How to Install Chef-Solo Without Root Access?

I know the title it’s stupid. And if you arrived at this post, I know your this question will pop up in your head, “Why on earth you want to do that?”. Chef is built in the assumption that it has root access and yeah it makes perfect sense. Without root access it’s like I want to hire a cleaner to clean my house but I want to get my house cleaned without giving my house key to the cleaner. It’s the same thing here.

However, I’m here to just talk about how to do this in a very ugly and hacky way.

Problem:
One day on a client side, they said we want you to deploy the application to our production VM server, but we cannot give you sudo or root access. Of course, it makes sense why would you give some guy root access. The IT guy gives me one folder which you can do anything as long as you stay inside that folder. We won’t have any problem because our app is basically just a java application with Jetty container, so it doesn’t matter where it lives. Now, here comes the problem we want to deploy our application anytime we want and we want to do the PhoenixServer pattern. But in this case, it’s just going to be semi phoenixServer, because we’re not going to wipe the whole box out. So we thought, yeah we could use Chef to provision the server. Great!. But how can you even install Chef without sudo or root access? If you go to Chef and download the Linux version it will be an RPM which obviously it needs root access to install that, which we don’t have. Hmm, what are we gonna do?

Solution:
So we thought, well we just need Chef-solo because it’s just going to be one server. Chef is written in Ruby and our Centos VM doesn’t even come Ruby. The problem gets bigger, how can we install Ruby without root access. Ha! now here’s the tricky part. Chef is Ruby, Ruby is C. We have C, so we could compile Ruby and use gem to install Chef. Woohoo! Sounds easy right? By the way, Chef comes with embedded-ruby already that’s why when you install Chef you don’t need to install Ruby first. The Chef guys cleverly embedded Ruby inside Chef with all the gems and deploy that to /opt/chef. You can find more information here. So, we could do the same thing but we need to compile Ruby and dependencies to our folder. Ok, I’ll cut to the chest now. All we need is Ruby and Chef gem. In order to install, ruby which I found out you just need three minimum libraries, zlib, yaml and openssl. Here’s how to do it.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
#Install Openssl
wget https://www.openssl.org/source/openssl-1.0.0k.tar.gz
tar zxvf openssl-1.0.0k.tar.gz
cd openssl-1.0.0k
./config shared -fPIC --prefix=/home/centos/ruby --openssldir=/home/centos/ruby/ssl
make && make install
cd /home/centos

#Install zlib
wget http://zlib.net/zlib-1.2.8.tar.gz
tar xzvf zlib-1.2.8.tar.gz
cd zlib-1.2.8
./configure --prefix=/home/centos/ruby
make && make install
cd /home/centos

#Install Yaml
wget http://pyyaml.org/download/libyaml/yaml-0.1.4.tar.gz
tar xzvf yaml-0.1.4.tar.gz
cd yaml-0.1.4
./configure --disable-install-doc --prefix=/home/centos/ruby
make && make install
cd /home/centos

#Install Ruby 1.9.3
wget ftp://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.3-p448.tar.gz
tar xzvf ruby-1.9.3-p448.tar.gz
cd ruby-1.9.3-p448
./configure --prefix=/home/centos/ruby --enable-shared --disable-install-doc --with-opt-dir=/home/centos/ruby
make && make install
cd /home/centos

#Install Chef gem
./ruby/bin/gem install --no-rdoc --no-ri chef

Please note that I installed ruby with chef to /home/centos/ruby, you need to change the path to where you want it to be, the same as chef guys decided /opt/chef is the best place for Chef to live. However, we don’t even have access to /opt.

Once you run this piece of code in your VM you will have ruby folder which you can just zip it and deploy to your server. There you go, you just got your customised Chef-solo.

I know it sounds stupid and it’s really hacky and ugly. But here’s what we found out so I want to blog it here so any lucky people might find this useful in the future.

Aug 23rd, 2013

Comments