Introduction👨✈
In this article, we will discuss installing chef infra server with automate. Using the chef automate to install the chef infra server either for a single-host installation that contains both the chef infra server and the chef automate and for a standalone chef infra server instance.
So let us learn about installing chef infra server with automate.💫
Are you ready❓
Installing Chef Infra Server With Automate🤔
System Requirements and Prerequisites🦿🦾
Before we begin installing chef infra server with automate, let us check the system requirements for the chef automate, and ensure that the chef-automate command line tool is installed.
📌Run the given below command to download the chef-automate command line tool in your command line interface -
curl https://packages.chef.io/files/current/latest/chef-automate-cli/chef-automate_linux_amd64.zip | gunzip - > chef-automate && chmod +x chef-automateInstalling Chef Automate and Chef Infra Server on The Same Host🧶
To install the chef automate and the chef infra server on the same host, use either a command line interface or a configuration file. Installations require elevated privileges, so you must run the commands using 'sudo' at the start of each command or as the superuser.
Hardware Requirements For Single-Host Installation🪡
Recommended memory and the vCPU minimums for the single-host containing chef infra server and chef automate are given below -
📌Up to 200 managed nodes - 8GB RAM, 2vCPUs
📌Between 200-500 managed nodes - 30GB RAM, 4vCPUs
📌Between 500-5000 managed nodes - 61GB RAM, 8vCPUs
A single-host installation containing the chef infra server and the chef automate requires the /hab directory that contains 80GB of disk space for the software artifacts plus 2MB of disk space per managed node.
Command Line Install of Chef Automate and Infra Server💻
Install chef automate and chef infra server on the same host with this command -
sudo chef-automate deploy --product automate --product infra-server
Then, set up the knife for use with the chef infra server.
Configuration File Install of Chef Automate and Infra Server⚙️
Installing the chef automate and the chef infra server on the same host using a configuration file requires the use of the chef automate CLI (command line interface). Installations require elevated privileges, so you need to run the commands using 'sudo' at the start of each command or as the superuser.
1️⃣First, run the given below command to generate a skeleton configuration file -
sudo chef-automate init-config
2️⃣To deploy the chef automate and the chef infra server, add the given below stanza to the configuration file -
[deployment.v1.svc]
products=["automate", "infra-server"]
3️⃣Make any other desirable changes in the configuration
4️⃣Run the chef-automate deploy command with your configuration file -
sudo chef-automate deploy config.toml
5️⃣Set up the knife for use with the chef infra server.
Install A Standalone Chef Infra Server🤳
To install the chef infra server using the chef automate deploy command. Use either the CLI (command line interface) or the configuration file to install the chef infra server using the chef automate deploy command.
Refer to the chef infra server hardware requirements for guidance on memory and the number of CPUs.
Command Line Install of Standalone Chef Infra Server🧑💻
When the chef automate deploys the chef infra server, it automatically configures the chef infra server to collect data to send to the chef automate. Now, to deploy a standalone chef infra server with chef automate, you must turn off the data collection in the configuration. Installations require elevated privileges, so you need to run the commands using 'sudo' at the start of each command or as the superuser.
1️⃣First, run the given below command to generate a skeleton configuration file -
sudo chef-automate init-config
2️⃣Now, to disable chef automate data collection, add a stanza to the configuration file -
[erchef.v1.sys.data_collector]
enabled = false
3️⃣Use the configuration file to deploy the chef infra server using the given below command -
sudo chef-automate deploy --product infra-server <configuration_file>
4️⃣Set up the knife for use with the chef infra server.
5️⃣Create a patch.toml file containing the configuration stanza to send data from the chef infra server to an external chef automate installation -
[global.v1.external.automate]
enable = true
node = "https://<automate server url>"
[global.v1.external.automate.auth]
token = "<data-collector token>"
[global.v1.external.automate.ssl]
server_name = "<server name from the automate server ssl cert>"
root_cert = """<pem format root CA cert>
"""
[auth_n.v1.sys.service]
# A2 data collector token can be used without an issue.
a1_data_collector_token = "<data-collector token>"
[erchef.v1.sys.data_collector]
enabled = true
6️⃣At last, run the given below command to patch the chef infra server configuration.
chef-automate config patch patch.tomlInstalling a Standalone Chef Infra Server With a Configuration File👩🏼🔧
Installing the chef infra server through the chef automate using a configuration file which also requires the use of the chef automate command line interface (CLI). When the chef automate deploys the chef infra server, it automatically configures the chef infra server to collect data to send to the chef automate. Now, to deploy a standalone chef infra server with chef automate, you must turn off the data collection in the configuration. Installations require elevated privileges, so you need to run the commands using 'sudo' at the start of each command or as the superuser.
1️⃣First, run the given below command to generate a skeleton configuration file -
sudo chef-automate init-config
2️⃣Now, to deploy the chef infra server add a stanza to the configuration file -
[deployment.v1.svc]
products=["infra-server"]
# Disable->automate data collection as automate won't be deployed
[erchef.v1.sys.data_collector]
enabled = false
3️⃣Run the chef-automate deploy command with the config.toml configuration file -
sudo chef-automate deploy config.toml
4️⃣Set up the knife for use with the chef infra server.
5️⃣Create a patch.toml file containing the configuration stanza to send data from the chef infra server to an external chef automate installation -
[global.v1.external.automate]
enable = true
node = "https://<automate server url>"
[global.v1.external.automate.auth]
token = "<data-collector token>"
[global.v1.external.automate.ssl]
server_name = "<server name from the automate server ssl cert>"
root_cert = """<pem format root CA cert>
"""
[auth_n.v1.sys.service]
# A2 data collector token can be used without an issue.
a1_data_collector_token = "<data-collector token>"
[erchef.v1.sys.data_collector]
enabled = true
6️⃣At last, run the given below command to patch the chef infra server configuration.
chef-automate config patch patch.tomlAdding a New Chef Infra Server to an Existing Chef Automate Installation➕
To add chef infra server patch an existing chef automate installation -
-
In order to add an infra-server to the list of products, create a patch.toml file to deploy -
[deployment.v1.svc]
products=["automate", "infra-server"]
-
Now apply the patch to the chef automate installation:
sudo chef-automate config patch ./patch.toml
The command output will end with -
…
Success: Configuration patched✅Setting Up the Chef Infra Server⚙️
The knife command-line utility gives an interface to interact with a chef infra server from a workstation.
📌To create a user on the chef infra server host, run the following command ➡
sudo chef-server-ctl user-create USER_NAME FIRST_NAME LAST_NAME EMAIL 'PASSWORD' --filename USER_NAME.pem
📌Run the given below command for creating an organisation, generating its validator key, and assigning the user that was created in the previous step as an administrator ➡
sudo chef-server-ctl org-create SHORT_NAME 'FULL_ORGANIZATION_NAME' --association_user USER_NAME --filename ORGANIZATION-validator.pem
-
The short name has to begin with a digit or a lower-case letter, may contain lower-case letters, digits, underscores, and hyphens, and should be between 1 and 255 characters. For example, 6thbadminton.
-
The full organisation name has to begin with a non-whitespace character and should be between 1 and 1023 characters. For example: 'Sixth Badminton, Yonex.'.
-
The --association_user option associates the USER_NAME with the admins' security group on the chef infra server.
-
An RSA private key is the chef-validator key generated automatically. Save this RSA private key to a secure and safe location. The --filename option saves the RSA private key to the specified absolute path.
On the workstation -
-
Install the chef workstation.
-
Use the chef generate repo subcommand to create a chef repository. For example, create a chef repository named chef-repository by running -
chef generate repo chef-repository-name
Replace the chef-repository-name with your desired repository name.
-
Create a .chef directory within your named chef repository with the help of the mkdir command.
For example -
mkdir /chef-repository-name/.chef
-
ORGANIZATION-validator.pem and USER_NAME.pem to the .chef directory.
- Create a config.rb file in the .chef directory containing the following -
| current_dir = | File.dirname(__FILE__) |
| node_name | 'USER_NAME' |
| client_key | "#{current_dir}/USER_NAME.pem" |
| validation_client_name | 'ORGANIZATION-validator' |
| validation_key | "#{current_dir}/ORGANIZATION.pem" |
| chef_server_url | 'https://automate.example.com/organizations/ORGANIZATION' |
| cookbook_path | ["#{current_dir}/../cookbooks"] |
Note - For the air-gapped installations, create and add a bootstrap template to your config.rb.
- Now run knife ssl fetch to get the SSL certificates from the chef infra server and make them available to the knife.
We hope you understood about installing chef infra server with automate. To learn more about setting up the workstation, see the Chef Workstation documentation.
34+ registered 
