Razor Chef Broker, Updated

If you are looking for info on the razor-server broker, check this blog post: https://anystacker.com/2014/01/razor-server-chef-broker/

A few weeks ago i posted about the razor chef broker, while it was still a work in progress. After some awesome collaboration with Fletcher Nichol, Tom McSweeney, and Cody Bunch, chef broker is now officially part of Razor.

Originally, while puppet broker was the only one available, the CLI options for adding a broker were geared towards it. While working on chef razor, many more options were needed, so the whole CLI interaction for adding a broker changed. The new flow flows much nicer, in my opinion!

Here is a simple example of adding new razor broker, step by step.
Lets check available plugins, make sure that the chef is one of the available options:

root@ubuntu:/opt/razor# razor broker get plugins

Available Broker Plugins:
 Plugin Description
 puppet PuppetLabs PuppetMaster
 chef Opscode Chef
 root@ubuntu:/opt/razor#

List current brokers:

root@ubuntu:/opt/razor# razor broker
 Broker Targets:
 Name Description Plugin UUID
 puppet puppet puppet 11fTD6ejTXmbS4nyIu0ZF5

Lets add a new broker (-p for plugin, -n for name, -d for description):

root@ubuntu:/opt/razor# razor broker add -p chef -n Chef -d Production
 --- Building Broker (chef):
Please enter the URL for the Chef server. (example: https://chef.example.com:4000)
 (QUIT to cancel)

Your chef server can be in any valid URL format, whether it be IP:port, or just IP. This is were your new client will be connecting to to call home.

 > https://chef.example.com:4000

What chef version do you want to use?

Please enter the Chef version (used in gem install). (example: 10.16.2)
(QUIT to cancel)
> 10.16.2

Chef client needs a server validation file. This generally can be found on your server under /etc/chef/validation.pem. Copy the whole file, paste, and add a blank line:

Please enter a paste of the contents of the validation.pem file, followed by a blank line. (example: -----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAA...) 
(QUIT to cancel)
 > -----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEA1cvdmA1J754VQUAxZRNYHHqs2nIiL7xlcp1LQP9N7LQyZ+XM
G61m8es5TMPLGNk20DqE46ZVQPlcIgZmnq6G42jPERRcpkhleNLegaDEM0Fkt0tr
MIIEowIBAAKCAQEA1cvdmA1J754VQUAxZRNYHHqs2nIiL7xlcp1LQP9N7LQyZ+XM
G61m8es5TMPLGNk20DqE46ZVQPlcIgZmnq6G42jPERRcpkhleNLegaDEM0Fkt0tr
MIIEowIBAAKCAQEA1cvdmA1J754VQUAxZRNYHHqs2nIiL7xlcp1LQP9N7LQyZ+XM
G61m8es5TMPLGNk20DqE46ZVQPlcIgZmnq6G42jPERRcpkhleNLegaDEM0Fkt0tr
MIIEowIBAAKCAQEA1cvdmA1J754VQUAxZRNYHHqs2nIiL7xlcp1LQP9N7LQyZ+XM
G61m8es5TMPLGNk20DqE46ZVQPlcIgZmnq6G42jPERRcpkhleNLegaDEM0Fkt0tr
MIIEowIBAAKCAQEA1cvdmA1J754VQUAxZRNYHHqs2nIiL7xlcp1LQP9N7LQyZ+XM
G61m8es5TMPLGNk20DqE46ZVQPlcIgZmnq6G42jPERRcpkhleNLegaDEM0Fkt0tr
MIIEowIBAAKCAQEA1cvdmA1J754VQUAxZRNYHHqs2nIiL7xlcp1LQP9N7LQyZ+XM
G61m8es5TMPLGNk20DqE46ZVQPlcIgZmnq6G42jPERRcpkhleNLegaDEM0Fkt0tr
MIIEowIBAAKCAQEA1cvdmA1J754VQUAxZRNYHHqs2nIiL7xlcp1LQP9N7LQyZ+XM
G61m8es5TMPLGNk20DqE46ZVQPlcIgZmnq6G42jPERRcpkhleNLegaDEM0Fkt0tr
MIIEowIBAAKCAQEA1cvdmA1J754VQUAxZRNYHHqs2nIiL7xlcp1LQP9N7LQyZ+XM
G61m8es5TMPLGNk20DqE46ZVQPlcIgZmnq6G42jPERRcpkhleNLegaDEM0Fkt0tr
bpZhB1UOoeKVyq4c8Oza8Mrs/OEQcoBSHZwVFmErOyf/Ree4nVIC
-----END RSA PRIVATE KEY-----

How should your client auth against chef server? More info on chef auth can be found here: http://wiki.opscode.com/display/chef/Authentication+and+Authorization

Please enter the validation client name. (example: myorg-validator) 
default: chef-validator
(QUIT to cancel)
 > chef-validator

Which environment? More about Chef environments: http://wiki.opscode.com/display/chef/Environments

Please enter the Chef environment in which the chef-client will run. (example: production) 
default: _default
(QUIT to cancel)
 >

This script will actually perform the installation. Replace with your own if you don’t trust the internets!

Please enter the Omnibus installer script URL. (example: http://mirror.example.com/install.sh) 
default: http://opscode.com/chef/install.sh
(QUIT to cancel)
 >

More custom options, press enter for default:

Please enter an alternate path to the chef-client binary. (example: /usr/local/bin/chef-client) 
default: chef-client
(QUIT to cancel)
 >

Optional run list, type “SKIP” if you don’t have any.

Please enter an optional run_list of common base roles. (example: role[base],role[another]) 
(SKIP to skip, QUIT to cancel)
 > SKIP

Finally, you have a brand new chef broker, ready to be added to your policy:

 Name =>  Chef
 Description =>  Production
 Plugin =>  chef
 UUID =>  7HYCfiyr5LQ13ScnLoRlUB
 Chef Server URL =>  https://chef.example.com:4000
 Chef Version =>  10.16.2
 Validation Key MD5 Hash =>  6372aca0ebceddb65c4e934d35f789c2
 Validation Client Name =>  chef-validator
 Bootstrap Environment =>  _default
 Install Sh Url =>  http://opscode.com/chef/install.sh
 Chef Client Path =>  chef-client
 Base Run List =>

Now, when listing available brokers, you should see your new chef broker in the list:

root@ubuntu:/opt/razor# razor broker
Broker Targets:
 Name   Description  Plugin           UUID           
Chef    Production   chef    7HYCfiyr5LQ13ScnLoRlUB  
puppet  puppet       puppet  11fTD6ejTXmbS4nyIu0ZF5

You can view the details of the broker by specifying it’s UUID:

root@ubuntu:/opt/razor# razor broker 7HYCfiyr5LQ13ScnLoRlUB
 Name =>  Chef
 Description =>  Production
 Plugin =>  chef
 UUID =>  7HYCfiyr5LQ13ScnLoRlUB
 Chef Server URL =>  https://chef.example.com:4000
 Chef Version =>  10.16.2
 Validation Key MD5 Hash =>  6372aca0ebceddb65c4e934d35f789c2
 Validation Client Name =>  chef-validator
 Bootstrap Environment =>  _default
 Install Sh Url =>  http://opscode.com/chef/install.sh
 Chef Client Path =>  chef-client
 Base Run List =>  

root@ubuntu:/opt/razor#

Razor Facts

Besides installing chef client and registering it with the server, Razor also injects custom facts into the new node. I split them out into additional blog post, since there are a few of them!

-eglute

Razor Facts

Share this:

Like this:

Related