Do you think IIT Guwahati certified course can help you in your career?
Introduction
Management in Chef Automation is an essential part. For smooth working and functioning, efficient management is a must. Even though under the same umbrella, we have multiple parts to it. From log management to monitoring and restoration, all aspects have unique roles. In the article, we will read about the prerequisites of Chef management in chef automation. Along with that, we will find out about their overviews, examples and works.
Log Management
Chef Automate makes use of "systemd." Log management is done per the system service "journald."
Viewing Logs
To access the logs, use "journalctl -u chef-automate."
journalctl -u chef-automate -f # to view the logs in realtime.
Configuring Log Level
By producing a TOML file and defining the log level, you may configure the Chef Automate log level for all services. By default, each service will start at the "info" level. However, it can be any of "debug," "info," "warning," "panic," or "fatal."
"journald" is used to manage log rotation and retention settings at the system level. Currently, "journald" does not allow granular log retention policies for units within itself.
Migrate from Chef Automate 1
The current Chef Automate versions offer substantial architectural and technical enhancements to the core product platform. This article will show us how to transfer the existing Chef Automate installation to the current Chef Automate.
Overview
In order, the Chef Automate migration procedure follows these steps:
1) Runs preflight checks to ensure the system is ready for Chef Automate 2.
2) Analyses your Chef Automate 1 configuration files and migrates the appropriate settings to a Chef Automate 2 configuration file.
3) Chef Automate 2 can be downloaded. Chef Automate 2 is deployed through Habitat packages that are installed early in the process to reduce downtime.
4) It activates your Chef Automate 1 installation. Then it waits for queued data to be processed. After that, it backs up all Chef Automate 1 data.
5) It generates a local backup of Chef Automate 1 data for use in Chef Automate 2.
6) Chef Automate 1 is terminated.
7) Chef Automate is imported. 1 Chef Automate snapshot
8) Chef Automate 2 is started. Chef Automate 2 identifies imported data during initialisation.
9) In the background, migrates imported historical data. When the migration gets completed, we will be alerted.
Prerequisites
Comply with the requirements in this section before beginning the migration procedure.
Command Line Tool
To begin your upgrading, use the "chef-automate" command line interface.
Command to get the newest version of the Chef Automate CLI:
wget https://packages.chef.io/files/current/automate/latest/chef-automate linux amd64.zip
Then unzip the package as follows:
unzip chef-automate_linux_amd64.zip
Following this, move the unzipped "chef-automate" binary to "/usr/local/bin" using:
mv chef-automate /usr/local/bin
Internet Access
The update process requires internet access for installing the Chef Automate 2 binaries. The typical Chef Automate installation necessitates the use of the most recent versions of Chrome, Edge, or Firefox.
Proxies
The Chef Automate 2 installer takes the following environment variables into account:
HTTPS_PROXY/https_proxy
HTTP_PROXY/http_proxy
NO_PROXY/no_proxy
Chef Automate 1 Version
Chef Automate 1 recent versions have enhancements that the migration process relies on to ensure your data is successfully moved. A version of Chef Automate 1.8.38 or above is required.
Systemd
Chef Automate 2 necessitates the use of the systemd init system. Assume you're running Chef Automate 1 on a system with a different init system. In that scenario, we recommend contacting Customer Support to determine the best migration approach.
Considerations
While we've made the transfer process as simple as possible, there are some things you should know before you go.
Plan for Downtime
The Chef Automate 2 migration process places your Chef Automate 1 installation into maintenance mode, shuts it down, and then launches Chef Automate 2. During the downtime, the migration process creates a backup of your Chef Automate 1 data and exports a portion of it to a local snapshot, which is then loaded into Chef Automate 2.
Unsupported Features and Topologies
The main product platform has been significantly improved architecturally and technically in Chef Automate 2. We recommend that you keep utilising your current Chef Automate installation if you rely on any of the functionalities listed below.
Chef Manage
FIPS
Disaster Recovery
Custom Kibana dashboard
SAML config migration
To move to Chef Automate 2 without these functionalities, use the relevant migration flags:
"--skip-fips-check"
"--skip-disaster-recovery-check"
"--skip-saml-check"
These options allow you to migrate without doing preflight tests for unsupported features.
External OpenSearch Cluster
For converting a Chef Automate 1 installation that leverages external OpenSearch, the Chef Automate 2 conversion method requires manual involvement.
New Data Paths
Chef Automate 2's data is stored in directories called "/hab/svc/$service-name/data." More specifically:
Data from OpenSearch is saved in "/hab/svc/automate-elasticsearch/data/."
PostgreSQL data is saved in the directory "/hab/svc/automate-postgresql/data/."
Chef Automate 2 License
To begin a trial, log in to Chef Automate. The trial includes a 60-day licence. To request a trial licence, you must have internet access in your Chef Automate 2 instance (only at the time of the licence request).
Migrate
"automate-ctl create-backup" will create a backup of your Chef Automate 1 installation.
Begin the transfer process after the backup is complete. If your host is connected to the internet, type "./chef-automate migrate-from-v1 --channel current".
Run the command "./chef-automate migrate-from-v1 --airgap-bundle </path/to/bundle>" if your host is airgapped.
After the migration has completed the preflight tests and analysis of your Chef Automate 1 configuration, it will ask for confirmation to proceed. Examine the created configuration file, and then press "yes" to proceed.
The migration procedure backs up your Chef Automate 1 data, then shuts down Chef Automate 1, imports your data into Chef Automate 2, and finally restarts Chef Automate 2. You can now log in to Chef Automate 2 using your existing Chef Automate 1 user credentials.
Monitoring Chef Automate
To monitor your Chef Automate installation, use the authenticated https endpoint "/status."
Checking the Status Endpoint
The authenticated endpoint "/status" returns status information for the Chef Automate installation and component services. /status provides a response code of 200 when all Chef Automate component services are operational. "/status" else returns 500.
The service status can be "OK," "UNKNOWN," or "CRITICAL," and it is displayed in the JSON output.
Set up an authentication token for use with your monitoring system to utilise "/status" by following the instructions below:
1) Create a token:
2) Create a policy that permits your newly created token to access the "/status" endpoint.
3) Run the following command to ensure that your token and policy grant you access to the /status endpoint:
Connect to the "/status" endpoint after establishing your login token and confirming access.
Restore
Chef Automate can be restored using a filesystem backup, an Amazon S3 bucket backup, or a Google Cloud Storage (GCS) bucket backup. See how to configure your backups before restoring a Chef Automate installation.
Prerequisites
1) Download and unzip the Chef Automate command-line utility on the restore host.
2)To recover from "filesystem backups", Ensure that the backup type used has access:
a) To restore the backup file system attached network.
b) To restore a backup directory that is not a file system attached by the network.
c) To restore the backup file of one file.
3) Create a backup to return the proposal to the host with a fully qualified domain name (FQDN) from the original "host.toml" proposal file that determines the new FQDN and provides it at the time of recovery:
[global.v1]
fqdn = "<new-fqdn>"
4) For restoring a backup to a machine with lesser memory than the original system, create a "patch.toml" file that defines the heapsize and gives it at restore time:
[opensearch.v1.sys.runtime]
heapsize = "4096m"
# "m" stands for megabytes, and "g" stands for gigabytes.
Restore From a Filesystem Backup
We will have a look at restoring from the Filesystem Backup.
Restore in an Internet-Connected Environment
You must give the backup directory if you have configured the backup directory to be somewhere other than the default ("/var/opt/chef-automate/backups").
Run the following command to restore on a new host:
To restore an airgapped installation backup, you must specify the Airgap Installation Bundle that was utilised by the installation. Run the following command to restore on a new host:
Let us see the chef managed services in chef automation.
Prerequisites
We can have a look at the prerequisites below for the managed services.
PostgreSQL Setup
Create an AWS PostgreSQL RDS DB instance.
For connecting to the DB instance, it must be associated with a security group that grants access to it. Ensure that Automate instances can access External RDS.
OpenSearch Setup
Follow the steps below to create the domain:
a) Versions 1.2 and up are recommended.
b) Under the "Dedicated Master Nodes" section, uncheck the "Enable Dedicated Master Nodes" option.
c) Under the "Fine-grained Access Control Section," select "Enable Fine-grained Access Control" and then "Create Master User." For the master user, enter "master username" and "master password."
d) Under the "Access policy" section, select Configure Domain Level Access Policy and change the "Effect" from Deny to Allow.
The steps for backing up and restoring OpenSearch S3 are as follows:
a) Create an IAM role with the following Permission Policies.
b) AmazonS3FullAccess
c) Pass the "TheSnapshotRole" parameter to OpenSearch Service to register the snapshot repository.
1) Go to your OpenSearch Service domain's OpenSearch Dashboards plugin.
2) Select Security, Roles, and then the "manage snapshots" role from the menu.
3) Select Mapped users and then manage mapping.
4) Enter the domain ARN of the user and role with the ability to pass "TheSnapshotRole." Put user ARNs in the Users section and role ARNs in the Backend roles section.
5) Choose Map and validate the user and role that appears under Mapped users.
Chef Automate Backup from Embedded PostgreSQL/OpenSearch and restore to External AWS PostgreSQL/OpenSearch
This part allows you to switch to PostgreSQL RDS/OpenSearch services managed by AWS. The procedures are only applicable if you are currently using Chef Automate solo with internal automated PostgreSQL and OpenSearch.
Take an s3 backup before migrating to external AWS PostgreSQL RDS/OpenSearch services by following the procedures below:
1) Create a Backup using "chef-automate backup create"
2) List Backups using "chef-automate backup list"
3) Configure External AWS PostgreSQL RDS
4) Configure External AWS OpenSearch
5) Registering Snapshot Repository
6)Restore From an AWS S3 Backup
Chef Automate with External AWS PostgreSQL/OpenSearch Backup/Restore
To configure Chef Automate with external AWS PostgreSQL/OpenSearch services and use "backup/restore" on these external managed services, follow the steps below:
1) Download the Chef Automate Command Line Tool
2) Create Default Configuration
3) Configuring External AWS PostgreSQL RDS
4) Configure External AWS Opensearch
5) Configure S3 backup
6) Deploy Chef Automate
7) Open Chef Automate
8) Create a Backup
9) List Backups
10) Restore From an AWS S3 Backup
Frequently Asked Questions
Is Chef an Infrastructure as a code tool?
Chef is an automation tool for defining infrastructure as code. Infrastructure as code (IAC) simply refers to the management of infrastructure through the use of code (Automating infrastructure) rather than manual methods. This is also known as programmable infrastructure.
How to access the default installation of OpenSearch Dashboards?
You must have access to the VPC to access the default installation of OpenSearch Dashboards for a domain that is within it. This method differs depending on network configuration, but it most frequently requires connecting to a VPN or managed network, as well as employing a proxy server or transit gateway.
How to change or move to a new AWS PostgreSQL or OpenSearch service?
To replace or migrate to a new AWS PostgreSQL or OpenSearch service, prepare patch files with updated AWS service configuration information and patch them into current Chef Automate with the "chef-automate config patch /path/to/patch.toml>" command.
7+ registered 
