The open source Chef Server is a free version of the Chef Server that contains much of the same functionality as Hosted Chef, but requires that each instance be configured and managed locally, including performing data migrations, applying updates to the open source Chef Server, and ensuring that the open source Chef Server scales as the local infrastructure it is supporting grows. The open source Chef Server includes support from the Chef community, but does not include support directly from Opscode.
The Chef manager is a web-based interface that provides users of Chef a way to manage the following from the Chef Server:
Note
In order to set up and start the management console, use the bootstrap_server recipe with webui_enabled. The management console will be running on port 4040.
A chef-client is an agent that runs locally on every node that is registered with the Chef Server. When a chef-client is run, it will perform all of the steps that are required to bring the node into the expected state, including:
The Management Console allows users to create, read, edit, and delete API clients.
To create a client:
To delete a client:
Or, click on the name of the client and click Delete on the sub-navigation menu.
To edit a client:
To view a client:
To view the public key:
A cookbook is the fundamental unit of configuration and policy distribution in Chef. Each cookbook defines a scenario, such as everything needed to install and configure MySQL, and then it contains all of the components that are required to support that scenario, including:
The Management Console allows users to view and list cookbooks.
To list cookbooks:
To view the contents of a specific cookbook:
A data bag is a global variable that is stored as JSON data and is accessible from a Chef Server. A data bag is indexed for searching and can be loaded by a recipe or accessed during a search. The contents of a data bag can vary, but they often include sensitive information (such as database passwords).
The Management Console allows users to create, read, update, and delete data bags and data bag items.
To create a data bag item in a specific data bag:
To delete a data bag:
To view or edit a specific data bag:
To edit a data bag using the JSON editor:
To edit a data bag using JSON:
To list data bags:
To view or edit a specific data bag:
A data bag is a container of related data bag items, where each individual data bag item is a JSON file. The only structural requirement of a data bag item is that it must have an id:
{
"id": "ITEM_NAME"
"key": "value"
}
where key and value are the key:value pair for each additional attribute within the data bag item. Knife can load a data bag item by specifying the name of the data bag to which the item belongs and then the filename of the data bag item.
To delete a data bag item in a specific data bag:
To edit a data bag item in a specific data bag:
An environment is a way to map an organization’s real-life workflow to what can be configured and managed when using Chef Server. Every Chef organization begins with a single environment called the _default environment, which cannot be modified (or deleted). Additional environments can be created, such as production, staging, testing, and development. Generally, an environment is also associated with one (or more) cookbook versions.
The Management Console allows users to create, read, update, delete environments, and to select a specific environment to view nodes and cookbooks in that environment.
By clicking the Create tab under Environments, you are able to create a new environment. In the Create form you can specify a name (required), description, cookbook version constraints, and attributes.
An environment can be deleted by clicking the Delete link on the List page next to the name of the environment; or by clicking the Delete tab on the Show page when you view a specific environment.
The List page under Environments tab shows all existing environments. Clicking the link of the Environment name allows you to view the environment. You can also select the environment by clicking Select next to the name; doing so is equivalent to selecting an environment from the drop-down box on the top of the page.
On the header of the Management Console, there is an Environment drop down box where you can select either “none” or a specific environment.
If “none” is selected, the Management Console shows everything when you view nodes and cookbooks; if a specific environment is selected, the Management Console only shows the available objects in that environment for nodes and cookbooks. For cookbooks, if you do not define any restriction in the environment, the Management Console shows all cookbooks.
When viewing a specific role, the per environment run list for the selected environment shows up; if none or _default is selected in the Environment drop down box, or there is no environment specific run list for the selected environment, the role page shows the _default run list.
Objects other than nodes, cookbooks, and roles are not affected by the environment selection.
Click the name of the environment on the List page under Environments allows you to view the environment. You are able to see the description, cookbook version constraints, and attributes defined in the environment you are viewing.
The Management Console allows users to create, read, update, and delete nodes.
The node creation page lists all available recipes and roles, and allows you to include these in the run list of the node you are creating. There is also a JSON editor for editing, adding and removing the node’s attributes.
In order to create a node:
To delete a node:
Note
You need delete permissions on the node to it. If you don’t have permission, you may not see a Delete link or tab.
In any of the following actions where a drag is involved, you must drag the item to the lighter grey area of the target list.
Click the Editor tab on the right, click the green add button under the Editor tab, enter a name as the key and a body as the value and click Add Attribute. The following figure shows the Default and Override Attributes tree and the JSON editor.
Enter the JSON body in the editor, and click the Load JSON from source button. Click the Create Node or Save Node button to save the node. The following figure shows an example.
An attribute is a specific detail about a node. Attributes are used by Chef to understand:
Attributes are defined by:
During every Chef run, the chef-client builds the attribute list using:
After the node object is rebuilt, all of attributes are compared, and then the node is updated based on attribute precedence. At the end of every Chef run, the node object that defines the current state of the node is uploaded to the Chef Server so that it can be indexed for search.
To modify the attributes of a node, such that they override the values of the included recipe or role, click json from the Default and Override Attributes tree on the bottom left.
A run-list is an ordered list of roles and/or recipes that are run in an exact order. A run-list is always specific to the node on which it runs, though it is possible for many nodes to have run-lists that are similar or even identical. The items within a run-list are maintained using Knife and are uploaded to the Chef Server and stored as part of the node object for each node. Chef always configures a node in the exact order specified by its run-list and will never run the same recipe twice.
To edit a run-list:
Viewing a node shows the recipes and roles in the node’s run list, as well as the node’s attributes. In order to view a specific node:
On this page you can see the roles and recipes in the node’s run list, as well as an expandable tree view of the JSON attributes on the node.
A role is a way to define certain patterns and processes that exist across nodes in a Chef organization as belonging to a single job function. Each role consists of zero (or more) attributes and a run list. Each node can have zero (or more) roles assigned to it. When a role is run against a node, the configuration details of that node are compared against the attributes of the role, and then the contents of that role’s run list are applied to the node’s configuration details. When a chef-client runs, it merges its own attributes and run lists with those contained within each assigned role.
The Management Console allows users to create, read, update, and delete roles.
The role creation page allows you to add recipes and roles to the role you are editing. There is also a JSON editor for editing, adding and removing JSON attributes associated with the role. To create a role:
In order to delete a role:
In any of the following actions where a drag is involved, you must drag the item to the lighter grey area of the target list.
You can edit the override attributes of a role, to override the values of an included recipe or role, and you can edit the default attributes of a role to specify attributes that do not exist in included recipes and roles. To do this, click json from the Default and Override Attributes tree on the bottom left. Then, click the Editor tab on the right, click the green add button under the Editor tab, enter a name as the key and a body as the value and click Add Attribute. The following figures show the Default and Override Attributes tree and the JSON editor.
To edit the JSON source for a role:
Viewing a role shows the recipes and roles included in the role, as well as a tree view of the attributes associated with the role. In order to view a specific role, on the roles page, click the link of the specific role you want to view.
The Management Console runs on port 4040 by default. Navigate your browser to http://chef.example.com:4040/ (replacing chef.example.com with the actual hostname of your Chef server, of course). You’ll be redirected to the login screen.
When logging in for the first time, use the default credentials
| Username | admin |
| Password | p@ssw0rd1 |
When you log in as the default admin user, you’re immediately redirected to the edit page for that user. After changing the default password, you can add add new users or use any other features of the Management Console.
Default passwords are no better than not having a password. They’re evil. They must die. Please change the default password and never use it again.
When using the bootstrap::server recipe, this is actually a randomly generated password, and set in /etc/chef/server.rb through the template, with the setting web_ui_admin_default_password. This can be set to a different value by setting webui_admin_password in the chef.json.
Users are managed from the users tab:
To create a new user, click Create on the Users page, then fill in the user’s name and password. Tick the box if the new user will be an administrator, then hit the Create button.
To delete a user, click the link for Delete next to the user’s name in the list. Chef will ask if you’re sure about deleting the user. Click OK to confirm.
To edit a user, click the Edit link next to the user’s name in the list. You’ll see the same edit form you saw when you first logged in as the “admin” user.
Search indexes allow queries to be made for any type of data that is indexed by the Chef Server, including data bags (and data bag items), environments, nodes, and roles. Chef has a defined query syntax that supports search patterns like exact, wildcard, range, and fuzzy. A search is a full-text query that can be done from several locations, including from within a recipe, by using the search subcommand in Knife, by using the search functionality in the Management Console, or by using the /search or /search/INDEX endpoints in the Chef Server API. The search engine is based on Apache Solr and is run from the Chef Server.
You can view search indexes and search for nodes, API clients, roles, and data bags on the Management Console.
The query syntax described in the Search page also applies to the Management Console. The very basic syntax is attribute:value. If you do not enter anything in any search box, it searches for everything (*:*).
In order to view available search indexes, log on to the Management Console and click the Search tab. The search indexes should be listed. Nodes, roles, and clients are always available. Data bags are indexed by the data bag’s name.
