sudo tee ' | |
| '/etc/apt/trusted.gpg.d/opscode-keyring.gpg > /dev/null') | |
| api.sudo('aptitude update') | |
| def install_chef(): | |
| """Install the chef server. | |
| You will be asked for a chef server url, a rabbit mq password and | |
| a default password for the chef web ui. | |
| """ | |
| api.sudo('aptitude install -y %s' % ' '.join(DEPENDENCIES)) | |
| api.sudo('aptitude install -y %s' % ' '.join(DEPENDENCIES_CHEF)) | |
| def install_nginx(): | |
| """Install a nginx webserver.""" | |
| api.sudo('aptitude install -y nginx') | |
| api.sudo('/etc/init.d/nginx start') | |
| update_nginx() | |
| def update_nginx(): | |
| """Update the nginx configuration.""" | |
| dest = '/etc/nginx/sites-available/chef.conf' | |
| context = { | |
| 'chef': api.env.chef_prefix, | |
| 'chef_api': api.env.chef_api_prefix, | |
| 'domain': api.env.domain | |
| } | |
| contrib.files.upload_template('chef.conf', dest, context=context, | |
| use_sudo=True) | |
| with api.cd('/etc/chef/certificates'): | |
| operations.put('chef-api.crt', 'chef-api.crt', use_sudo=True) | |
| operations.put('chef-api.key', 'chef-api.key', use_sudo=True) | |
| operations.put('chef.crt', 'chef.crt', use_sudo=True) | |
| operations.put('chef.key', 'chef.key', use_sudo=True) | |
| api.sudo('chown root:root /etc/nginx/sites-available/chef.conf') | |
| if api.sudo('test -f /etc/nginx/sites-enabled/chef.conf', | |
| warn_only=True).failed: | |
| api.sudo('ln -s /etc/nginx/sites-available/chef.conf ' | |
| '/etc/nginx/sites-enabled/chef.conf') | |
| if api.sudo('nginx -t', warn_only=True).succeeded: | |
| api.sudo('/etc/init.d/nginx restart') | |
| def get_validator(): | |
| """Download the chef validator key.""" | |
| api.sudo('cp /etc/chef/validation.pem /tmp/chef-validator.pem') | |
| api.sudo('chown %s /tmp/chef-validator.pem' % api.env.user) | |
| operations.get('/tmp/chef-validator.pem', 'chef-validator.pem') | |
| api.sudo('rm /tmp/chef-validator.pem') | |
| def deploy(): | |
| """Deploy a chef server.""" | |
| bootstrap() | |
| install_chef() | |
| install_nginx() | |
| get_validator() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The ssl certificate files (
chef-api.crt,chef-api.key,chef.crt,chef.key) must be available in the working directory.Change the environment variables according to your setup. The default would generate a nginx config for: