Chef is a configuration management tool (like Puppet, Ansible, SaltStack, CFEngine). It is a tool which manages the configuration of centrally managed Linux servers, compute clusters, and desktops at SLAC. Examples of configuration items Chef manages include: sudo privileges, login access privileges, logging, software repositories, cronjobs, baseline security configuration. Chef is the configuration management tool for CentOS 7 and later, Red Hat Enterprise Linux (RHEL) 7 and later, and Ubuntu 16.04 and later. Operating systems earlier than those (RHEL 5 and 6, Solaris) are centrally managed using Taylor (a locally written configuration management tool).
To get Chef installed a Linux server, contact unix-admin@slac.stanford.edu . To get Chef installed on a Linux desktop, contact ithelp@slac.stanford.edu .
If you prefer to install Chef yourself, that is also possible. Run this command:
Chef-client logs are sent to syslog and a local log file. You can view the logs using these methods on each host which is managed:
sudo less -r /var/log/chef/client.log sudo journalctl -t chef-client sudo grep -w chef-client /var/log/everything |
The logs are also sent to the central syslog server, and to Splunk. On the central syslog server, the log can be viewed here:
ssh loghost grep -w chef-client /u2/today/SYSLOG/daemon |
/var/chef/cache/cookbooks/ | This directory contains the cookbooks downloaded from the chef server. |
/var/chef/cache/backup/ | This directory contains backup files of any changes made by chef. |
sudo -i /root/knife-node-show | This script will show configuration details for the current host. |
/afs/slac/g/scs/systems/report/chef/system.info/ | This directory contains information about each host managed by chef |