Chef Blogs

How to Set Up Progress Chef Infra and Progress Chef Automate Servers

Akshay Parvatikar | Posted on | Chef | Chef 360 | Chef Compliance | Chef Courier | Chef Infra | Chef InSpec | Chef SaaS | DevOps | DevSecOps | news

Progress Chef is a DevSecOps solution that helps organizations worldwide configure, manage and deploy applications and IT infrastructure over multi-cloud and hybrid IT estates.

It helps orchestrate workloads on servers in a cloud or an on-premises data center. Instead of system administrators sweating over management programs designed for single, stand-alone servers, Chef allows DevOps professionals to spin off dozens or hundreds of server instances without worrying about maintaining the configurations or keeping them compliant.

Core engines keep the Chef solution up and running smoothly in the background. Progress Chef Infra is the hub for configuration data. It stores cookbooks, the policies applied to nodes and metadata describing each registered node that the Chef helps manage. Nodes use the Chef Infra Client to ask the Chef Infra Server for configuration details, such as recipes, templates and file distributions while Progress Chef Automate provides a unified view of the entire IT infrastructure managed by Chef Infra, Chef InSpec and Chef Habitat. It provides insight into operational, compliance and workflow events and includes a pipeline for continuous infrastructure and application delivery.

This blog explains how to set up Infra and Automate servers in two distinct ways.

License usage:

Chef now collects aggregated and anonymized usage data to understand the Chef Infra Server adoption curve, operating systems that Infra Server runs on, deployed versions of Infra Server and deployment patterns. We have confirmed that the collected data helps protect the end user while providing meaningful usage insights. For more information, see the Chef Infra Server License Usage documentation.

Method 1

Install both Chef Automate and Chef Infra Server on a single host.

Set the fully qualified domain name with $ hostnamectl set-hostname hostname. It’s critical that the fqdn value in the file matches the hostname –f value of the system. This works on AWS instances and local VMs.

Install the standalone chef-automate tool

$ curl https://packages.chef.io/files/current/latest/chef-automate-cli/chef-automate_linux_amd64.zip | gunzip -> chef-automate && chmod +x chef-automate

Set the mandatory environment variables.

$ sudo sysctl -w vm.max_map_count=262144
  
$ sudo sysctl -w vm.dirty_expire_centisecs=20000

Confirm that these are written to /etc/sysctl.conf so, it persists across reboots.

Run chef-automate to deploy Automate and Infra Server using product flags. Additionally, you can add --product builder to install Habitat Builder.

$ sudo ./chef-automate deploy --product automate --product infra-server

When the installation is complete, the dashboard, in this example, is available at https://<FQDN/IP-address>. The Automate login credentials are placed in a file generated in the home directory on your Automate host during installation.

$ sudo cat ~/automate-credentials.toml

NOTE: Chef Infra Server is installed using Habitat, so running $ chef-server-ctl reconfigure will not work. Instead, edit config.toml and run $chef-automate config patch config.toml to apply custom changes.

Chef Habitat is a patented automation tool that enables companies to apply a consistent approach to application definition, packaging and delivery across all applications and environments. You can deploy and run your Chef Habitat app on many infrastructure environments, including bare metal, VM, containers and PaaS.

Set up Chef Infra Server User and Organization. This example will create akshay.pem and lab-validator.pem files.

$ sudo chef-server-ctl user-create USER_NAME FIRST_NAME LAST_NAME EMAIL 'PASSWORD' --filename FILE_NAME

$ sudo chef-server-ctl org-create short_name 'full_organization_name' --association_user user_name --filename ORGANIZATION-validator.pem

For Example:

$ sudo chef-server-ctl user-create akshay Akshay Parvatikar akshay@chef.lab 'password' --filename akshay.pem

$ sudo chef-server-ctl org-create lab 'My Chef Lab' --association_user akshay --filename lab-validator.pem

By default, this Automate and Infra Server deployment is already set up for data collection. Don’t patch the default configuration with data-collector information.

NOTE:

  • Each target node must be able to resolve the DNS name of the automate.chef.lab server. Otherwise, data-collection reporting will not work.
  • To use Chef Infra Server, a license key will be required. To accomplish this:
    • Download a commercial license from customer portal or request for a trial license
    • Apply license using config file or patch command

The steps described here can be automated with a bash script. Update the variables to suit your requirements. Then, save as deploy-automate.sh on your raw Automate server, run $ chmod +x deploy-automate.sh, and execute with ./deploy-automate.sh.

#!/bin/bash  
#Variables – Edit items which are in Bold and Italics  
hostname=_'ec2-54-221-158-169.compute-1.amazonaws.com'_  
username=_'akshay'_  
longusername=_'Akshay Parvatikar'_  
useremail=_'akshay.@chef.com'_  
userpassword=_'password'_  
orgname=_'lab'_  
longorgname=_'My Lab'_

# Do not change the two dynamic variables below  
userfilename="${username}.pem"  
orgfilename="${orgname}-validator.pem"  

# Do not change anything below  
sudo hostnamectl set-hostname $hostname  
sudo sysctl -w vm.max_map_count=262144  
sudo sysctl -w vm.dirty_expire_centisecs=20000  
curl https://packages.chef.io/files/current/latest/chef-  
automate-cli/chef-automate_linux_amd64.zip | gunzip - > chef-  
automate && chmod +x chef-automate  
sudo ./chef-automate deploy --product automate --product  
infra-server --accept-terms-and-mlsa=true  
sudo chef-server-ctl user-create $username $longusername  
$useremail "${userpassword}" --filename $userfilename  
sudo chef-server-ctl org-create $orgname "${longorgname}" --  
association_user $username --filename $orgfilename

Method 2:

Install Chef Automate and Chef Infra Server on standalone machines.

Infra Server:

The standalone installation of Chef Infra Server creates a working installation on a single server. This installation method also applies to installing Chef Infra Server in a virtual machine.

To install Chef Infra Server:

  • Download the infra-server package from the download page based on the operating system.
  • Upload the package to the Chef Infra server machine, and then record its location on the file system.
  • Install the Chef Infra Server package on the server as a root user using the name of the package provided by Chef.

For Red Hat Enterprise Linux and CentOS:

$ sudo rpm -Uvh /tmp/chef-server-core-<version>.rpm

For Ubuntu:

$ sudo dpkg -i /tmp/chef-server-core-<version>.deb

Run the following to start all the services:

$ sudo chef-server-ctl reconfigure

Run the following command to create an administrator and Organization:

$ sudo chef-server-ctl user-create USER_NAME FIRST_NAME LAST_NAME EMAIL 'PASSWORD' --filename FILE_NAME

$ sudo chef-server-ctl org-create short_name 'full_organization_name' --association_user user_name --filename ORGANIZATION-validator.pem

Automate Server:

To download the chef-automate command line tool, run the following command in your command line interface.

$ curl https://packages.chef.io/files/current/latest/chef-automate-cli/chef-automate_linux_amd64.zip | gunzip - > chef-automate && chmod +x chef-automate

Create a config.toml file with default values with the command.

$ sudo ./chef-automate init-config

If needed, make necessary changes to config.toml file

Adjust environment settings:

$ sudo sysctl -w vm.max_map_count=262144  
$ sudo sysctl -w vm.dirty_expire_centisecs=20000

Deploy Chef Automate

$ sudo ./chef-automate deploy config.toml

Deployment takes a few minutes. The first step is accepting the terms of service in the command line, after which the installer performs pre-flight checks.

At the end of the deployment process, you will see Deploy Complete.

Configure Data Collection

Nodes must send their run data to Chef Automate through the Chef server. To enable this functionality, you must perform the following steps:

All messages sent to Chef Automate are performed over HTTP and authenticated with a pre-shared key called a token. While every Chef Automate installation configures a token by default, we strongly recommend creating your own.

Create a new token from Automate UI.

Go to Automate UI > settings > automate API > create and copy token.

Run the following commands on Infra Server to set data collection settings.

$ sudo chef-server-ctl set-secret data_collector token '<API_Token>'

Channel the token setting through the veil secrets library.

$ sudo chef-server-ctl restart nginx

$ sudo chef-server-ctl restart opscode-erchef

Add the following setting by creating a new file chef-server.rb on Chef Server.

data_collector['root_url'] = 'https://<Automate_Server_IP>/data-collector/v0/'

# Add for compliance scanning

profiles['root_url'] = 'https://<Automate_Server_IP>’

To apply the changes, run $ chef-server-ctl reconfigure

References:

License update information.

Docs page on how to Install Chef Infra Server With Automate

More info on Infrastructure Management Automation Tools

To learn more about Chef products, please contact your account team or visit us here.

Tags

Chef Chef 360 Platform Chef Automate Chef Cloud Security Chef Compliance Chef Courier Chef InSpec DevOps DevSecOps