General discussion about Chef

[chef] Re: new chef-client installation


Chronological Thread 
  • From: Daniel DeLeo < >
  • To:
  • Subject: [chef] Re: new chef-client installation
  • Date: Wed, 19 Dec 2012 14:11:15 -0800

On Wednesday, December 19, 2012 at 1:37 PM, Kirill Timofeev wrote:

Folks,

I'm creating binary packages to install chef-client on machines in my organization. I want chef-client installation to be completely isolated from other components, chef-client update should be done only via binary packages. Currently I'm doing this in the following way (without couple of minor details):

  1. Create chroot environment.
  2. Install all dependencies to build ruby and chef
  3. Build ruby using ruby-build
  4. Install chef
  5. Clone chef-client and logrotate cookbooks into chef installation for setup during installation
  6. Create binary package

Postinst script does the following:

  1. Creates minimal /etc/chef/client.rb with correct chef_server_url and node_name
  2. Creates /etc/chef/validation.pem
  3. Runs chef-client to register with server
  4. Creates config file for chef-solo with cookbook_path pointing to local directory with chef-client and logrotate cookbooks
  5. Creates json file for chef-solo with run list containing "recipe[chef-client::delete_validation]", "recipe[chef-client::config]", "recipe[chef-client::service]"
  6. Runs chef-solo

After completion I get registered and properly configured chef-client with empty run list.

You might look at omnibus-chef, which is how Opscode makes the packages here: http://www.opscode.com/chef/install/ (https://github.com/opscode/omnibus-chef). Alternatively, you could probably repackage the official packages with your custom client.rb and validation.pem


I wonder if sequence above is correct way of doing this or something can be done better. I also wonder why do we have chef-client cookbook and set of files in lib/ruby/gems/1.9.1/gems/chef-10.16.2/distro, it seems there is duplication here.
There are several packaging systems with different feature sets that we accommodate. Rubygems, for example, doesn't have any support for installing manages or running post install scripts, while debian and red hat packages that meet the upstream packaging guidelines need to include these things in the standard locations. Depending on preference and expertise with the various packaging systems/related ecosystems, people tend to prefer different package/install mechanisms. 

Beyond just installation, the chef-client cookbook allows people to manage chef with chef (upgrades, changes to client config, etc.).

Thanks,
Kirill.
-- 
Daniel DeLeo


Archive powered by MHonArc 2.6.16.

§