CentOS 6.1, local VMs and Opscode Chef

29 Dec 2011 CentOS 6.1, local VMs and Opscode Chef

Automating Internal Infrastructure Orchestration with Chef

BioTeam maintains it’s internal company IT infrastructure across a distributed mix of servers hosted both “in the cloud” as well as within our own offices and colocation cages. We’ve long been using Opscode Chef to “orchestrate” our cloud systems and recently have found it invaluable for automatic configuration management of our own local servers and VMs.

This blog post is just a quick one-off article to highlight how well Chef plays with non-cloud systems including local virtual machines that BioTeam is running via Citrix XenServer. It was so easy to spin up a new VM (“staff.bioteam.net”) and then use a single Chef one-liner command to bootstrap the server to configure user accounts, install new software (denyhosts) and adjust the configuration of the /etc/sudoers file that I wanted to screencast and share the process.

First things first …

Thanks to Steve Danna for publishing a CentOS-6 bootstrapping template script. In the screencast below where you see me typing the “knife bootstrap …” command I’m directly invoking the bootstrapping script for CentOS 6 systems that Steve put on github.

Screencast Ahead

In the video recorded below we start with a CentOS 6.1 Linux system. The VM was created from a pre-existing barebones XenServer template and really just contains a minimal operating system and network stack with almost no installed software.

Normally in “Xen” land, I’d fire up the new VM from a template and then do manual sysadmin “stuff” to the server to make it do what it needed to do.

For this particular server (“staff.bioteam.net”) we really just needed a few things to start with:

  • Create BioTeam staff user accounts
  • Upload and install individual BioTeam staff SSH keys so they can login securely
  • Add the appropriate BioTeam user accounts to the /etc/sudoers file so they can elevate access when needed
  • Install, configure and start the ‘denyhosts’ service to block SSH password guessing attacks

And wouldn’t you know … BioTeam ALREADY has Chef recipes to do all those things because we need them on just about every cloud server we create.

The screencast below simply shows how I can do all the tasks listed above via my personal Mac OS X laptop with a single call to the Opscode Chef CLI tool named ‘knife’. The exact command used was:

 $ knife bootstrap -d centos6-gems --ssh-user root 
 --run-list "recipe[users::sysadmins], recipe[sudo], recipe[denyhosts]" 

It’s literally that easy.

The video below is not edited for time in any way. It really does take less than 4 minutes to take a ‘barebones’ CentOS system, install all the software dependencies, build and configure chef, download the cookbooks and runlist and then “process them”. The end result is 100% automated provisioning of a new server while I check Facebook in another browser window.

And for people new to Opscode Chef this is a great example of how powerful and flexible these “infrastructure orchestration” systems have become. The Chef client running on the new server is doing far more than just simple installs of software from remote repositories. Of course it’s doing that but it’s also installing personal individual SSH keys, editing the contents of the /etc/sudoers file and installing, configuring and starting a new network security service (denyhosts). Try doing that amount of “custom” server config work using a “golden image” or Kickstart type method!


Note: The text-heavy screencast may best be viewed directly on youtube.com, particularly in the “big” 720p HD version …


  • Richard
    Posted at 08:02h, 14 December Reply

    What is the option -d all about ?

    • bioteam
      Posted at 08:18h, 14 December Reply

      Hi Richard, The “-d” switch passed to the ‘bootstrap’ subcommand is a way of invoking an alternative template script that guides the bootstrap process. I can’t remember why we needed this template but the reason was probably straightforward. It’s possible that knife did not have a builtin template for CentOS6.1 at the time or maybe we needed a custom template so that the EPEL repo was added to the system before the various “yum install …” commands happened.

  • Airborne Donkey
    Posted at 13:22h, 27 July Reply

    Apologies in advance as I am shifting from a physical server operations background, to the amazing benefits of chef!

I am attempting to spin up a cassandra cluster using cocoy’s community files from here (https://github.com/cocoy/chef-cassandra) and have one item of confusion:

The only way i could get this to run on CentOS 6.4 (64bit) was to use the “-d centos5-gems” parameter.

So far, this seems to be working OK, however I am concerned that the gems package is for “centos5-x”, whereas I am using cents 6.4.

I have been googling aimlessly – can anyone reassure me that using centos5-gems is ok to use on a CentOS 6.4+ installation?

Post A Comment