Agentless configuration management tools do not require any agent to be installed on the client to function. They communicate and collect information with network scanning via protocols such as SSH and WinRM, leveraging the capability of network protocols and APIs.
Key characteristics of agentless configuration management software include:
- Remote Execution: They do not rely on any agent to collect the information; instead, they use the existing communication channels and protocols to execute commands and apply configurations.
- Reduced Footprint: Since no agents exist, the software is easy to deploy and manage and less resource intensive.
- Ease of Deployment: These often require less effort to deploy, set up and configure in the target system.
- Scalability: Since managing the agents on many devices does not involve overhead, it is suitable for scaling the deployment across many devices.
The Progress Chef feature, Chef Agentless, provides a powerful approach to managing the desired configuration of various systems, including remote endpoints, edge devices and cloud-based resources.
What is Chef Agentless?
Chef Agentless uses ‘target mode’ technology to execute Progress Chef Infra Client, which runs on nodes that don’t have Chef Infra Client installed.
It removes the need for specific platform support by enabling the management of any system, target or device's desired state without needing a native client. You can manage devices with compatible native resources or through custom resources. Once you write a target mode-compatible recipe, this feature will allow the remote management of network devices from any server or workstation.
Chef Agentless is compatible with systems regardless of whether they have native Chef Infra Client builds. Unlike traditional methods that necessitate the installation of a ‘chef-client’ on each target system, it enables administrators to control and enforce the desired state directly on networked devices where the Chef client cannot be installed.
This flexibility empowers administrators to efficiently orchestrate configurations across diverse environments, helping achieve consistency and compliance with organizational standards for all network devices.
Set Up Cisco Devices with Chef Agentless
Let’s consider a scenario in which we use custom resources from Chef to set up Cisco devices with predefined configurations. This approach ensures idempotency for the configured resources.
Use Case Objectives:
- Set up Cisco devices with a Message of the Day (MOTD) banner.
- Configure the Cisco device interface, including but not limited to:
o Setting a description
o Turning the interface on or off
It's crucial to note that the custom resource demonstrated here is just a starting point. It showcases the ability of Chef to configure remote network devices exclusively with Chef Agentless. Customers can further extend or create the custom resources of Chef to accomplish a wide range of additional configuration management tasks.
Environment Setup:
The following steps are essential to configure the host system to utilize Chef capabilities using Chef Agentless to configure remote Cisco devices.
- Install the most recent version of the Chef client on the host system.
- Confirm that the host server can access remote Cisco devices using the SSH transport protocol (for this scenario).
- Set up a user for Cisco devices with privilege level 15 permissions. This allows SSH login directly into enable mode without requiring an enable command and password.
- Set up the credentials file
(`/root/.chef/credentials`)
on the host server with the credentials for accessing target network devices.
Example:
[‘ciscoswitch’]
Host = ‘192.168.240.2’
User = ‘admin’
Password = ‘password’
Host System:
The Chef Infra Client will execute from the host system. So, it must have networking connectivity and credentials to connect with the target system.
Cookbooks or policy files can be retrieved from Infra Server, Supermarket, locally, or a Git repo (the same as any other Infra Client).
Prerequisites:
- Credentials file
- Recipe and Resources compatible with Chef Agentless
- Helper Library Function
Credential file:
This credentials file is in the chef configuration directory ~/.chef/
on Linux (and Mac) or c:\Users\<username>\.chef
A file named credentials (~/.chef/credentials) is required in the directory. The credentials file is the inventory or catalog of target nodes the host can connect to.
Example:
[‘Target-01’]
host = ‘192.168.0.251’
user = ‘root’
key_files = ‘~/.keys/key-pair.pem’
[‘Target-02’]
host = ‘192.168.0.252’
user = ‘root’
password = ‘123456’
[‘Target-03’]
host = ‘192.168.0.253’
user = ‘root’
password = ‘production’
Resources:
These resources are available in the host system. It's crucial to note that resources running on target systems using Chef Agentless must have ‘target mode’ enabled. This is a key step in the management process.
You can create custom resources for the type of system or target that needs to be configured using the Chef agentless technology for the target system.
A resource defines actions required to bring the target system under management to the desired state. Some resources are available as a part of Infra Client, and a mechanism exists to create custom resources. Depending on the requirements of the target system, you can either utilize an available resource or write a custom resource to manage the target system.
Recipes:
The cookbook defines instructions for performing specific configuration tasks on Cisco devices. Recipes act as the primary building blocks for determining the desired state of the devices.
Helper Library Functions: These functions provide additional utilities and functionalities to streamline the configuration process. They can include reusable code snippets, helper methods, or modules designed to assist in everyday configuration tasks or enhance the functionality of recipes and resources.
Custom Resource:
Depending on the platform architecture of the remote system, you can create or define the custom resources. These custom resources should have target_mode: true. You can also group the custom resources into recipes, which can be used to run on target systems.
Refer to the Custom Resource Guide to learn more about writing and using custom resources.
Helper Library Functions: Helper library functions enhance the functionalities of recipes and custom resources by offering reusable code snippets or utilities designed for custom resources. They simplify tasks like parsing device configurations, querying device status or managing authentication and authorization processes.
Centralizing these functionalities in helper libraries allows administrators to streamline configuration management workflows and improve the reliability and efficiency of their Chef deployments on any infrastructure.
The "TargetModeHelpers.rb" file created in the cookbook's "libraries" folder to support the target mode functionality in the Chef cookbooks.
Example:
Executing the Cookbooks
Once the cookbook is correctly configured, you can initiate the Chef client in target mode for any device by employing the following command.
Since the cookbook is set up and stored locally, the -z
denotes local mode. The -t
option activates Chef client execution in target mode, allowing for remote device configuration. It’s imperative to mention that the parameter accompanying the -t
option should precisely match the device’s name configured within the /root/.chef/credentials
file.
This file contains essential credentials necessary for securely accessing the target network devices. By specifying the device name in this command, you instruct Chef to apply the defined configurations to the designated network seamlessly.
chef-client -z -r "<Recipe>" -t "<target name defined in credentials file>"
Chef-client run #2:
All resources were in the desired state in the following chef-client run output.
Validation:
Before running the optional commands below to validate configurations set by Chef recipes, ensure you are logged into the Cisco device with the necessary privilege level.
Example:
Switch1
sh run | section banner motd
sh run | section interface GigabitEthernet1/0/10
Agentless Device Management with Progress Chef
In conclusion, Chef Agentless offers a streamlined approach to configuration management for network devices, helping administrators to efficiently control and enforce desired configurations remotely. By utilizing Chef custom resources and helper library functions, administrators can extend the capabilities of Chef Agentless to achieve greater precision and scalability in the configuration management of network devices.