Chef-Installation Guide

Download the Chef Automate Command-Line Tool 🤔

Download the command-line tool Chef Automate, and then unzip it:

curl https://packages.chef.io/files/current/latest/chef-automate-cli/chef-automate_linux_amd64.zip | gunzip - > chef-automate && chmod +x chef-automate

Create Default Configuration🕵🏻‍♂️

To set default values for your Chef Automate installation, create a config.toml file-

sudo ./chef-automate init-config

By altering the settings in the config.toml file in your editor, you can change your FQDN, login name, and other values.

To set up chef automate to use an externally installed postgresql database cluster or opensearch cluster, see configuring externaldata stores if you have data capacity or redundancy specifications. Don't hesitate to contact a customer success or professional services person for help if you need chef automate deployed in a highly-available fashion.

Deploy Chef Automate 

sudo ./chef-automate deploy config.toml

It takes a few minutes to deploy. The installer does several pre-flight checks after accepting the terms of service in the command line; any unsuccessful checks include information for addressing problems or skipping the check. Rerun the deploy command once the pre-flight issues have been resolved.

You will notice the below line after the deployment procedure-

Deploy complete

The automate-credentials.toml file in your current working directory is where the deployment process stores login information.

Open Chef Automate👩‍🏫

Use the login information from automate-credentials.toml to access Chef Automate at https://account.chef.io/account/login?_ga=2.163655103.1245096731.1662464210-1243366022.1662087860. Chef Automate asks you for a license after you log in.

You can obtain a 60-day trial license from your Chef Automate instance once it has internet access. 

Upgrades

By default, Chef Automate will update itself to the most recent version. Because we pledged to guarantee the stability of the upgrade process, we can apply these upgrades without risk. Automatic updates will never bring about unfixable changes.

Release Channels

The Chef Automate upgrade procedure uses release channels to provide you more control over the upgrades that are automatically applied to your system. Chef Automate will always pull from the most recent release in its designated release channel. Additional channels will be added in the future while we're initially delivering with the default current channel.

Alter the channel setting in your config.toml file to change the release channel that is utilized for upgrades-

channel = "current"

Disable Automatic Upgrades

By changing the upgrade strategy parameter in your config.toml file, you can turn off automatic upgrades-

upgrade_strategy = "none"

To manually initiate an upgrade, run

chef-automate upgrade run

This command updates Chef Automate to the most recent release channel version.

Configuring External Data Stores

Chef Automate can be set up to use PostgreSQL and OpenSearch clusters that are not set up using Chef Automate. The steps below will only be used when Chef Automate is first deployed.

Configuring External OpenSearch

Automate supports HTTPS or HTTP connections for OpenSearch.

For an HTTPS connection, add the following to your config.toml file:

[global.v1.external.opensearch]
  enable = true
  nodes = ["https://opensearch1.example:9200", "https://opensearch2.example:9200", "..." ]
[global.v1.external.opensearch.auth]
  scheme = "basic_auth"
[global.v1.external.opensearch.auth.basic_auth]

  username = "<admin username>"
  password = "<admin password>"
[global.v1.external.opensearch.ssl]

  root_cert = """$(cat </path/to/cert_file.crt>)"""

For an HTTP connection, include the following in your config.toml file-

[global.v1.external.opensearch]
  enable = true
  nodes = ["http://opensearch1.example:9200", "http://opensearch2.example:9200", "..." ]
[global.v1.external.opensearch.auth]
  scheme = "basic_auth"
[global.v1.external.opensearch.auth.basic_auth]
  username = "<admin username>"
  password = "<admin password>"

You must configure OpenSearch backup settings independently from Chef Automate's primary backup settings since externally-deployed OpenSearch nodes won't have access to Chef Automate's built-in backup storage services. You may set up backups to utilize S3 or the local disc.

Adding Resolvers for Opensearch

You can add resolvers/nameservers to the settings if you want to dynamically use DNS servers to resolve the OpenSearch node IPs.

There are two ways to add Name Servers:

Add nameserver IPs: To resolve the OpenSearch nodes, add the nameservers to your config.toml file.

[esgateway.v1.sys.ngx.main.resolvers]
nameservers = ["192.0.2.0:24", "198.51.100.0:24"]

Set system DNS entries: To use existing system nameserver entries from /etc/resolv.conf, add the following setting to config.toml:

[esgateway.v1.sys.ngx.main.resolvers]
  enable_system_nameservers = true

Nameserver IPs precede over the system nameserver entries if both options are selected.

Apply the changes using-

sudo chef-automate config patch config.toml

If you wish to reset to the default configuration or to modify the configuration:

1. Run chef-automate config show config.toml.
2. Open config.toml and remove the esgateway.v1.sys.ngx.main.resolvers configuration or change the values.
3. Run chef-automate config set config.toml to apply your changes.

Backup Externally-Deployed Opensearch to Local Filesystem

To set up local filesystem backups of Chef Automate data kept in a cluster that is deployed outside and using OpenSearch:

Make sure that all OpenSearch master and data nodes have the filesystems you plan to use for backups mounted to the exact location.

Set up each node's OpenSearch path.repo configuration following the instructions provided in the OpenSearch specification.

Your config.toml should now include the following:

[global.v1.external.opensearch.backup]
enable = true
location = "fs"

[global.v1.external.opensearch.backup.fs]
path = "/var/opt/chef-automate/backups"

Backup Externally-Deployed Opensearch to TO AWS S3

To set up local filesystem backups of Chef Automate data kept in a cluster that is deployed outside and using OpenSearch:

Make sure that all OpenSearch master and data nodes have the filesystems you plan to use for backups mounted to the exact location.

Set up each node's OpenSearch path.repo configuration following the instructions provided in the OpenSearch specification.

Your config.toml should now include the following:

[global.v1.external.opensearch.backup]
enable = true
location = "s3"
[global.v1.external.opensearch.backup.s3]
  bucket = "<bucket name>"
  base_path = "<base path>"
  client = "<client name>"
[global.v1.external.opensearch.backup.s3.settings]

Backup Externally-Deployed Opensearch to GCS

• To set up backups of Chef Automate data kept in an externally installed OpenSearch cluster in Google Cloud Storage Buckets (GCS):
• On each node in your OpenSearch cluster, install the repository-gcs plugin.
• Per the instructions in the OpenSearch documentation, create a storage bucket and set up a service account to access it.
• Set the appropriate GCS settings as outlined in the OpenSearch documentation for each OpenSearch node's GCS client setup.
• By including the following values to your config.toml file, you can enable GCS backups:

[global.v1.external.opensearch]
  enable = true
  nodes = ["https://my-es.cluster"]
[global.v1.external.opensearch.backup]
  enable = true
  location = "gcs"

[global.v1.external.opensearch.backup.gcs]
  bucket = "<bucket name>"

  client = "default"

Configuring an External PostgreSQL Database 

Setup the following settings in your config.toml file:

[global.v1.external.postgresql]
enable = true
nodes = ["<pghostname1>:<port1>", "<pghostname2>:<port2>", "..."]

[global.v1.external.postgresql.ssl]
enable = false
[global.v1.external.postgresql.auth]
scheme = "password"

[global.v1.external.postgresql.auth.password.superuser]
username = "<admin username>"
password = "<admin password>"
[global.v1.external.postgresql.auth.password.dbuser]
username = "<dbuser username>"
password = "<dbuser password>"

[global.v1.external.postgresql.backup]
enable = true

Adding Resolvers for PostgreSQL Database

You can add resolvers/nameservers to the configuration if you want to use DNS servers to resolve the PostgreSQL cluster node IP addresses dynamically.

There are two ways to add name servers:

1)Add nameserver IPs: You can include the nameservers to your config.toml file if you know which nameservers should resolve the PostgreSQL nodes.

[pg_gateway.v1.sys.resolvers]
  nameservers = ["127.0.0.53:53"]

2)Make system DNS settings: Add the following option to config.toml to use the system nameserver entries currently in /etc/resolv.conf:

[pg_gateway.v1.sys.resolvers]
  enable_system_nameservers = true

Nameserver IPs precede the system nameserver entries if both options are selected.

Apply the modifications:

sudo chef-automate config patch config.toml

If you want to change the configuration or reset to the factory settings:

Start chef-automate configuration show config.toml.

The pg gateway.v1.sys.resolvers section of the config.toml should be edited or replaced with the configuration values.

To make your changes effective, run chef-automate config set config.toml.

We hope you understood the steps to install Chef.🤗

Frequently Asked Questions

What is chef software?

Chef is an automation tool that uses Ruby and domain-specific language to create system setup scripts. The infrastructure deployed across on-premises or public cloud aids in designing programmable infrastructure, installing an application, and managing configuration over the network.

Explain the features of chef habitat.  

Regardless of the platform or operating system being used for deployment, it allows automation for defining, packaging, and delivering applications to any environment. Without reworking or rewriting, it produces deployable artifacts for virtual machines or containers.

Explain the use of Recipe in Chef.

A recipe is a group of resources that determines a node's configuration or policy. A recipe must be in the node's run list to be executed. They are written in Ruby and contain all the instructions needed to run, update, or create something on the Chef Client's node.

What is the role of OHAI in Chef?

Chef Infra uses the program OHAI to gather system configuration information for usage in Cookbooks. With the use of an integrated plug-in, it can detect specific setup details. Additionally, it collects metadata from the hostnames, operating system, network, memory, disc, CPU, kernel, and cloud provider.

Explain Report handler in Chef.

We may use this handler to deliver a report after a successful run of the Chef Infra Client. To run a list of the nodes, use a recipe that contains a chef handler resource. When the report handler executes, the run status object's 'success?' attribute returns true.

Conclusion

This article taught us how to install chef. We began with a brief introduction to chef software, followed by the steps to install it. After reading about all the installation steps for chef, refer to Chef Documentation, Progress Chef Linkedin, Progress Chef Github, and Progress Chef Wikipedia for a deeper understanding of chef.

Refer to our guided paths on Coding Ninjas Studio to learn more about DSA, Competitive Programming, JavaScript, System Design, etc. Enroll in our courses and refer to the mock test and problems available. Take a look at the interview experiences and interview bundle for placement preparations.