Recently, I was trying to implement a use case wherein, the server launched by an autoscaling group should automatically connects to chef server and register itself as node.
The Problem Statement:
How to install Chef Client on a node launched by aws autoscaling group?
Step 1. Prepare AMI with chef-client installed
To install chef-client on a node, we’ll use knife bootstrap command from our chef Workstation.
Installing Chef Client
knife bootstrap Public_IP -x ubuntu -i ~/Downloads/pemfile.pem --sudo
This command will install a chef-client on a Public_IP node.
Once the chef-client is installed, it creates few files inside /etc/chef/ directory of the node.
a) client.rb: Configuration files used by chef-client.
log_level :info log_location STDOUT chef_server_url 'https://vikash.opscode.com/organizations/demo' validation_client_name 'organizationsName-validator' client_key '/etc/chef/client.pem' node_name ''
This file contains:
chef_server_url: This is the URL of the chef server. Change this with your Chef Server URL.
validation_client_name: This is the name of pemfile file in /etc/chef/ that chef-client uses during the first run to communicate with chef-server.
client_key: chef-client uses client.pem to authenticate every request with chef-server.
b) validation.pem: Chef-client uses validation.pem file for the first time to communicate with the chef-server.
c) client.pem: Once the chef-client registered, after that each request to the chef server is authenticated by using client.pem file.
Now, you have the chef server installed on your node. You can create an AMI from this node.
Step 2. Update the Launch Config associated with autoscaling group.
Once you created an AMI, then you need to update the launch config to use the ami-id created in Step 1.
Step 3. Configure “userdata” scripts to register node with chef server launched during autoscaling.
We’re using the shell scripts mentioned below to bootstrap our instances in autoscaling.
1) _node_name: node name should be identical, so we are using prefix with instance-id.
2) Delete the existing client.pem: Since we are using an AMI for every launch which already contains an old client.pem. We have to delete the existing client.pem as this file automatically generates once we run chef-client on a node.
3) Execute chef-client:
sudo chef-client -N "$_node_name" -o role["webserver"]
-o is used to call a recipe. In this case we have created a role which contains a bunch of recipes to be called whenever chef-client runs.
#### Configuring Chef Client ##### _node_name="NodeName-`ec2metadata --instance-id`" sudo rm -rf /etc/chef/client.pem echo "node_name '$_node_name'" >> /etc/chef/client.rb sudo chef-client -N "$_node_name" -o role["webserver"]
If everything works well, node get’s registered with chef server and you can see the node in the Chef Server Management Console.