/
Bootstrapping a Node

Bootstrapping a Node

Owned by Selvyn Wright
Last updated: Aug 02, 2017

IMPORTANT

All Nodes must belong to an organization, you bootstrap nodes to that organization.

Use knife node <sub-command> to manage nodes

So what is bootstrapping? When we attach a node to our Chef server, often, we'll need to actually install the Chef client so that we can run or execute our cookbooks. The node may not have any idea of how to contact your Chef server either. So the process of bootstrapping is installing the Chef client and telling that node where your Chef server is located. The bootstrapping command is available with knife bootstrap.

Common syntax for the bootstrap command is

shell command

knife bootstrap <FQDN/IP> -x <user name> -P <password> --sudo -N <node name> -r "recipe[cookbook]"

OR

knife bootstrap <FQDN/IP> -i <identity file like a .pem file> --sudo -N <node name> -r "recipe[cookbook]"

NOTE: before you run this command, make sure you are in the parent folder of the cookbook folder

For the command knife bootstrap <ip address> -V -i <pem file> --sudo -N <node-name> -r "recipe[cookbook]"

When it comes to provisioning a Node, create and run an EC2 instance, then you need to allow root login as the ec2-user, to do this take these steps

  1. sudo -s (to become root)
vi /root/.ssh/authorized_keys

    Delete the lines at the begining of the file until you get to the words ssh-rsa.

  2. vi /etc/ssh/sshd_config

    Set the variable PermitRootLogin to PermitRootLogin without-password

  3. service sshd restart
  4. Now run knife bootstrap

For the command knife bootstrap <ip address> -V -x <user> -P <password> --sudo -N <node-name> -r "recipe[cookbook]"

  1. Copy the QACHEFESS-setup-new-user.sh to the node and run it as sudo (update lines 4 - 8 with the user and password details as required)
  2. Now run knife bootstrap
shell script
#!/bin/bash

# Add user 'chef', password 'chef'
useradd chef
echo chef | passwd chef --stdin

# Config sudo access. 
echo "chef    ALL=(ALL)       NOPASSWD: ALL" >> /etc/sudoers
sed -i 's/Defaults.*requiretty/#Defaults requiretty/g' /etc/sudoers

# Allow password access via ssh
sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config
service sshd restart

# Flush & Disable iptables
# Could not see iptables enabled by default on Centos 7. Need to confirm
iptables -F
service iptables stop
chkconfig iptables off

# Disable SELinux
setenforce 0
sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config

# Set the MOTD
curl https://s3.amazonaws.com/uploads.hipchat.com/7557/343581/8r8bE9vCpEW87E8/getawesome.txt > /etc/motd

# And we are done
echo '######## All Done! ######'