install chef server on ubuntu 12.04

followed
http://harish11g.blogspot.com/2013/01/chef-server-installation-amazon-ec2.html

After the step of “sudo apt-get install chef chef-server”
chef-server-webui failed to start
solution is…..
http://stackoverflow.com/questions/10062514/chef-server-will-not-start-starting-chef-server-in-16011-fail
so, I had to manually start the webui, it went through, then stop and restart the service!
sudo /usr/sbin/chef-server-webui
sudo /etc/init.d/chef-server-webui restart
it is strange.

Another issue,
I could not log in to the webui with the password I set up during the “sudo apt-get install chef chef-server” step, I had to recover the root/admin password with solution from below link
tail
http://lists.opscode.com/sympa/arc/chef/2011-08/msg00151.html

curl http://localhost:5984/chef/_design/users/_view/all
curl -X DELETE http://localhost:5984/chef/0d115d13-7664-428a-a4ac-2c5dd7d8874b?rev=1-643d259bac4d77c16dcc7735c91687af

then restart chef-server and chef-server-webui
sudo service chef-server restart
sudo service chef-server-webui restart
sudo more sudo more /etc/chef/webui.rb
the default admin password is in the COMMENT

I think the reason is the password i set up initially was too short, it seems Chef-server-webui refused to accept it and ended up blocking me logging in.

BTW, the “sudo service chef-server-webui restart” does not always work, you have to verify by yourself
ps -ef|grep webui
but…..the “sudo /usr/sbin/chef-server-webui” is good.
Strange.

Now set up the work station, where we manage the cookbooks and work on chef. We assume the user name is “smith”.

first start up a new VM, which will be Smith’s working box.
(this way, we always have a clean installation base)
Now install necessary components for work station – http://wiki.opscode.com/display/chef/Workstation+Setup+for+Debian+and+Ubuntu
However, I’d use part of steps to install chef

echo “deb http://apt.opscode.com/ precise-0.10 main” | sudo tee /etc/apt/sources.list.d/opscode.list
sudo mkdir -p /etc/apt/trusted.gpg.d
gpg –keyserver keys.gnupg.net –recv-keys 83EF826A
gpg –export packages@opscode.com | sudo tee /etc/apt/trusted.gpg.d/opscode-keyring.gpg > /dev/null
sudo apt-get update
sudo apt-get -y install opscode-keyring
sudo apt-get upgrade
sudo apt-get -y install chef

This might install more than what we need? but it is simple and it works.
then install git
sudo apt-get -y install git

if the user “smith” not yet on the linux workstation, create it by
sudo addgroup staff
sudo adduser –home /home/smith –shell /bin/bash smith –ingroup employee
then login with smith or sudo su smith

below is what Smith will need to do to set up his chef work station
clone the chef-repository
git clone git://github.com/opscode/chef-repo.git

create the .chef directory to store the chef key files (the wiki example put keys in ~chef-repo/.chef, however it seems it is better to be in ~.chef directory since that is where knife wants)
mkdir -p ~/.chef

now we need to set up the “client” on chef server – a client represents the entity to communicate with chef-server and run chef commands, it is not necessary there must be one client per user(team member)
We could create a client named “devteam” and as long as the user “smith” has the devteam.pem and validation.pem under his .chef directory, he can run knife.

In our case, we will have a client name “tester”

We can do it through the webui or use command
knife client create tester -n -a -f /tmp/tester.pem
You may need to set the EDITOR variable
export EDITOR=/usr/bin/X11/vi
verify at http://my-chef-server:4040/clients

then on the work station, we download the private key file
scp user-on-chef-server@chef-server:/tmp/tester.pem ~/.chef/

also download the validation.pem from chef-server, which is in directory ~/.chef (in the step 7 when setting up server)
scp devops@server3:~/.chef/validation.pem ~/.chef/

now configure knife
knife configure

Where should I put the config file? [/home/smith/.chef/knife.rb]
Please enter the chef server URL: [http://server4:4000] http://server3:4000
Please enter an existing username or clientname for the API: [devops] tester
Please enter the validation clientname: [chef-validator]
Please enter the location of the validation key: [/etc/chef/validation.pem] ~/.chef/validation.pem
Please enter the path to a chef repository (or leave blank): ~/chef-repo

test
knife environment list

now we have git repository and knife installed on Smith’s work station.

Next, Smith will use his chef workstation to create workbook and recipies.

install Oracle java7 on Ubuntu 12.04

wget http://download.oracle.com/otn-pub/java/jdk/7u4-b20/jdk-7u4-linux-i586.tar.gz
tar xvf jdk-7u4-linux-i586.tar.gz
sudo mkdir -p /usr/lib/jvm/jdk1.7.0
sudo mv jdk1.7.0_04/* /usr/lib/jvm/jdk1.7.0/
sudo update-alternatives –install “/usr/bin/java” “java” “/usr/lib/jvm/jdk1.7.0/bin/java” 1
sudo update-alternatives –install “/usr/bin/javac” “javac” “/usr/lib/jvm/jdk1.7.0/bin/javac” 1
sudo update-alternatives –install “/usr/bin/jar” “jar” “/usr/lib/jvm/jdk1.7.0/bin/jar” 1

VM post startup script and heart beat

In last post, I created vagrant base box and use it to start VM to run Ubuntu 12.04 server.
Now I want to hook the VMs with the internal DNS servers, which means
1, VMs should be able to “report” its IP address (I am using DHCP)
2, DNS server should be able to receive VM message and update its bind9 files
3, VM needs to update its ResolvConf head file to have the internal DNS

At VM side, I think it can run a post-startup script to find and report its IP
https://help.ubuntu.com/community/UbuntuBootupHowto#Installing_custom_init-scripts

I found this command will display the host IP (eth0) and VM ip (eth1)
/sbin/ifconfig | grep “inet addr” | grep -v “127.0.0.1” | awk ‘{ print $2 }’ | awk -F: ‘{ print $2 }’

1, sudo apt-get install curl
2, vi ~/post_startup.sh
#!/bin/bash
echo after vm started …
/sbin/ifconfig | grep “inet addr” | grep -v “127.0.0.1” | awk ‘{ print $2 }’ | awk -F: ‘{ print $2 }’ > my.ip
echo done of post-start-up
curl -X POST –data-binary @my.ip http://my-host-address/service/box-is-up
chmod +x post_startup.sh

add to local-rc
sudo cp post_startup.sh /etc/init.d
sudo chmod +x /etc/init.d/post_startup.sh
sudo update-rc.d post_startup.sh defaults 98 02

at the server side, the web app needs to parse the passed body and update the DNS records in two files
db.rocks
and
db.xx.yy (reverse ip)

may add a crontab job to broadcast the my.op periodically as a heartbeat from VM
*/2 * * * * ~/broadcast.sh > /dev/null 2>&1

Also, install Oracle JDK 1.7 and Git on the VM. We can install Java through Chef, but this is much easier by installing on a vagrant VM and create a base box from it or create a custom EC2 image.
Now we are at it, install git too.

create VMs on Ubuntu 12.04 with Vagrant

Now that I have two separate PCs running Ubuntu 12.04 server, I want to start two VMs on each server through Vagrant.

to install vagrant , first need to install Oracle VirtualBox
below is tested working

wget -q http://download.virtualbox.org/virtualbox/debian/oracle_vbox.asc -O- | sudo apt-key add –
sudo -s echo “deb http://download.virtualbox.org/virtualbox/debian precise contrib” >> ~/virtualbox.list
sudo mv ~/virtualbox.list /etc/apt/sources.list.d/
sudo apt-get update
sudo apt-get install linux-headers-$(uname -r)
sudo apt-get purge virtualbox virtualbox-dkms virtualbox-ose-qt virtualbox-qt
sudo apt-get install virtualbox virtualbox-dkms virtualbox-ose-qt virtualbox-qt
install vagrant
wget http://files.vagrantup.com/packages/eb590aa3d936ac71cbf9c64cf207f148ddfc000a/vagrant_1.0.3_i686.deb
sudo dpkg -i vagrant_1.0.3_i686.deb

/opt/vagrant/bin/vagrant
Now vagrant is ready on the host box

1, create a basic Ubuntu 12.04 vagrant box
/opt/vagrant/bin/vagrant box add precise32 http://files.vagrantup.com/precise32.box
mkdir cub1
cd cub1
/opt/vagrant/bin/vagrant init
vi Vagrantfile, with below

config.vm.box = “precise32”
config.vm.network :bridged
config.vm.customize [“modifyvm”, :id, “–memory”, 1024]
config.vm.share_folder “hostshared”, “/tmp/share”, “/tmp/share”
config.vm.provision :shell, :inline => “ifconfig”

Now start vm
/opt/vagrant/bin/vagrant up
/opt/vagrant/bin/vagrant ssh
ifconfig to get the assigned IP address

2, add my user
ssh vagrant@IP (password vagrant)
add new user and put into admin group (so it can sudo)
sudo useradd -d /home/new-user -g admin -m new-user
sudo passwd new-user
exit
then ssh to VM with new user
ssh new-user@IP
make the sudo passwordless
sudo visudo
add at bottom
user-name ALL=(ALL)NOPASSWD: ALL
exit

on the host machine, generate key pair if not yet
ssh-keygen -t rsa
ssh new-user@vm-ip mkdir -p .ssh
cat ~/.ssh/id_rsa.pub | ssh new-user@vm-ip ‘cat >> .ssh/authorized_keys’
now you can ssh new-user@vm-ip without entering password.

3, repackage
cp Vagrantfile Vagrantfile.package
vi Vagrantfile.package
add
config.ssh.username = “new-user”
config.ssh.private_key_path = “~/.ssh/id_rsa”
config.package.name = “precise32cub1base”
(did not work)
run command to create the new base box from VM
/opt/vagrant/bin/vagrant package –vagrantfile ./Vagrantfile.package
This will create a base box named “precise32cub1base” in local directory
(in my testing it did not work though, the file still named package.box)
add to local vagrant
/opt/vagrant/bin/vagrant box add precise32cub1base ./package.box
/opt/vagrant/bin/vagrant box list

test the new base box at local
mkdir ~/test-box
cd ~/test-box
/opt/vagrant/bin/vagrant init
vi Vagrantfile
change config.vm.box = “precise32cub1base”

start VM
/opt/vagrant/bin/vagrant up

test with new user
ssh new-user@IP (works without entering password)

to use this new base box on other hosts, make sure to copy the id_rsa key file to the ~/.ssh directory
and mkdir /tmp/share because the packaged Vagrantfile is included whenever you create VM with this base box

Ubuntu set up internal DNS servers

On my windows PC, I started two ubuntu 12.04 servers with VM player. Named them “panda” and “tiger”, and set the network to “bridge” mode (this way, they are accessible from outside of the hosted PC). Their IP addresses are 10.189.10.x

I also have two spare PCs, and installed Ubuntu 12.04 server on them, named “lion” and “bear”. All 3 computers are connected to same network switch, and all have IP address at 10.189.19.x

I decided to use the box “lion” as the DNS server, whose IP address is 10.189.19.x

sudo apt-get install ssh bind9 bind9utils
then edit the files under /etc/bind, add the internal zone, I assigned domain “rocks” for all the internal servers.
Restart bind9 sudo /etc/init.d/bind9 restart
if there is error, check /var/log/syslog

to test locally
note Ubuntu 12.04 uses “resolvconf” to manage the “resolve.conf” file, you can not edit that file directly any more.
need to update the /etc/resolvconf/resolv.conf.d, create a “tail” file
sudo vi /etc/resolvconf/resolv.conf.d/tail
search rocks
nameserver 10.189.19.x
sudo resolvconf -u
more /etc/resolv.conf to check the current name resolving rules

Use “nslookip” or “dig” to test.

On the other servers, need to copy the “head” file so they will use the new internal DNS server