packer-cn/website/source/docs/provisioners/chef-client.html.markdown

251 lines
9.0 KiB
Markdown
Raw Normal View History

---
2015-07-22 22:31:00 -04:00
description: |
The Chef Client Packer provisioner installs and configures software on machines
built by Packer using chef-client. Packer configures a Chef client to talk to a
remote Chef Server to provision the machine.
layout: docs
page_title: 'Chef-Client Provisioner'
...
# Chef Client Provisioner
Type: `chef-client`
2015-07-22 22:31:00 -04:00
The Chef Client Packer provisioner installs and configures software on machines
built by Packer using [chef-client](https://docs.chef.io/chef_client.html).
2015-07-22 22:31:00 -04:00
Packer configures a Chef client to talk to a remote Chef Server to provision the
machine.
The provisioner will even install Chef onto your machine if it isn't already
installed, using the official Chef installers provided by Chef.
## Basic Example
2015-07-22 22:31:00 -04:00
The example below is fully functional. It will install Chef onto the remote
machine and run Chef client.
2015-07-22 22:31:00 -04:00
``` {.javascript}
{
"type": "chef-client",
"server_url": "https://mychefserver.com/"
}
```
2015-07-22 22:31:00 -04:00
Note: to properly clean up the Chef node and client the machine on which packer
is running must have knife on the path and configured globally, i.e,
\~/.chef/knife.rb must be present and configured for the target chef server
## Configuration Reference
The reference of available configuration options is listed below. No
2014-09-24 14:19:28 -04:00
configuration is actually required.
2015-07-22 23:25:58 -04:00
- `chef_environment` (string) - The name of the chef\_environment sent to the
Chef server. By default this is empty and will not use an environment.
2015-07-22 23:25:58 -04:00
- `config_template` (string) - Path to a template that will be used for the
Chef configuration file. By default Packer only sets configuration it needs
to match the settings set in the provisioner configuration. If you need to
set configurations that the Packer provisioner doesn't support, then you
should use a custom configuration template. See the dedicated "Chef
Configuration" section below for more details.
- `encrypted_data_bag_secret_path` (string) - The path to the file containing
the secret for encrypted data bags. By default, this is empty, so no secret
will be available.
2015-07-22 23:25:58 -04:00
- `execute_command` (string) - The command used to execute Chef. This has
various [configuration template
variables](/docs/templates/configuration-templates.html) available. See
below for more information.
2015-07-22 23:25:58 -04:00
- `install_command` (string) - The command used to install Chef. This has
various [configuration template
variables](/docs/templates/configuration-templates.html) available. See
below for more information.
2015-07-22 23:25:58 -04:00
- `json` (object) - An arbitrary mapping of JSON that will be available as
node attributes while running Chef.
2015-07-22 23:25:58 -04:00
- `node_name` (string) - The name of the node to register with the
Chef Server. This is optional and by default is packer-{{uuid}}.
2015-07-22 23:25:58 -04:00
- `prevent_sudo` (boolean) - By default, the configured commands that are
executed to install and run Chef are executed with `sudo`. If this is true,
then the sudo will be omitted.
2015-07-22 23:25:58 -04:00
- `run_list` (array of strings) - The [run
2015-09-01 12:20:52 -04:00
list](http://docs.chef.io/essentials_node_object_run_lists.html) for Chef.
By default this is empty, and will use the run list sent down by the
Chef Server.
2015-07-22 23:25:58 -04:00
- `server_url` (string) - The URL to the Chef server. This is required.
2015-07-22 23:25:58 -04:00
- `skip_clean_client` (boolean) - If true, Packer won't remove the client from
the Chef server after it is done running. By default, this is false.
2015-07-22 23:25:58 -04:00
- `skip_clean_node` (boolean) - If true, Packer won't remove the node from the
Chef server after it is done running. By default, this is false.
2015-07-22 23:25:58 -04:00
- `skip_install` (boolean) - If true, Chef will not automatically be installed
on the machine using the Chef omnibus installers.
2015-07-22 23:25:58 -04:00
- `staging_directory` (string) - This is the directory where all the
configuration of Chef by Packer will be placed. By default this
is "/tmp/packer-chef-client". This directory doesn't need to exist but must
have proper permissions so that the SSH user that Packer uses is able to
create directories and write into this folder. If the permissions are not
correct, use a shell provisioner prior to this to configure it properly.
2015-07-22 23:25:58 -04:00
- `client_key` (string) - Path to client key. If not set, this defaults to a
file named client.pem in `staging_directory`.
2015-07-22 23:25:58 -04:00
- `validation_client_name` (string) - Name of the validation client. If not
set, this won't be set in the configuration and the default that Chef uses
will be used.
2014-04-26 14:05:08 -04:00
2015-07-22 23:25:58 -04:00
- `validation_key_path` (string) - Path to the validation key for
communicating with the Chef Server. This will be uploaded to the
remote machine. If this is NOT set, then it is your responsibility via other
means (shell provisioner, etc.) to get a validation key to where Chef
expects it.
## Chef Configuration
2015-07-22 22:31:00 -04:00
By default, Packer uses a simple Chef configuration file in order to set the
options specified for the provisioner. But Chef is a complex tool that supports
many configuration options. Packer allows you to specify a custom configuration
template if you'd like to set custom configurations.
The default value for the configuration template is:
2015-07-22 22:31:00 -04:00
``` {.liquid}
log_level :info
log_location STDOUT
chef_server_url "{{.ServerUrl}}"
{{if ne .ValidationClientName ""}}
validation_client_name "{{.ValidationClientName}}"
{{else}}
validation_client_name "chef-validator"
{{end}}
{{if ne .ValidationKeyPath ""}}
validation_key "{{.ValidationKeyPath}}"
{{end}}
{{if ne .NodeName ""}}
node_name "{{.NodeName}}"
{{end}}
```
2015-07-22 22:31:00 -04:00
This template is a [configuration
template](/docs/templates/configuration-templates.html) and has a set of
variables available to use:
- `EncryptedDataBagSecretPath` - The path to the encrypted data bag secret
2015-07-22 23:25:58 -04:00
- `NodeName` - The node name set in the configuration.
- `ServerUrl` - The URL of the Chef Server set in the configuration.
- `ValidationKeyPath` - Path to the validation key, if it is set.
## Execute Command
2015-07-22 22:31:00 -04:00
By default, Packer uses the following command (broken across multiple lines for
readability) to execute Chef:
2015-07-22 22:31:00 -04:00
``` {.liquid}
{{if .Sudo}}sudo {{end}}chef-client \
--no-color \
-c {{.ConfigPath}} \
-j {{.JsonPath}}
```
2015-07-22 22:31:00 -04:00
This command can be customized using the `execute_command` configuration. As you
can see from the default value above, the value of this configuration can
contain various template variables, defined below:
2015-07-22 23:25:58 -04:00
- `ConfigPath` - The path to the Chef configuration file. file.
- `JsonPath` - The path to the JSON attributes file for the node.
- `Sudo` - A boolean of whether to `sudo` the command or not, depending on the
value of the `prevent_sudo` configuration.
## Install Command
2015-07-22 22:31:00 -04:00
By default, Packer uses the following command (broken across multiple lines for
readability) to install Chef. This command can be customized if you want to
install Chef in another way.
2015-07-22 22:31:00 -04:00
``` {.text}
curl -L https://www.chef.io/chef/install.sh | \
{{if .Sudo}}sudo{{end}} bash
```
This command can be customized using the `install_command` configuration.
## Folder Permissions
2015-07-22 22:31:00 -04:00
!> The `chef-client` provisioner will chmod the directory with your Chef keys
to 777. This is to ensure that Packer can upload and make use of that directory.
However, once the machine is created, you usually don't want to keep these
directories with those permissions. To change the permissions on the
directories, append a shell provisioner after Chef to modify them.
## Examples
### Chef Client Local Mode
2015-09-01 12:20:52 -04:00
The following example shows how to run the `chef-cilent` provisioner in local
mode, while passing a `run_list` using a variable.
**Local environment variables**
2015-09-01 12:20:52 -04:00
# Machines Chef directory
export PACKER_CHEF_DIR=/var/chef-packer
# Comma separated run_list
export PACKER_CHEF_RUN_LIST="recipe[apt],recipe[nginx]"
...
**Packer variables**
2015-09-01 12:20:52 -04:00
Set the necessary Packer variables using environment variables or provide a [var
file](/docs/templates/user-variables.html).
``` {.liquid}
"variables": {
"chef_dir": "{{env `PACKER_CHEF_DIR`}}",
"chef_run_list": "{{env `PACKER_CHEF_RUN_LIST`}}",
"chef_client_config_tpl": "{{env `PACKER_CHEF_CLIENT_CONFIG_TPL`}}",
"packer_chef_bootstrap_dir": "{{env `PACKER_CHEF_BOOTSTRAP_DIR`}}" ,
"packer_uid": "{{env `PACKER_UID`}}",
"packer_gid": "{{env `PACKER_GID`}}"
}
```
**Setup the** `chef-client` **provisioner**
2015-09-01 12:20:52 -04:00
Make sure we have the correct directories and permissions for the `chef-client`
provisioner. You will need to bootstrap the Chef run by providing the necessary
cookbooks using Berkshelf or some other means.
``` {.liquid}
{
"type": "file",
"source": "{{user `packer_chef_bootstrap_dir`}}",
"destination": "/tmp/bootstrap"
},
{
"type": "shell",
"inline": [
"sudo mkdir -p {{user `chef_dir`}}",
"sudo mkdir -p /tmp/packer-chef-client",
"sudo chown {{user `packer_uid`}}.{{user `packer_gid`}} /tmp/packer-chef-client",
"sudo sh /tmp/bootstrap/bootstrap.sh"
]
},
{
"type": "chef-client",
"server_url": "http://localhost:8889",
"config_template": "{{user `chef_client_config_tpl`}}/client.rb.tpl",
"skip_clean_node": true,
"skip_clean_client": true,
"run_list": "{{user `chef_run_list`}}"
}
```