I have been playing around with Chef for the past week and while I liked it, it was a pain it setup. It seems to be work well if you run Debian and Ubuntu. Everything else … not so much.

First sign of trouble is when I attempt to bootstrap the install. The install calls for installing Ruby from the RBEL repo. Which I don’t have too much with trouble - in fact, they have binary RPMs of chef already available, so I used that initially and installed with:

yum install rubygem-chef-server --disablerepo=updates --disablerepo=CentOS-Custom --disablerepo=extras

(Centos-Custom is my own repo, by the way).

That went well - until it turns out that it installed Ruby 1.8 along with it.

So I got that removed. I spent the next few hours of trying (and failing) to install Ruby 1.9 while avoiding have to install 1.8. In the end, I gave up. Instead, what I did is the following:

1. Installed the prerequisites  for ruby (including my build of Ruby 1.9 and Rubygems).
2. Then, I ran “gem install ruby-shadow”, as there was no RPM for it in the CentOS repo.
3. Then I installed the EPEL repo (instead of the RBEL repo). That allow to proceed with the install of chef with “gem install chef”. That, in turn, took care of all the requirements and package installation.

The next step is to configure a web proxy, as detail here. I decided to deviate slight and just use Red Hat’s utility with:

genkey chef.monzell.com

And then open the firewall ports.

However, because I had SELinux running, apache is not able to communicate to another application (as they are in different security context. So I had to enable access with:

setsebool -P httpd_can_network_connect on

That got me further, but I still had issues. After tailing the audit log and cat the output to audit2allow, I found that I still need to open a port in SELinux:

#============= httpd_t ==============
allow httpd_t reserved_port_t:tcp_socket name_bind;

I enabled access with:

[root@chef audit]# tail audit.log  | audit2allow -M chef444
******************** IMPORTANT ***********************
To make this policy package active, execute:
semodule -i chef444.pp

Installed the module and got the web access working.

There is more, but that’s for another post. :)

(as a side note, is there a tumbler theme that is code friendly - that is, I can paste in code and command line snippets without looking like snot?)

EDIT: Nevermind, looks like I’ll be poking around with CSS again to get it working the way I like.