I’m impressed. It was really easy. I have an old server, 9115-505, 4 GB RAM, with AIX 7.1 TL3 SP0 on it. Almost fresh installation, nothing special. The only special preparation measure, I had to take, was to check DNS configuration. In my test lab the Chef Server has name chef.enfence.net and the name must be resolvable to the right IP address on the client. You can achieve it with proper DNS configuration or with an entry in /etc/hosts.
Variant 1. root access
The next step is to start knife bootstrap:
$ knife bootstrap --ssh-user root --ssh-password abc123 --no-host-key-verify delta.enfence.net Doing old-style registration with the validation key at /chef-repo/.chef/enfence-validator.pem... Delete your validation key in order to use your user credentials instead Connecting to delta.enfence.net delta.enfence.net -----> Installing Chef Omnibus (-v 12) delta.enfence.net downloading https://www.opscode.com/chef/install.sh delta.enfence.net to file /tmp/install.sh.6160402/install.sh delta.enfence.net trying wget... delta.enfence.net trying perl... delta.enfence.net Downloading Chef 12 for aix... delta.enfence.net downloading https://www.opscode.com/chef/metadata?v=12&prerelease=false&nightlies=false&p=aix&pv=7.1&m=powerpc delta.enfence.net to file /tmp/install.sh.6357182/metadata.txt delta.enfence.net trying wget... delta.enfence.net trying perl... delta.enfence.net url https://opscode-omnibus-packages.s3.amazonaws.com/aix/6.1/powerpc/chef-12.5.1-1.powerpc.bff delta.enfence.net md5 49eabf3697be97f4ee651b14b77d3c4e delta.enfence.net sha256 484a5f63c2307bea75c062171a78bbbf5e204d933981a20a4cd27b18b0fc850d delta.enfence.net downloaded metadata file looks valid... delta.enfence.net downloading https://opscode-omnibus-packages.s3.amazonaws.com/aix/6.1/powerpc/chef-12.5.1-1.powerpc.bff delta.enfence.net to file /tmp/install.sh.6357182/chef-12.5.1-1.powerpc.bff delta.enfence.net trying wget... delta.enfence.net trying perl... delta.enfence.net Comparing checksum with shasum... delta.enfence.net Installing Chef 12 delta.enfence.net installing with installp... delta.enfence.net +-----------------------------------------------------------------------------+ delta.enfence.net Pre-installation Verification... delta.enfence.net +-----------------------------------------------------------------------------+ delta.enfence.net Verifying selections...done delta.enfence.net Verifying requisites...done delta.enfence.net Results... delta.enfence.net delta.enfence.net SUCCESSES delta.enfence.net --------- delta.enfence.net Filesets listed in this section passed pre-installation verification delta.enfence.net and will be installed. delta.enfence.net delta.enfence.net Selected Filesets delta.enfence.net ----------------- delta.enfence.net chef 12.5.1.1 # The full stack of chef delta.enfence.net delta.enfence.net << End of Success Section >> delta.enfence.net delta.enfence.net +-----------------------------------------------------------------------------+ delta.enfence.net BUILDDATE Verification ... delta.enfence.net +-----------------------------------------------------------------------------+ delta.enfence.net Verifying build dates...done delta.enfence.net FILESET STATISTICS delta.enfence.net ------------------ delta.enfence.net 1 Selected to be installed, of which: delta.enfence.net 1 Passed pre-installation verification delta.enfence.net ---- delta.enfence.net 1 Total to be installed delta.enfence.net delta.enfence.net Filesystem size changed to 1572864 delta.enfence.net +-----------------------------------------------------------------------------+ delta.enfence.net Installing Software... delta.enfence.net +-----------------------------------------------------------------------------+ delta.enfence.net delta.enfence.net installp: APPLYING software for: delta.enfence.net chef 12.5.1.1 delta.enfence.net delta.enfence.net Restoring files, please wait. delta.enfence.net 982 files restored. ... delta.enfence.net 16773 files restored. delta.enfence.net Thank you for installing Chef! delta.enfence.net Finished processing all filesets. (Total time: 15 mins 9 secs). delta.enfence.net delta.enfence.net +-----------------------------------------------------------------------------+ delta.enfence.net Summaries: delta.enfence.net +-----------------------------------------------------------------------------+ delta.enfence.net delta.enfence.net Installation Summary delta.enfence.net -------------------- delta.enfence.net Name Level Part Event Result delta.enfence.net ------------------------------------------------------------------------------- delta.enfence.net chef 12.5.1.1 USR APPLY SUCCESS delta.enfence.net chef 12.5.1.1 ROOT APPLY SUCCESS delta.enfence.net Starting the first Chef Client run... delta.enfence.net [2015-12-13T18:29:26+01:00] WARN: Please install an English UTF-8 locale for Chef to use, falling back to C locale and disabling UTF-8 support. delta.enfence.net Starting Chef Client, version 12.5.1 delta.enfence.net Creating a new client identity for delta.enfence.net using the validator key. delta.enfence.net resolving cookbooks for run list: [] delta.enfence.net Synchronizing Cookbooks: delta.enfence.net Compiling Cookbooks... delta.enfence.net [2015-12-13T19:28:08+01:00] WARN: Node delta.enfence.net has an empty run list. delta.enfence.net Converging 0 resources delta.enfence.net delta.enfence.net Running handlers: delta.enfence.net Running handlers complete delta.enfence.net Chef Client finished, 0/0 resources updated in 10 seconds
That’s it. I see my AIX server in Chef Manage console and its attributes:
Variant 2. RBAC.
I know, not everybody has remote root access to their systems. That’s why I tested Chef installation with AIX RBAC. I can’t guarantee, that Chef Client works well under RBAC, but it can be installed – for sure.
First I created a group and a user for chef:
root@delta# mkgroup chef root@delta# mkuser pgrp=chef chef
Then I assigned the standard AIX role sa (System Administrator) to the user and set its password:
root@delta# chuser roles=sa chef root@delta# chuser default_roles=sa chef root@delta# passwd chef Changing password for "chef" chef's New password: Enter the new password again: root@delta# pwdadm -c chef
Because I am not sure, that Chef Client can use swrole command to escalate its privileges, I’ve made the sa role default, and checked it:
$ ssh chef@delta chef@delta's password: $ rolelist -ea sa aix.fs.manage.change aix.fs.manage.create aix.fs.manage.debug aix.fs.manage.defrag aix.fs.manage.dump aix.fs.manage.list aix.fs.manage.mount aix.fs.manage.quota aix.fs.manage.recover aix.fs.manage.remove aix.fs.manage.snapshot aix.fs.manage.unmount aix.fs.object aix.lvm aix.security.group aix.security.user aix.system.config.acct aix.system.config.cron aix.system.config.src aix.system.install
I also changed some other user’s and system properties, such as maximum number of open files and maximum number of processes per user, but these settings are generally recommended for Chef Client.
root@delta# chuser nofiles=50000 rss=-1 chef root@delta# chdev -l sys0 -a maxuproc=4096 sys0 changed
Bootstrapping from Chef Server went without any problem:
$ knife bootstrap -V --ssh-user chef --ssh-password chef --no-host-key-verify delta.enfence.net INFO: Using configuration from /chef-repo/.chef/knife.rb Doing old-style registration with the validation key at /chef-repo/.chef/enfence-validator.pem... Delete your validation key in order to use your user credentials instead Connecting to delta.enfence.net delta.enfence.net -----> Installing Chef Omnibus (-v 12) delta.enfence.net downloading https://www.opscode.com/chef/install.sh delta.enfence.net to file /tmp/install.sh.7602396/install.sh ... delta.enfence.net Installation Summary delta.enfence.net -------------------- delta.enfence.net Name Level Part Event Result delta.enfence.net ------------------------------------------------------------------------------- delta.enfence.net chef 12.5.1.1 USR APPLY SUCCESS delta.enfence.net chef 12.5.1.1 ROOT APPLY SUCCESS delta.enfence.net Starting the first Chef Client run... delta.enfence.net [2015-12-14T22:44:38+01:00] WARN: Please install an English UTF-8 locale for Chef to use, falling back to C locale and disabling UTF-8 support. delta.enfence.net Starting Chef Client, version 12.5.1 delta.enfence.net Creating a new client identity for delta.enfence.net using the validator key. delta.enfence.net resolving cookbooks for run list: [] delta.enfence.net Synchronizing Cookbooks: delta.enfence.net Compiling Cookbooks... delta.enfence.net [2015-12-14T22:44:55+01:00] WARN: Node delta.enfence.net has an empty run list. delta.enfence.net Converging 0 resources delta.enfence.net delta.enfence.net Running handlers: delta.enfence.net Running handlers complete delta.enfence.net Chef Client finished, 0/0 resources updated in 09 seconds
I didn’t make any screenshots, but you can trust me – they would be the same as in the first variant.
Variant 3. sudo
The last way I checked was using sudo. I installed sudo from Michael Perzl’s site:
root@delta# rpm -q sudo sudo-1.8.11p2-1
and made a rule for the user chef:
root@delta# grep chef /etc/sudoers chef ALL=(ALL) NOPASSWD: ALL
(I know, it is not really secure, but it is suitable for a test environment).
Then as in previous examples I just ran bootstrap, but now with option –sudo:
$ knife bootstrap -V --ssh-user chef --ssh-password chef --sudo --no-host-key-verify delta.enfence.net INFO: Using configuration from /chef-repo/.chef/knife.rb Doing old-style registration with the validation key at /chef-repo/.chef/enfence-validator.pem... Delete your validation key in order to use your user credentials instead Connecting to delta.enfence.net delta.enfence.net -----> Installing Chef Omnibus (-v 12) ... delta.enfence.net chef 12.5.1.1 USR APPLY SUCCESS delta.enfence.net chef 12.5.1.1 ROOT APPLY SUCCESS delta.enfence.net Starting the first Chef Client run... delta.enfence.net [2015-12-14T23:36:15+01:00] WARN: Please install an English UTF-8 locale for Chef to use, falling back to C locale and disabling UTF-8 support. delta.enfence.net Starting Chef Client, version 12.5.1 delta.enfence.net Creating a new client identity for delta.enfence.net using the validator key. delta.enfence.net resolving cookbooks for run list: [] delta.enfence.net Synchronizing Cookbooks: delta.enfence.net Compiling Cookbooks... delta.enfence.net [2015-12-14T23:36:33+01:00] WARN: Node delta.enfence.net has an empty run list. delta.enfence.net Converging 0 resources delta.enfence.net delta.enfence.net Running handlers: delta.enfence.net Running handlers complete delta.enfence.net Chef Client finished, 0/0 resources updated in 09 seconds
The same result. Easy.