Do you think IIT Guwahati certified course can help you in your career?
📝Introduction
Chef is an automation business. Our namesake product, Chef Infra, has connected developers and system administrators since the company was created in 2008. The definition of automation has evolved throughout time.
Chef offers a complete automation solution that takes you from development to production for infrastructure and applications.
☁️Deployment
On-Premise Deployment
AWS Deployment
AWS Managed Services Deployment
On-Premise Deployment
To deploy Chef Automate High Availability (HA) on-premise machines or on existing VMs., follow the steps below:
1. Install Chef Automate HA
⭐Prerequisites
All VMs or Machines must be running.
The OS Root Volume must be at least 40 GB.
(/var/tmp) TMP space must be at least 5GB.
Separate Hab volume provisioned at least 100 GB, for openSearch node /hab volume shall be more based on the data retention policy.
A Common user should
have access to all machines.
have sudo privileges.
use the same SSH Private Key file to access all machines.
Key-based SSH should be allowed for the provisioning user for all the machines for HA-Deployment.
4. Transfer the Bundle file (latest.aib) and Chef Automate CLI binaries (chef-automate) to the Airgapped Bastion Machine using the scp command if the Airgapped Bastion machine is different.
After transferring, switch to sudo in Airgapped Bastion:
sudo su -
5. Run the following command to move the Chef Automate CLI to /usr/bin:
cp -f chef-automate /usr/bin/chef-automate
6. Generate init config for existing infrastructure:
chef-automate init-config-ha existing_infra
7. Update the Config file with relevant data
vi config.toml
The following services should add a machine count: Chef Automate, Chef Infra Server, Postgresql, and OpenSearch.
Put the IP address of each machine in the appropriate service section; multiple IP addresses should be encapsulated in double quotations (") and separated by commas (,). Example: "10.0.0.104" and "10,0.0.105".
Give the same IP address for both config variables if we want to run Postgresql and OpenSearch on the same machine. This means that OpenSearch and Postgresql will be running on a total of three computers or virtual machines. With this, a decreased performance should be expected. OpenSearch with Postgresql will run in parallel on a minimum of three virtual or physical machines (VMs).
Also, the same machines can be used for Chef Automate and Chef Infra Server. This means that Chef Automate and Chef Infra Server will be executed on two servers or virtual machines. With this, a decreased performance should be expected. Chef Automate and Chef Infra Server will each run on a minimum of two virtual machines (VMs) or physical machines.
Therefore, minimum of five machines will be required.
Give all the access to the ssh user in all the machines.
Give the location of the ssh key file. This key must have access to all machines or virtual machines.
As the traffic of the LoadBalancer route to Chef Automate machines or virtual machines, enter fqdn as the DNS entry for Chef Automate.
Set the admin password to the password you want to use to log into Chef Automate.
4. Generate init config for existing infrastructure:
chef-automate init-config-ha existing_infra
5. Update the Config file with relevant data
vi config.toml
Give all the access to the ssh user in all the machines.
Specify ssh port If your AMI uses a custom ssh port, the default is port 22.
Give the path of the ssh key file you downloaded from the AWS SSH Key Pair to build all of the virtual machines. So, with this, we will be able to access all VMs.
Use "efs" or "s3" for backup config.
Set the value of s3 bucketName to a Unique Value if the backup config is set to S3.
Use "efs" or "s3" for backup config.
Set the value of s3 bucketName to a Unique Value if the backup config is set to S3.
Create an admin password that you may use to log into the Chef Automate UI.
For this AWS setup, don't set fqdn.
For Chef Automate, Chef Infra Server, Postgresql, and OpenSearch, set instance count.
Set the following AWS Config Info:
Set the profile; it is set to "default".
Set the region; the default is "us-east-1."
Add the AWS VPN id you created in the prerequisite step.
Set aws_cidr_block_addr if AWS VPC uses CIDR.
Set private custom subnets and public custom subnets if AWS VPC supports Subnet.
Set the SSH Key Pair we created as a requirement to ssh_key_pair_name. The name of the AWS SSH Key Pair, without the. pem extension should be used. The contents of the ssh key and the ssh key file should match.
As these AWS deployment steps are for non-managed services, set setup managed services to false. False is the default value.
Depending on your AWS Region and the Operating System Image you want to use, set the ami_id value.
Please use the Hardware Requirement Calculator sheet to determine which type of instance you'll need for your load.
Set the Chef Automate instance type in automate_server_instance_type.
Set the Chef Infra Server instance type in the chef_server_instance_type.
Set the OpenSearch instance type in the opensearch_server_instance_type.
Set the Postgresql instance type in postgresql_server_instance_type.
Set automate_lb_certificate_arn to the arn value of the certificate issued in AWS ACM for the DNS entry of chefautomate.example.com.
Set chef_server_lb_certificate_arn to the arn value of the certificate issued in AWS ACM for the DNS entry of chefinfraserver.example.com.
Depending on your load requirements, set automate_ebs_volume_iops, automate_ebs_volume_size.
Depending on your load requirements, set chef_ebs_volume_iops, chef_ebs_volume_size.
Depending on the amount of load, set opensearch_ebs_volume_iops, opensearch_ebs_volume_size.
Depending on your load requirements, set postgresql_ebs_volume_iops, postgresql_ebs_volume_size.
Depending on the amount of load, set opensearch ebs volume iops, opensearch ebs volume size
Depending on your load requirements, set postgresql ebs volume iops, postgresql ebs volume size.
Set postgresql_ebs_volume_type, automate_ebs_volume_type, opensearch_ebs_volume_type. "gp3" is the default value.
9. Check the status of Chef Automate HA services once the Deployment is done successfully..
chef-automate status
10. Check the Chef Automate HA deployment information by:
chef-automate info
📝Note: DNS should have entries for chefautomate.example.com and chefinfraserver.example.com, which are pointing to respective Load Balancers as shown in the chef-automate info command.
🏃♂️Go to (Chef Automate domain)https://chefautomate.example.com to see if the user interface is available.
AWS Managed Services Deployment
For deployment of Chef Automate High Availability (HA) on the AWS (Amazon Web Services) cloud, follow the steps below:
4. Generate init config for existing infrastructure:
chef-automate init-config-ha existing_infra
5. Update the Config file with relevant data
vi config.toml
Give all the access to the ssh user in all the machines.
Specify ssh port If your AMI uses a custom ssh port, the default is port 22.
Give the path of the ssh key file you downloaded from the AWS SSH Key Pair to build all of the virtual machines. So, with this, we will be able to access all VMs.
Use "efs" or "s3" for backup config.
Set the value of s3 bucketName to a Unique Value if the backup config is set to S3.
Use "efs" or "s3" for backup config.
Set the value of s3 bucketName to a Unique Value if the backup config is set to S3.
Create an admin password that you may use to log into the Chef Automate UI.
For this AWS setup, don't set fqdn.
For the Chef Automate, Chef Infra Server, Postgresql, and OpenSearch, set the instance count.
Set the following AWS Config Info:
Set the profile; it is set to "default".
Set the region; the default is "us-east-1."
Add the AWS VPN id you created in the prerequisite step.
Set aws_cidr_block_addr if AWS VPC uses CIDR.
Set private custom subnets and public custom subnets if AWS VPC supports Subnet.
Set the SSH Key Pair we created as a requirement to ssh_key_pair_name. The name of the AWS SSH Key Pair, without the. pem extension should be used. The contents of the ssh key and the ssh key file should match.
Set setup managed services to true if you want to use these AWS deployment steps for managed services. False is the default value.
Set managed_opensearch_domain_name, managed_opensearch_username, managed_opensearch_domain_url, managed_opensearch_user_password from the Managed AWS OpenSearch that you created in the Prerequsite steps.
Set the URL as managed_opensearch_domain_url without the port number.
For the backup and restore configuration, set managed_opensearch_certificate, aws_os_snapshot_role_arn, os_snapshot_user_access_key_id, os_snapshot_user_access_key_secret (Refer).
Set the managed_rds_instance_url as the URL with Port No.
Set managed_rds_superuser_username, managed_rds_superuser_password, managed_rds_instance_url, managed_rds_dbuser_username, managed_rds_dbuser_password from the Managed AWS RDS Postgresql that you created in the Prerequsite steps.
Depending on your AWS Region and the Operating System Image you want to use, set the ami_id value.
Please use the Hardware Requirement Calculator sheet to determine which type of instance you'll need for your load.
Set the Chef Automate instance type in automate_server_instance_type.
Set the Chef Infra Server instance type in the chef_server_instance_type.
Set the OpenSearch instance type in the opensearch_server_instance_type.
Set the Postgresql instance type in postgresql_server_instance_type.
Set automate_lb_certificate_arn to the arn value of the certificate issued in AWS ACM for the DNS entry of chefautomate.example.com.
Set chef_server_lb_certificate_arn to the arn value of the certificate issued in AWS ACM for the DNS entry of chefinfraserver.example.com.
Depending on your load requirements, set automate_ebs_volume_iops, automate_ebs_volume_size.
Depending on your load requirements, set chef_ebs_volume_iops, chef_ebs_volume_size.
Depending on the amount of load, set opensearch_ebs_volume_iops, opensearch_ebs_volume_size.
Depending on your load requirements, set postgresql_ebs_volume_iops, postgresql_ebs_volume_size.
Depending on the amount of load, set opensearch ebs volume iops, opensearch ebs volume size
Depending on your load requirements, set postgresql ebs volume iops, postgresql ebs volume size.
Set postgresql_ebs_volume_type, automate_ebs_volume_type, opensearch_ebs_volume_type. "gp3" is the default value.
9. Check the status of Chef Automate HA services once the Deployment is done successfully..
chef-automate status
10. Check the Chef Automate HA deployment information by:
chef-automate info
📝Note: DNS should have entries for chefautomate.example.com and chefinfraserver.example.com, which are pointing to respective Load Balancers as shown in the chef-automate info command.
🏃♂️Go to (Chef Automate domain)https://chefautomate.example.com to see if the user interface is available.
Frequently Asked Questions
Define Chef server.
The hub of the workstation and the nodes is the Chef Server. The metadata, cookbooks recipes, node policies, roles, and environments are stored here.
Define Chef client.
An agent called Chef Client performs functions like registering nodes and authenticating with the Chef server and every other action necessary to put it in the expected state. Chef-client runs on each node that Chef manages.
What kinds of backups are there in CHEF?
Backups are divided into three categories: full, differential, and incremental.
Conclusion
In this article, we discussed three types of CHEF Deployments:
On-Premise Deployment
AWS Deployment
AWS Managed Services Deployment
😍Curious to learn more about CHEF? Refer to the following links:
34+ registered 
