Configuration Management Tool

Setting Up Chef Automate on AWS

ChristianLeave a comment

Navigate to the URL https://console.aws.amazon.com/opsworks/cm/home#/chef/ 
and select Create Chef Automate Server

Step 1: 
- Now select the region and enter the Chef Server Automate Instance (server) name and 
- Select the Instance type too.
Step 2: Select an SSH Key
No room to create a new key (either you select you don’t want to connect using SSH or you select an existing SSH key).
Step 3: Select the right VPC, Subnet, associate the right EIP, security group. 
- Create a service role if non-exists at the moment

“AWS OpsWorks for Chef Automate needs your permission to create an IAM service role that allows us to perform actions in AWS CloudFormation, Amazon EC2, Amazon EC2 Simple Systems Manager, and Amazon S3. By continuing, you are allowing us to create a new role to work with these services.” Create an Instance Profile

“AWS OpsWorks for Chef Automate needs your permission to create an instance profile that allows us to perform actions in Amazon S3, and communicate with a Chef server by using Amazon EC2 Simple Systems Manager (SSM). By continuing, you are allowing us to create a new role to work with these services”

Select your maintenance Windows  to allow AWS OpsWork to install Updates for Chef Automate minor versions or security packages.

Note: Weekends are always better to have this performed. (select whatsoever time suits you).

For AWS OpsWorks Backup: AWS OpsWorks supports two ways to back up your Chef Automate server: manual or automated. Backups are uploaded to your Amazon S3 bucket. If you ever need to restore your Chef Automate server, you can restore it by applying a backup that you choose.

When you choose yes to Enable automated backup, these options below are available

Number of generations to keep: 30 is usually okay but this depends on your organisation policy.

Step 4: Review and Launch: open its Properties page in the AWS OpsWorks for Chef Automate console. The page below will be prompted to show the progress bar of the AWS OpsWork for Chef Automate creation,

Note: Make sure you download the following before your server is online. The download buttons are not available after a new server is online.

Finally, this message will appear on the dashboard stating your Chef Automate Server is successfully launched

Note: The created role will appear in the IAM section under roles as shown below

Now Access he URL (dashboard) of Chef Automate and perform all necessary configurations etc. as shown below

Note: Ensure you have the ChefDK downloaded and Installed on your local PC from  https://downloads.chef.io/chefdk

Otherwise, you cannot work with Chef Automate with Windows 10 . See how to install ChefDk on Windows in the next page

Chef – Node Bootstrapping

ChristianLeave a comment

The Chef-Client agent runs Chef recipes on both physical and virtual servers often referred to as nodes or instances.  Associating nodes with Chef ensures the chef server installs the chef-client software on the nodes.

Note: The minimum supported version of chef-client on nodes associated with OpsWorks for ChefAutomate Server is 12.16.42. We recommend running chef-client 13.6.4.

Using knife to add or bootstrap an instance (See https://docs.chef.io/platforms.html for supported operating systems)

Example 1: Bootstrapping an instance using knife commands. 

knife bootstrap windows winrm EnterNodeIPAddress --winrm-user Administrator --winrm-password 'enterserverpasswordhere' --node-name EnterNodeNamehere --run-list 'recipe[chef-client]'

Note: You can attach any cookbooks in place of the chef-client run-list, or have a role uploaded to the chef server which in turns have many run-list attached to the role and update the node run-list to use the newly created role. This topic will be discussed in a latter stage.

Also see if you wish to add nodes automatically https://docs.aws.amazon.com/opsworks/latest/userguide/opscm-unattend-assoc.html

Chef-Repo Setup

ChristianLeave a comment

As discussed in https://techdirectarchive.com/2018/12/14/get-started-with-opsworks-for-chef-automate/ 
It is recommended to placed in Git of any of the VCS your cookbooks etc.

A Chef repository contains several directories. Each directory in the StarterKit contains a README file that describes the directory’s purpose, and how to use it for managing your systems with Chef. There are two ways to get cookbooks installed on your Chef server. Either by using the,
– knife commands, or
– Berkshelf commands. 

Create a directory on your local PC for storing cookbooks similar to the Chef-repo

  • Create a directory on yourlocal computer for storing cookbooks, such as chef-repo. After you addcookbooks, roles, and other files to this repository, we recommend that youupload or store it in a secure, versioned system, such as AWS CodeCommit, Git,or Amazon S3.
  • In the chef-repo directory, create the following three directories, as shown in the Starter Kit:
    1. cookbooks/ – Stores cookbooks that you download or create.
    2. roles/ – Stores rolesin .rb or .json formats.
    3. environments/ – Stores environments in .rb or .json formats

Use-Case 1
Use Berkshelf to get Cookbooks from the Chef Supermarket:

Berkshelf is a tool for managing cookbooks and their dependencies. It downloads a specified cookbook into your local storage, which is called the Berkshelf. You can specify which cookbooks and versions to use with your Chef server and upload them.

First: Let’s try this very basic example.
Step 1: Navigate to Chef supermarket https://supermarket.chef.io/ and search for google chrome and Firefox.

Then locate the Berksfile as shown below and add the Firefox and google chrome codebooks as shown below. This ensures the cookbooks are download and stored locally.

Locate the path where you have the starter kit downloaded to, mine is 

C:\Users\yourname\ChefAutomate\chef-automateserver

Let’s modify the Berksfile and add the cookbooks for Firefox and chrome gotten from the Chef Supermarket.

Step 2: Download and install the cookbooks on your local Computer
– Launch the Chef Dk Client (PowerShell)

Navigate to the Chef local Repository from the Chef Dk terminal otherwise this will not work if you are in a different directory. See image below and run the command. See screenshoot below for the Repo content.

Step 3: Upload this cookbook to Chef Server

This is difference on how it works on Linux than on Windows.
See link: https://docs.aws.amazon.com/opsworks/latest/userguide/opscm-starterkit.html

For Windows: Ensure the Execution Policy in PowerShell is set to RemoteSigned. The execution policy ensures you can load configuration files and determine which script if any must be digitally signed. See the image below on how to set the execution policy to RemoteSigned.

See https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.security/set-executionpolicy?view=powershell-6
This simply restricts us from running unsigned PowerShell scripts downloaded from the Internet.

Run berksinstall

Otherwise, you wouldn’t be able upload your cookbooks. Verify if this is installed, by running the command below in the console

berks –version

Next run the command below to add the SSL Cert file.

$env:SSL_CERT_FILE="ca_certs\opsworks-cm-ca-2016-root.pem"

Then run berks upload to upload to the Chef Server

'berks upload'

Finally remove the SSL Cert File

Remove-Item Env:\SSL_CERT_FILE

To verify that this worked, simply run the command “knife cookbook list” as shown below

https://docs.aws.amazon.com/opsworks/latest/userguide/welcome_opscm.html