Chef Blogs

Setting up Chef Infra and Chef Automate Server

Akshay Parvatikar | Posted on | Automate Server | Infra Server | Workstation
Chef is a cloud configuration management and deployment application that helps accelerate the DevOps Journey. It helps orchestrate servers in a cloud or departmental data center. Instead of system administrators sweating over management programs designed for single, stand-alone servers, Chef allows DevOps to spin off dozens or hundreds of server instances without worrying about maintaining the configurations or keeping them compliant. 
 
Learn how to set up Infra and Automate servers in two ways. 

Infra Server:

Infra Server is the hub for configuration data. Chef Infra Server stores cookbooks, the policies applied to nodes, and metadata describing each registered node that Chef manages. Nodes use the Chef Infra Client to ask the Chef Infra Server for configuration details, such as recipes, templates, and file distributions. 

Automate Server:

Automate provides a unified view into infrastructure managed by Chef Infra, InSpec, and Habitat. In addition to providing views into operational, compliance, and workflow events, it includes a pipeline for continuous delivery of infrastructure and applications. 

This blog will explain how to set up Infra and Automate servers in a single machine and on two different virtual machines. We will also demonstrate how to link these servers so they can communicate. 

Case 1

Install both Chef Automate + Chef Infra Server on single host. 

Set the fully qualified domain name with hostnamectl set-hostname hostname. It’s critical that the fqdn value in the file matches the hostname –f value of the system. This works on AWS instances and local VMs. 

Install the standalone chef-automate tool 

$ curl https://packages.chef.io/files/current/latest/chef-automate-cli/chef-automate_linux_amd64.zip | gunzip -> chef-automate && chmod +x chef-automate

Set the mandatory environment variables  

$ sudo sysctl -w vm.max_map_count=262144
$ sudo sysctl -w vm.dirty_expire_centisecs=20000

Ensure these are written to /etc/sysctl.conf  so, it persists across reboots. 

Run chef-automate to deploy Automate and Infra Server using product flags. Additionally, you can add --product builder to install Habitat Builder. 

$ sudo ./chef-automate deploy --product automate --product infra-server 

When the installation is complete, the dashboard, in this example, is available at https://automate.chef.lab. The Automate login credentials are placed in a file generated in the home directory on your Automate host during installation. 

$ sudo cat ~/automate-credentials.toml

NOTE: Chef Infra Server is installed using Habitat, so running chef-server-ctl reconfigure will not work. Instead, edit config.toml and run chef-automate config patch config.toml to apply custom changes. 

Chef Habitat is a patented automation tool that enables companies to apply a consistent approach to application definition, packaging and delivery across all applications and environments. You can deploy and run your Chef Habitat app on many different infrastructure environments, including bare metal, VM, containers, and PaaS. 

Set up Chef Infra Server User and Organization. This example will create akshay.pem and lab-validator.pem files.  

$ sudo chef-server-ctl user-create USER_NAME FIRST_NAME LAST_NAME EMAIL 'PASSWORD' --filename FILE_NAME 
$ sudo chef-server-ctl org-create short_name 'full_organization_name' --association_user user_name --filename ORGANIZATION-validator.pem 
For Example:  

$ sudo chef-server-ctl user-create akshay Akshay Parvatikar akshay@chef.lab 'password' --filename akshay.pem 
$ sudo chef-server-ctl org-create lab 'My Chef Lab' --association_user akshay --filename lab-validator.pem

By default, this Automate + Infra Server deployment is already set up for data collection. Do not patch the default configuration with data-collector information. 

NOTE: Each target node must be able to resolve the DNS name of the automate.chef.lab server. Otherwise, data-collection reporting will not work. 

The steps described here can be automated with a bash script. Update the variables to suit your requirements. Then, save as deploy-automate.sh on your raw Automate server, run chmod +x deploy-automate.sh, and execute with ./deploy-automate.sh

#!/bin/bash 
# Variables – Edit items which are in Bold and Italics
hostname='ec2-54-221-158-169.compute-1.amazonaws.com'
username='akshay' 
longusername='Akshay Parvatikar'
useremail='akshay.@chef.com'
userpassword='password'
orgname='lab'
longorgname='My Lab'

# Do not change the two dynamic variables below
userfilename="${username}.pem"
orgfilename="${orgname}-validator.pem"

# Do not change anything below
sudo hostnamectl set-hostname $hostname
sudo sysctl -w vm.max_map_count=262144
sudo sysctl -w vm.dirty_expire_centisecs=20000
curl https://packages.chef.io/files/current/latest/chef-
automate-cli/chef-automate_linux_amd64.zip | gunzip - > chef-
automate && chmod +x chef-automate
sudo ./chef-automate deploy --product automate --product
infra-server --accept-terms-and-mlsa=true
sudo chef-server-ctl user-create $username $longusername
$useremail "${userpassword}" --filename $userfilename
sudo chef-server-ctl org-create $orgname "${longorgname}" --
association_user $username --filename $orgfilename

Case 2:  

Install Chef Automate and Chef Infra Server on standalone machines.  

Infra Server:   

The standalone installation of the Chef Infra Server creates a working installation on a single server. This installation is also useful when installing Chef Infra Server in a virtual machine. 

To install Chef Infra Server: 

Download the infra-server package from the download page based on the operating system. 

Upload the package to the Chef Infra server machine, and then record its location on the file system. 

Install the Chef Infra Server package on the server as a root user using the name of the package provided by Chef.  

For Red Hat Enterprise Linux and CentOS: 

$ sudo rpm -Uvh /tmp/chef-server-core-<version>.rpm

For Ubuntu: 

$ sudo dpkg -i /tmp/chef-server-core-<version>.deb

Run the following to start all the services  

$ sudo chef-server-ctl reconfigure

Run the following command to create an administrator and Organization.  

$ sudo chef-server-ctl user-create USER_NAME FIRST_NAME LAST_NAME EMAIL 'PASSWORD' --filename FILE_NAME

$ sudo chef-server-ctl org-create short_name 'full_organization_name' --association_user user_name --filename ORGANIZATION-validator.pem

Automate Server:  

To download the chef-automate command line tool, run the following command in your command line interface. 

curl https://packages.chef.io/files/current/latest/chef-automate-cli/chef-automate_linux_amd64.zip | gunzip - > chef-automate && chmod +x chef-automate

Create a config.toml file with default values with the command. 

$ sudo ./chef-automate init-config

If needed, make necessary changes to config.toml file  

Adjust environment settings: 

$ sudo sysctl -w vm.max_map_count=262144
$ sudo sysctl -w vm.dirty_expire_centisecs=20000

Deploy Chef Automate  

$ sudo ./chef-automate deploy config.toml

Deployment takes a few minutes. The first step is accepting the terms of service in the command line, after which the installer performs pre-flight checks. 

At the end of the deployment process, you will see Deploy Complete.

Configure Data Collection 

Nodes must send their run data to Chef Automate through the Chef server. To enable this functionality, you must perform the following steps: 

All messages sent to Chef Automate are performed over HTTP and are authenticated with a pre-shared key called a token. Every Chef Automate installation configures a token by default, but we strongly recommend creating your own. 

Create a new token from Automate UI.  

Go to Automate UI > settings > automate API > create and copy token.

Run the following commands on Infra Server to set data collection settings. 

$ sudo chef-server-ctl set-secret data_collector token '<API_Token>'

Channel the token setting through the veil secrets library. 

$ sudo chef-server-ctl restart nginx
$ sudo chef-server-ctl restart opscode-erchef

Add the following setting by creating a new file chef-server.rb on Chef Server. 

data_collector['root_url'] = 'https://<Automate_Server_IP>/data-collector/v0/'

# Add for compliance scanning  

profiles['root_url'] = 'https://<Automate_Server_IP>’

To apply the changes, run $ chef-server-ctl reconfigure

Resources 

 

Tags

Automate Server Chef Infra Server workstation