Chef: Services

The service-list subcommand is used to display a list of all available services. A service that is enabled is labeled with an asterisk (*).

This subcommand has the following syntax:

$ chef-server-ctl service-list

The output will be as follows:



The oc_bifrost service ensures that every request to view or manage objects stored on the Chef server is authorized.


To view the status for the service:

$ chef-server-ctl status bifrost

to return something like:

$ run: bifrost: (pid 1234) 123456s; run: log: (pid 5678) 789012s


To start the service:

$ chef-server-ctl start bifrost


To stop the service:

$ chef-server-ctl stop bifrost


To restart the service:

$ chef-server-ctl restart bifrost

to return something like:

$ ok: run: bifrost: (pid 1234) 1234s


To kill the service (send a SIGKILL command):

$ chef-server-ctl kill bifrost

run once

To run the service, but not restart it (if the service fails):

$ chef-server-ctl once bifrost


To follow the logs for the service:

$ chef-server-ctl tail bifrost



The bookshelf service is an Amazon Simple Storage Service (S3)-compatible service that is used to store cookbooks, including all of the files—recipes, templates, and so on—that are associated with each cookbook.


The keepalived service manages the virtual IP address (VIP) between the backend machines in a high availability topology that uses DRBD.


The nginx service is used to manage traffic to the Chef server, including virtual hosts for internal and external API request/response routing, external add-on request routing, and routing between front- and back-end components.


The opscode-erchef service is an Erlang-based service that is used to handle Chef server API requests to the following areas within the Chef server:

  • Cookbooks
  • Data bags
  • Environments
  • Nodes
  • Roles
  • Sandboxes
  • Search




The opscode-expander service is used to process data (pulled from the rabbitmq service’s message queue) so that it can be properly indexed by the opscode-solr4 service.


The opscode-solr4 service is used to create the search indexes used for searching objects like nodes, data bags, and cookbooks. (This service ensures timely search results via the Chef server API; data that is used by the Chef platform is stored in PostgreSQL.)


The postgresql service is used to store node, object, and user data.


The rabbitmq service is used to provide the message queue that is used by the Chef server to get search data to Apache Solr so that it can be indexed for search. When Chef Analytics is configured, the rabbitmq service is also used to send data from the Chef server to the Chef Analytics server.


Key-value store used in conjunction with Nginx to route requests and populate request data used by the Chef server.

To stop all chef services execute the following:
chef-server-ctl stop bookshelf
chef-server-ctl stop nginx
chef-server-ctl stop oc_bifrost
chef-server-ctl stop oc_id
chef-server-ctl stop opscode-chef-mover
chef-server-ctl stop opscode-erchef
chef-server-ctl stop opscode-expander
chef-server-ctl stop opscode-pushy-server
chef-server-ctl stop opscode-reporting
chef-server-ctl stop opscode-solr4
chef-server-ctl stop postgresql
chef-server-ctl stop rabbitmq
chef-server-ctl stop redis_lb


Rabbitmq standalone and cluster installation

  • Install rabbitMQ in the VM. Following are the installations steps.
    ·         Verify if the earlang package is installed
  • rpm -q erlang-solutions-1.0-1.nonarch.rpm
  • wget
  • sudo wget
  • sudo yum update NOTE : use command “yum –releasever=6.7 update” if you want a specific version.
  • su -c ‘yum list rabbitmq’   Or use
  • yum install rabbitmq-server
  • sudo rpm -Uvh
  • sudo /etc/init.d/rabbitmq-server start·
  • Uncomment the loopback line in security section of rabbitMq.config :  {loopback_users, []}ss
  • rabbitmq-plugins enable rabbitmq_management·
  • Configure port firewall rule should be in place to accept the tcp connection.
  • Use following command : lokkit –p <rabbitMQ port>:tcp , lokkit –p <rabbitMQ management port>:tcp·
  • Default guest/guest account should be disabled. Change the user and user permissions using following commands :
  • Note : password should be 16 characters , no special characters allowed and should be generated by keypass.
  • rabbitmqctl set_user_tags <username> administrator      rabbitmqctl change_password guest guest123
  • Disable the guest user by changing the password once the created user is tested.
  • rabbitmqctl add_user <username> <password>
  • Avoid use of RabbitMQ default port and configure to use our own choice. Edit the port in rabbitMq.config file. uncomment following line and edit the port : {tcp_listeners, [<rabbitMQ port>]} and {listener, [{port,    <rabbitMQ management port>}.
  • Install management console of rabbitmq using following command :
  • Copy  /usr/share/doc/rabbitmq-server/ rabbitmq.config.example in /etc/rabbitmq folder and rename it as rabbitmq.config. Edit the permissions for the file to: 666
  • sudo chkconfig rabbitmq-server on
  • sudo rpm –import
    for rabbitmq 3.6.*  ,require socat dependency:
    steps : sudo yum install epel-release
    sudo yum install socat
  • sudo yum install -y erlang-18.2-1.el6
  • sudo rpm -Uvh erlang-solutions-1.0-1.noarch.rpm
  • Install erlang package:
  • dowload the erlang package from web site:
  • Restart the rabbitmq server using commnad : sudo service rabbitmq_server restart.
  • Make the following changes on rabbitmq console:  Got to Admin > click on user and click on set permissions. Check the permissions of the user. It should be same as user guest.
  • Try to create new queue to check it is working fine.


Create RabbitMQ High Availability Cluster:

1) Stop RabbitMQ in Master and slave nodes. Ensure service is stopped properly.

/etc/init.d/rabbitmq-server stop

2) Copy the file below to all nodes from the master. This cookie file needs to be the same across all nodes.

$ sudo cat /var/lib/rabbitmq/.erlang.cookie

3) Make sure you start all nodes after copying the cookie file from the master.

Start RabbitMQ in master and all nodes.

$ /etc/init.d/rabbitmq-server start

4) Then run the following commands in all the nodes, except the master node:

$ rabbitmqctl stop_app$ rabbitmqctl reset$ rabbitmqctl start_app

5) Now, run the following commands in the master node:

$ rabbitmqctl stop_app$ rabbitmqctl reset

6) Do not start the app yet.

Open port 4369 and 25672: lokkit -p 4369:tcp -p 25672:tcp

Stop the iptables on both master and slaves.

The following command is executed to join the slaves to the cluster:

$ rabbitmqctl join_cluster rabbit@slave1 rabbit@slave2

Update slave1 and slave2 with the hostnames/IP address of the slave nodes. You can add as many slave nodes as needed in the cluster.

7) Start master app in master machine

$ rabbitmqctl start_app

8) Check the cluster status from any node in the cluster:

$ rabbitmqctl cluster_status

9) In rabbitmq management console check if you can login with previous user and have all the previous settings in place.

If not create users by following command:

rabbitmqctl add_user <username> <password>

give admin rights:

rabbitmqctl set_user_tags <username> administrator

rabbitmqctl add_vhost /

Give vhost rights by:

rabbitmqctl set_permissions -p / <username> “.*” “.*” “.*”

10) Create ha mirroring by:

rabbitmqctl set_policy ha-all “” ‘{“ha-mode”:”all”,”ha-sync-mode”:”automatic”}’This will mirror all queues.

11) Now start iptables. You will have created rabbitmq HA cluster.

Mid-proxy server installation and configuration

This document is helpful while setting up Jumphost server(mid-proxy) and configuring it with RabbitMQ.


  • Each private network is (normally) dedicated to a single tenant. Within that private network, there is a jumphost that can access the other VMs within the private network. No network access is required to the jumphost from outside. This jumphost run an agent (the “AMP Jumphost” product).
  • A clustered message broker (e.g. RabbitMQ) is used send requests to the jumphost, and to receive responses from it.
  • Through this mechanism, commands are executed on VMs within the private network.
    The sequence for command execution (e.g. SSH or WinRM on a VM in the private network) is:
    1. Manual pre-configuration:
    i. The message broker cluster is pre-installed.
    ii. For a new private network, the jumphost is manually set up within private network. On startup it automatically
    subscribes to the message broker to receive the relevant requests.
    2. AMP subscribes to a response queue, ready to receive the result.
    3. AMP publishes a request to the appropriate queue on the message broker; this request describes the command to be
    executed and the response queue to use.
    4. The jumphost picks up the request, validates it, and executes it.
    5. The jumphost publishes the result to a response queue (e.g. exit status, stdout and stderr).
    6. AMP receives the response via the message broker. The AMP instances and the jumphost access the message broker via AMQP.

Step-by-step guide

  • RabbitMQ installation and configuration steps:
    1. RabbitMQ is a message bus that acts as a messaging broker – an intermediary for messaging. It gives your applications a common platform to send and receive messages, and your messages a safe place to live until received.
    2. RabbitMQ runs on the Erlang runtime, so before you can install and run RabbitMQ, you’ll need to install Erlang.
    3. Add the Erlang Solutions YUM repository:

      sudo wget 

      sudo rpm -Uvh erlang-solutions-1.0-1.noarch.rpm

    4. Install Erlang:

      redhat_release=`cat /etc/redhat-release | awk {‘print int($3)’}` 

      sudo yum install -y erlang-18.2-1.el${redhat_release}

    5. Download the signing key for the RabbitMQ YUM repository, and then download and install RabbitMQ 3.6.0 using the rpm utility:

      sudo rpm –import

    6. You can update your yum repository to update to the latest version of RabbitMQ
      sudo yum update

    7. You can check the version of RabbitMQ in yum with the following command
      su -c ‘yum list rabbitmq’

    8. Install the rabbitmq with the following command

      yum install rabbitmq

    9. Add the rabbitmq to run on startup and start the rabbitmq service

      sudo chkconfig rabbitmq-server on
      sudo /etc/init.d/rabbitmq-server start

    10. The rabbitmq default administrator username is guest and password is guest.
    11. Nat your rabbitmq for the port 5672 externally. You will need the external IP and port in jumphost properties. This is all the configuration needed for installation of RabbitMQ.
  • Jumphost (mid-proxy) installation and configuration steps:
    1. You will have to edit limits.conf file
      sudo vi /etc/security/limits.conf
      Add the following lines in it.
      amp soft nproc 16384
      amp hard nproc 16384
      amp soft nofile 16384
      amp hard nofile 16384
    2. Reboot the machine after this step.
    3. Download jumphost by the following command:
    4. Install jumphost by unpacking the tar with the following command
      tar -zxvf  jumphost-1.0.0-20160121.1603-dist.tar.gz
    5. Make a file in /home/user/.brooklyn/ named<rabbitmq ip> 
      messageManager.rabbitmq.port=<rabbitmq port>
      messageManager.crypto.initVector=UmFuZG9tSW5pdFZlY3Rvcg==, values can be anything you want. is the external ip of rabbitmqmessageManager.rabbitmq.port is the external port of rabbitmqNo other properties need to be edited.
    6. You will also need to check the value of Entropy on your jumphost server.  An entropy is the randomness collected by an operating system or application for use in cryptography or other uses that require random data. This randomness is often collected from hardware sources, either pre-existing ones such as mouse movements or specially provided randomness generators. A lack of entropy can have a negative impact on performance and security.
          1. You can check the value of Entropy by the following command cat /proc/sys/kernel/random/entropy_avail
          2.  It is recommended for it to be more than 1000. To increase your entropy execute the following commands.
                sudo yum -y -q install rng-tools

                sudo chmod 666 /etc/sysconfig/rngd (this step to be performed only if you are not logged in as root)
                vi /etc/sysconfig/rngd
                Edit the EXTRAOPTIONS as follows           EXTRAOPTIONS=”-r /dev/urandom”
                sudo chmod 640 /etc/sysconfig/rngd (this step to be performed only if you are not logged in as root)
                sudo chkconfig rngd on
                sudo service rngd start
         3. Now check your Entropy again cat /proc/sys/kernel/random/entropy_avail. It should be increased to more than 1000.
    7. You can now launch jumphost with the following command
      cd cloudsoft-jumphost-1.0.0-20160330.1541
      ./bin/jumphost launch > /dev/null &
    8. This launches the jumphost and this is all you need to install and start your mid-proxy server.
  • Configuring AMP to route through RabbitMQ and Jumphost:
    1. Edit in the properties section of any location add the following properties for the location your jumphost is
      brooklyn.location.named.MyPrivateLocation_TAI_Test.sshToolClass=io.cloudsoft.amp.jumphost.ssh.client.SshProxiedTool given in given in<rabbitmq_ip>   ##internal rabbitmq ip
      brooklyn.location.named.MyPrivateLocation_TAI_Test.sshToolClass.messageManager.rabbitmq.port=<rabbitmq_port>  ##internal rabbitmq port

    2. Save the and reload properties in console.
    3. Then you can deploy any BP via the location you have just configured. It will use RabbitMQ and jumphost to deploy the BP in the private network.
    4. Following is the list of config keys to pass for respective BPs:
      For JBoss AS 7, use httpMonitoring.enabled: false .
      For JBoss AS 6, use jmx.enabled: false .
      For Tomcat, use jmx.enabled: false .
      For MongoDB, use clientMonitoring.enabled: false (though this will not work for clustered MongoDB).
      For Riak, use httpMonitoring.enabled: false .
      For Cassandra, use thriftMonitoring.enabled: false and jmx.enabled: false .
    5. You can verify that the deployment took place via jumphost by checking if the newly created VM’s IP has been natted in sensors tab. In case of the use of jumphost the IP address will not be natted will show internal IP in sensors tab.