_____ _ __ ______ _____ _____ _ _ _
/ __ \ | / _| | ___ \ / __ \ |_ _| | | | | (_)
| / \/ |__ ___| |_ | |_/ /__ | / \/ | | _ __ ___| |_ _ __ _ _ ___| |_ _ ___ _ __ ___
| | | '_ \ / _ \ _| | __/ _ \| | | || '_ \/ __| __| '__| | | |/ __| __| |/ _ \| '_ \/ __|
| \__/\ | | | __/ | | | | (_) | \__/\ _| || | | \__ \ |_| | | |_| | (__| |_| | (_) | | | \__ \
\____/_| |_|\___|_| \_| \___/ \____/ \___/_| |_|___/\__|_| \__,_|\___|\__|_|\___/|_| |_|___/Chef Software delivers value to our customers by taking an “Enterprise as Code” approach to simplify, standardize and secure day to day operations across both on-premise and multi-cloud environments.
Here’s an overview of the Chef development workflow:
The following describes the basic local development workflow for creating / modifying both Chef cookbooks and / or InSpec profiles.
Step 1: The Developer clones the Chef Cookbook or InSpec Profile from the source code management (SCM) repository.
Step 2: The Developer then isolates the code changes by creating a branch.
Step 3: The Developer now modifies the code and then tests and verifies the code changes by using Test Kitchen.
Step 4: The Developer then commits the code changes to the local branch.
Step 5: The Developer then pushes the branch to the source code management (SCM) repository.
Step 6: The Developer then initiates a pull request (PR) in the source code management (SCM) repository.
Step 7: The CI/CD pipeline (i.e. Jenkins, Harness, Bamboo or Azure DevOps etc ) picks up the pull request which triggers automated testing and approvals.
For a PoC we can install Chef Automate and Chef Server using an all in one deployment pattern.
For further details please refer to the Chef Docs page - https://docs.chef.io/automate/system_requirements/
Chef Automate requires a minimum of:
- 16 GB of RAM
- 80 GB of disk space (available to /hab)
- 4 vCPUs
Chef Automate requires:
- a Linux kernel of version 3.2 or greater
- systemd as the init system
- useradd
- curl or wget
- The shell that starts Automate should have a max open files setting of at least 65535
- Commercial support for Chef Automate is available for platforms that satisfy these criteria.
Chef Automate supports the current browser versions for Chrome, Edge, and Firefox. Chef Automate does not support other browsers and may not be compatible with older browser versions.
For further details please refer to the Chef Docs page - https://docs.chef.io/automate/install/
Download and unzip the Chef Automate command-line tool:
curl https://packages.chef.io/files/current/latest/chef-automate-cli/chef-automate_linux_amd64.zip | gunzip - > chef-automate && chmod +x chef-automateCreate a config.toml file with default values for your Chef Automate installation:
sudo ./chef-automate init-configYou can customize your FQDN, login name, and other values, by changing the values in the config.toml in your editor.
The following command will deploy Chef Automate and Chef Server
sudo ./chef-automate deploy config.toml --product automate --product chef-server --accept-terms-and-mlsaif you require Habitat On Premise Builder, then use this command
sudo ./chef-automate deploy config.toml --product automate --product chef-server --product builder --accept-terms-and-mlsaDeployment takes a few minutes. The first step is accepting the terms of service in the command line, after which the installer performs a series of pre-flight checks; any unsuccessful checks have information for resolving issues or skipping the check. Run the deploy command again, after resolving any pre-flight issues.
At the end of the deployment process you will see:
Deploy completeThe deployment process writes login credentials to the automate-credentials.toml in your current working directory.
First create a user on the Chef Server. The .pem file will be used on your developer Chef Workstation machine.
sudo chef-server-ctl user-create Your_User_Name chef user Your_User_Name@email.com 'Your_Password' --filename $HOME/Your_User_Name.pemNext, create an organisation for the Chef Infra Server. The .pem file will be used as the 1 time validation key to bootstrap your Windows and Linux nodes.
sudo chef-server-ctl org-create Your_Org_Name 'automate' --association_user Your_User_Name --filename $HOME/Your_Org_Name-validator.pemYou will need to copy both .pem files from the Chef Automate server as they will be needed on the developer Chef Workstation.
Chef Workstation gives you everything you need to get started with Chef - ad hoc remote execution, remote scanning, configuration tasks, cookbook creation tools as well as robust dependency and testing software - all in one easy-to-install package.
Chef Workstation includes:
- Chef Infra Client
- Chef InSpec
- chef and knife command line tools
- Testing tools such as Test Kitchen, ChefSpec, and Cookstyle
- Everything else needed to author cookbooks and upload them to the Chef Infra Server
Minimum system requirements:
- RAM: 2GB
- Disk: 4GB
- Running minimum settings may limit your ability to take advantage of Chef Workstation tools such as Test Kitchen which creates and manages virtualized test environments.
Recommended system requirements:
- RAM: 4GB
- Disk 8GB
The Chef Workstation installer must run as a privileged user.
Chef Workstation installs to /opt/chef-workstation/ on macOS / Linux and C:\opscode\chef-workstation\ on Windows. These file locations should help avoid interference between these components and other applications that may be running on the target machine.
-
Dependency: Xcode is recommended for running Chef Workstation on macOS. While Chef Workstation works without Xcode, it is required for native Ruby Gem installation. Run xcode-select --install from the terminal to install Xcode.
-
Visit the Chef Workstation downloads page and select the appropriate package for your macOS version. Click on the Download button. https://downloads.chef.io/products/workstation#mac_os_x
-
Follow the steps to accept the license and install Chef Workstation.
Alternately, install Chef Workstation using Homebrew:
brew cask install chef-workstation-
Visit the Chef Workstation downloads page and select the appropriate package for your Windows version. Click on the Download button. https://downloads.chef.io/products/workstation#windows
-
Follow the steps to accept the license and install Chef Workstation. You will have the option to change your install location; by default the installer uses the
C:\opscode\chef-workstation\directory. -
Optional: Set the default shell. On Microsoft Windows it is strongly recommended to use Windows PowerShell instead of cmd.exe.
Here are the steps to set up a Windows Chef Workstation for development.
- Install Chocolatey first as it is really handy.
PowerShell.exe -Command "[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))"- Install Chef Workstation if you have not already done so.
PowerShell.exe -Command "iex (irm 'https://omnitruck.chef.io/install.ps1'); Install-Project -project chef-workstation -channel stable"- Install the following tools.
choco install googlechrome -y --no-progress --ignore-checksums
choco install vscode -y --no-progress
choco install cmder -y --no-progress
choco install git -y --no-progress
choco install openssh -y --pre --no-progress- Configure Git
Create a file called
.gitconfigin the directoryC:\Users\chef\with the following:
[user]
email = student@chef.com
name = chefNote: Feel free to use your own values.
- Configure Knife to speak to your Chef Server
a) Create a directoy for Chef. Run the PowerShell command chef generate repo c:\chef-repo --chef-license accept.
b) The .pem files you created when you configured the Chef Server need to be copied in the directory C:\chef-repo\.chef.
There will be 2 .pem files:
- chef_user.pem
- chef_organization.pem
- Create a
config.rbso Knife can communicate with Chef Server.
In the C:\chef-repo\.chef directory, create a file called config.rb. To do this you can run the command code config.rb.
current_dir = File.dirname(__FILE__)
log_level :info
log_location STDOUT
node_name "chef_user"
client_key "#{current_dir}/chef_user.pem"
chef_server_url "https://automate_hostname/organizations/chef_organization"
cookbook_path ["#{current_dir}/../cookbooks"]- Test Knife config with
knife user list
PS C:\chef-repo> knife user list
anthonyNote: The user you see will be the one you created on the Chef Server above.
Before you bootstrap your nodes, you need a base policy to apply and the cookbooks.