Upgrading from Chef 10 to Chef 11

We shall be using the knife-essentials plugin to upgrade from Chef 10 to Chef 11.

Prerequisites

To upgrade, you need a live Chef 10 and Chef 11 server, and a knife workstation that can hit them both, loaded with the latest knife-essentials.

1. To install Chef 11, follow instructions here.

Note: If we are going to install Chef 11 on same server as that of Chef 10, in our case we had to modify few configurations in Chef 11 which are listed below:

  •  As chef 11 uses omnibus – it helps you build self-installing, full-stack software builds. For example, we want to distribute the Chef client pre-bundled with its dependencies: ruby, required gems, etc. The result is a single installable shell-script that can be executed on the client side, installing Chef, and configuring it.
    . Chef 11 listens on port 443 and 80 instead of port 4000. In our case we had to modify the Chef 11 to use non ssl port from port 80 to 8080 as we were having port 80 being used by Apache for nagios web UI, to let this happen – we edited the Chef 11 cookbook attributes file here “/opt/chef-server/embedded/cookbooks/chef-server” which is being used for Chef 11 installation and then re-ran “chef-server-ctl reconfigure” to allow Chef 11 to use new non ssl port 8081.
  • Since both Chef 10 and Chef 11 uses rabbitmq- Chef 11 doesn’t starts its all services as rabbitmq was already running and being used by Chef 10. We had to stop Chef 10 rabbitmq service and then restart Chef 11.

2. To install the latest knife-essentials:

gem install knife-essentials

Step 1: Set things up to talk to Chef 10.

First, we’ll set up knife.rb file on the workstation to point at the old Chef 10 server

  1. Make a transfer directory you will download the stuff to. We chose ~/transfer.
  2. Make a .chef/knife-chef10.rb file in the transfer directory that points at the Chef 10 server (replacing the server URL with your server). You must use an admin client for this; we chose chef-webui because it’s present by default. Any admin client will do; replace it in the appropriate places. The file should look like this:
    transfer_repo = File.expand_path('..', File.dirname(__FILE__))
    chef_server_url "http://chef-10.nclouds.com:4000"
    node_name 'chef-webui'
    client_key "#{transfer_repo}/.chef/chef-webui.pem"
    repo_mode 'everything'
    versioned_cookbooks true
    chef_repo_path transfer_repo
    cookbook_path nil
  3.  Grab the admin key for the Chef 10 server (the chef-webui key is typically at /etc/chef/webui.pem on the server):
    cp <your webui.pem> .chef/chef-webui.pem

 You can check if this worked by running knife list /clients. This will show you a list of all the clients, including clients/chef-webui.json and clients/chef-validator.json.

Step 2: Download all the Chef 10 data.

Download everything from the Chef 10 server

knife download -c .chef/knife-chef10.rb /

All chef data nodes, roles, environments, cookbooks…  in your Chef server is now in the transfer directory, ready to be uploaded to chef 11.

Step 3: Set things up to talk to Chef 11.

  1. Make a .chef/knife.rb file in the transfer directory that points at the new server (replacing the server URL with your server):
    transfer_repo = File.expand_path('..', File.dirname(__FILE__))
    chef_server_url "https://chef-11.example.com"
    node_name 'admin'
    client_key "#{transfer_repo}/.chef/admin.pem"
    repo_mode 'everything'
    versioned_cookbooks true
    chef_repo_path transfer_repo
    cookbook_path nil
  2.  Copy the Chef 11 admin PEM file to admin.pem in the transfer directory.
cp <your admin PEM> .chef/admin.pem

You can check if this works by running knife list /users. This should print users/admin.json.

Step 4: Upload everything to Chef 11.

knife upload /

Conclusion

After this procedure, you shall update Chef client by editing this File “/etc/chef/client.rb”  on each node to point to new Chef 11 server “https://chef-11.example.com” to start using it.

Comments are closed.