Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Deploying Chef for Junos OS

 

Chef for Junos OS Deployment Overview

A Chef for Junos OS deployment consists of the following major components:

  • Chef server—The server acts as a hub for configuration data. The server stores cookbooks and the node object metadata that describes each registered node managed by the Chef client.

  • Workstations—You can perform most of your work on a workstation. Use the Chef CLI, called knife, to develop cookbooks and recipes and store them in a local Chef repository. From the workstation, you can synchronize the local repository with your version-control system, upload cookbooks to the Chef server, and perform operations on nodes.

  • Nodes—A node is any physical or virtual device that is configured for the Chef client to manage. Ruby Interpreter, Native Ohai and junos-ez-stdlib (Ruby Gems) are also installed on all nodes to aid the Chef client in managing the node.

    To manage a node, the Chef client running on the node obtains the configuration details, such as recipes, templates, and file distributions, from the Chef server. It also collects detailed data about a node, such as hardware properties, memory and processor usage, networking statistics, kernel data, and hostname using Ohai. The Chef client performs as much of the configuration as possible on the node using Ruby Interpreter and junos-ez-stdlib to help interpret Chef recipes into configuration details.

    For a Juniper Networks device to be a Chef node, it must have the Chef client installed and configured on it. See the Chef for Junos OS Release Notes for information about Juniper Networks devices running Junos OS that support the Chef client.

Figure 1 shows the major components of a Chef for Junos OS deployment. For more details about all the components that constitute a Chef deployment, see the Chef documentation at https://docs.chef.io/.

Figure 1: Major Components of a Chef for Junos OS Deployment
Major Components of a Chef
for Junos OS Deployment

Chef for Junos OS Deployment Overview

The following major steps describe how you deploy Chef for Junos OS:

  1. Set up the Chef server. For more information on setting up the Chef server, see the Chef documentation at https://docs.chef.io/.
  2. Set up the Chef workstation. The major steps for doing so are:
    1. Install the Chef client from https://docs.chef.io/ and Ruby Interpreter on your workstation. You can install both at the same time by using the Chef installer. install the Chef Client for the Workstation installation

    2. Set up the Chef repository (chef-repro) and the version-control system.

    3. Install authentication keys and verify that you can connect to the Chef server from your workstation.

      For more information about setting up the Chef workstation, see the Chef documentation at https://docs.chef.io/.

    4. After you have set up the workstation, download the netdev cookbook to the chef-repro repository and extract the cookbook files.

      knife cookbook site download netdev

      tar -zxvf netdev-n.n.n.tar.gz -C cookbooks

      The netdev cookbook is available at the Chef supermarket website at https://supermarket.getchef.com/cookbooks/netdev.

  3. If the Chef client is not already installed on the Junos OS nodes, install the client by using the Chef for Junos OS installation package as described in Installing or Uninstalling the Chef Client on Juniper Networks Devices Running Junos OS. Note

    On Juniper Networks switches running Junos OS with Junos Automation Enhancements, you do not need to install the Chef client because the Chef client and related components are installed with the Junos OS software.

    For more information on Junos Automation Enhancements, see Junos Automation Enhancements Documentation.

  4. Configure the Chef client on the Junos OS nodes so that it can connect with the Chef server. For more information, see Configuring the Chef Client on Juniper Networks Devices Running Junos OS.

Installing or Uninstalling the Chef Client on Juniper Networks Devices Running Junos OS

This topic describes how to install, upgrade, or uninstall the Chef client on Juniper Networks devices running Junos OS.

Note

The Chef client is automatically installed on Juniper Networks switches running Junos OS with Junos Automation Enhancements. If your switch is running Junos OS with Junos Automation Enhancements, skip this installation procedure and configure the Chef client as described in Configuring the Chef Client on Juniper Networks Devices Running Junos OS.

For more information on Junos Automation Enhancements, see Junos Automation Enhancements Documentation.

This topic covers:

Devices Supporting Chef for Junos OS

See the Chef for Junos OS Release Notes for information about which Juniper Network devices support Chef clients.

Installing the Chef Client Overview

The Chef client is part of an installation package that includes the Chef client, Ohai, the Ruby Interpreter, and junos-ez-stdlib.

On a device with redundant Routing Engines, you must run the Chef client from the master Routing Engine.

When the Chef client runs, it obtains an exclusive configuration lock, which it releases after it commits all pending configuration changes. If you enable the reporting add-on on your Enterprise Chef server, the Chef client reports the results of the run back to the server. On successful Chef client runs, the Chef client sends a list of updated resources to the server; on failed Chef client runs, it sends a full exception stacktrace to the server.

The configuration of a resource on a managed node always reflects the resource state defined in the last recipe that was run that contains that resource. For example, if you run a recipe that defines a LAG resource as containing the member links ge-0/0/0 and ge-0/0/1 and then later run a recipe that defines the same LAG resource as containing the member links ge-0/0/2 and ge-0/0/03, the resulting configuration for the LAG on the managed node contains only the member links ge-0/0/2 and ge-0/0/3.

Installing or Upgrading the Chef Client

To install or upgrade the Chef client on a Juniper Networks device:

Note

The procedure to upgrade a Chef client is the same as that of installation. During an upgrade, the previous version of the Chef client is overwritten with the latest version.

  1. Access the Chef for Junos OS download page at https://www.juniper.net/support/downloads/?p=chefforjunos#sw.

    The Chef for Junos OS Release Notes are also available at the download site. Consult them for information about what package to install on your platform.

  2. Download the Chef for Junos OS software package that is specific to your platform to the /var/tmp/ directory on the device.Best Practice

    We recommend you install the software package from the /var/tmp/ directory on your device to ensure the maximum amount of disk space and RAM for the installation.

    The following template describes the package naming format of Chef Bundles for Junos:

    chef-<platform>-<chef version>_<SDK indicator>.<Release count>.tgz

    where:

    • platform is the platform microprocessor architecture whose values can be i386 , powerpc or x86-32.

    • chef version is the version of the Chef client (for example, 11.10.4).

    • SDK indicator indicates the Junos OS SDK infrastructure used to create the package. A 1 indicates the Junos SDK; a 2 indicates the Junos Extension Toolkit (JET).

    • Release count is the version of Juniper Networks version of the package.

    You must use the installation package that matches the microprocessor architecture of your device. If you do not know the architecture used by your device, you can use the UNIX shell command uname -a to determine it.

  3. If you are accessing a Juniper device externally through remote access, you must configure the device for external remote access through SSH. For more information on configuring a Juniper device for external remote access, see Configuring SSH Service for Remote Access to the Router or Switch.
  4. In the Junos OS CLI, enter configuration mode.

    user@host> configure

  5. Configure the provider name, license type, and deployment scope associated with the application.

    [edit]
    user@host# set system extensions providers chef license-type juniper deployment-scope commercial
    user@host# commit and-quit

  6. Install the software package by using the request system software add operational mode command.

    user@host> request system software add /var/tmp/chef-package.tgz

  7. Verify that the installation is successful by issuing the show version operational mode command.

    If the installation is successful, the list of installed software includes the Chef, Ruby Interpreter, and junos-ez-stdlib packages. For example:

    • If your installation package was built with the Junos Extension Toolkit, only one package is installed, JET app chef. This package includes all the required components, including the Ruby Interpreter and junos-ez-stdlib. To verify the installation:

      user@host> show version | match chef
    • If your installation package was built with the Junos SDK, three packages are installed: the Chef, Ruby Interpreter, and junos-ez-stdlib packages. To verify the installation:

      user@host> show version

After you install the Chef client, you must configure it as described in Configuring the Chef Client on Juniper Networks Devices Running Junos OS.

Uninstalling the Chef Client from the Juniper Networks Device

To uninstall the Chef client from the Juniper Networks device, use the request system software delete CLI command to delete the installed packages. For example:

  • To delete a Chef client package built by the Junos Extension Toolkit (JET), enter:

    user@host> request system software delete chef

  • To delete the Chef client and related packages built by the Junos SDK, enter:

    user@host> request system software delete chef user@host> request system software delete junos-ez-stdlib user@host> request system software delete ruby

Configuring the Chef Client on Juniper Networks Devices Running Junos OS

To enable the Chef client to communicate with the Chef server, you must configure the Chef client after it is installed on the Juniper Networks device.

Note

You must set up the Chef workstation and the Chef server so that they can communicate before you perform this procedure.

To configure the Chef client:

  1. On your Juniper Networks device that is running Junos OS, log in as the root user and create the /var/db/chef directory.

    mkdir -p /var/db/chef

  2. Copy your validation key into the /var/db/chef directory.

    If you do not have your validation key, you can obtain it as follows:

    • If you are using Open Source Chef, you can obtain your validation key from /etc/chef on your server. The key is named chef-validator.pem.

    • If you are using Enterprise Chef (hosted or on-premise), you can obtain your validation key from the Enterprise Chef management console. The key is named orgname-validator.pem, where orgname is your organization name.

  3. Create a client.rb file with the following statements in /var/db/chef directory:

    where:

    • chef_server_url is the URL of your Chef server

    • validation_client_name is chef-validator if you are using Open Source Chef and orgname-validator if you are using Enterprise Chef

    • node_name is optional if the switch has a hostname configured

    • validation_key is chef-validator.pem if you are using Open Source Chef and orgname-validator.pem if you are using Enterprise Chef

    For more information about the settings in the client.rb file, see https://docs.chef.io/config_rb_client.html.

  4. Run the Chef client.
    • If the Juniper Networks version of the Chef client is 2.x (for example, Chef client version 11.10.4_2.0), enter:

      %/opt/jet/chef/bin/ruby /opt/jet/chef/bin/chef-client -c /var/db/chef/client.rb

    • If the Juniper Networks version of the Chef client is 1.x (for example, Chef client version 11.10.4_1.1), enter:

      %/opt/sdk/chef/bin/ruby /opt/sdk/chef/bin/chef-client -c /var/db/chef/client.rb

    These commands assume that your client.rb file resides in the /var/db directory. We recommend using this directory.