-
Notifications
You must be signed in to change notification settings - Fork 437
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: dishanktiwari2501 <[email protected]>
- Loading branch information
1 parent
17a4d6d
commit a10e67b
Showing
4 changed files
with
284 additions
and
223 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -13,168 +13,126 @@ draft = false | |
| weight = 10 | ||
| +++ | ||
|
|
||
| This getting started guide will walk through the necessary setup and configuration for Chef SaaS to connect and begin to utilize of the solution. | ||
|
|
||
| ## Prerequisites | ||
|
|
||
| 1. A System to install Chef Workstation | ||
|
|
||
| * Supported Platforms and System Requirements - https://docs.chef.io/workstation/install_workstation/ | ||
|
|
||
| 1. Chef SaaS Starter Kit (Provided by Progress Chef) | ||
|
|
||
| * SaaS Environment URL | ||
|
|
||
| * SaaS Credentials | ||
| This guide is a quick start for Chef SaaS. | ||
|
|
||
| * Pivotal PEM file for the initial setup of the environment (this PEM is only temporary and will be replaced in a later step) | ||
| ## Quick Start for Automate SAAS | ||
|
|
||
| ## Connect to Chef SaaS | ||
| Steps to start your Automate SaaS journey is given below: | ||
|
|
||
| Connect to the URL provided by Progress Chef and login with the admin account credentials to ensure that the environment is ready to be configured. | ||
| {{< note >}} Prerequisites: Workstation setup already installed. {{< /note >}} | ||
|
|
||
| ## Add an Infra Server in Chef SaaS Web UI | ||
| 1. Once you have the credentials, verify it by logging in to the environment through the Automate user interface. | ||
|
|
||
| Connected to the Chef SaaS Automate Web User Interface, following these steps to add the Infra Server to the environment. | ||
| 1. Once you have logged in, test the `admin` user and connect their Workstation to SaaS. | ||
|
|
||
| 1. Select Infrastructure in the top navigation. | ||
| If you do not have a workstation setup, follow the steps given below: | ||
|
|
||
| 1. Select Chef Infra Servers in the left-hand navigation. | ||
| 1. [Install](https://downloads.chef.io/tools/workstation) Chef Workstation. | ||
|
|
||
| 1. Click Add Chef Infra Server | ||
| 1. You will receive an e-mail in your provided mail id. The e-mail contains the server information. Use the server information to create your connection to Automate SaaS. | ||
|
|
||
| 1. Enter the following fields: | ||
| 1. Once you are connected, start connecting the nodes to Automate SaaS. | ||
|
|
||
| * Provide a unique Name for the Chef Infra Server. | ||
| ## Workstation Test | ||
|
|
||
| * Ensure that the Type selected is FQDN. | ||
| To start with the Workstation Test, go through the [Getting Started](https://docs.chef.io/workstation/getting_started/) section of Workstation. | ||
|
|
||
| * Enter the FQDN by copying the same URL that was used to connect to the Automate Web User Interface. (Example: mycompany-demo.saas.chef.io) | ||
| ### Configure Your User Credentials File | ||
|
|
||
| IMAGE | ||
| Your `.chef` directory contains a credentials file for communicating with the **Chef Infra Server**. You can generate the `.chef` file by running Knife Configure or by following the prompts. | ||
|
|
||
| 1. Select Add Chef Infra Server. | ||
| The knife configure command requires the following values: | ||
|
|
||
| ## Download Chef Workstation | ||
| * **Chef Server URL:** The full URL to your Chef Infra Server including the `org`. | ||
| * **Client Name:** The client name of the Server Administrator created for you. | ||
|
|
||
| https://downloads.chef.io/tools/workstation | ||
|
|
||
| ## Install Chef Workstation | ||
|
|
||
| https://docs.chef.io/workstation/install_workstation/ | ||
|
|
||
| ## Setup Chef Workstation | ||
|
|
||
| ### Setup Chef Repo | ||
|
|
||
| If you’re setting up Chef for the very first time in your organization, then you will need a Chef Infra repository for saving your cookbooks and other work. The chef-repo is a directory on your workstation that stores everything you need to define your infrastructure with Chef Infra: | ||
|
|
||
| 1. Cookbooks (including recipes, attributes, custom resources, libraries, and templates) | ||
|
|
||
| 1. Data bags | ||
|
|
||
| 1. Policyfiles | ||
|
|
||
| Use the chef generate repo command to create your Chef Infra repository. For example, to create a repository called chef-repo: | ||
| Your Chef administrator should provide the following information: | ||
|
|
||
| ```sh | ||
| chef generate repo chef-repo | ||
| current_dir = File.dirname(__FILE__) | ||
| log_level :info | ||
| log_location STDOUT | ||
| node_name "hshefu" | ||
| client_key "#{current_dir}/hshefu.pem" | ||
| chef_server_url https://api.chef.io/organizations/4thcafe-web-team | ||
| cookbook_path ["#{current_dir}/../cookbooks"] | ||
| ``` | ||
|
|
||
| ### Setup Chef Credentials file | ||
|
|
||
| To continue with the configuration of Workstation with Chef SaaS, a credentials file must be created. This file will be updated with new credentials that are created later in the setup. | ||
|
|
||
| 1. On workstation run: knife configure init | ||
|
|
||
| 1. This will prompt you with several questions: | ||
|
|
||
| * Enter the Chef Server URL provided in the Starter Kit (Example: mycompany-demo.saas.chef.io) | ||
|
|
||
| * For the existing username or clientname for the API, enter pivotal which is the Super User account provided in the Starter Kit. | ||
|
|
||
| 1. Ensure that the pivotal.pem file provided in the Starter Kit is copied to the ~/.chef directory prior to running any additional commands with Knife. | ||
|
|
||
| The credentials file that gets created in the ~/.chef directory should look similar to this: | ||
|
|
||
| IMAGE | ||
| Use the `chef_server_url` and `node_name` values from the file when running knife configure. | ||
|
|
||
| ### Create Organization in CLI | ||
|
|
||
| A Chef Organization must be added to Infra Server and acts as a top-level entity for role-based access control. Use the knife org create command to create your Chef Organization. For example, to create an Organization called myorg: | ||
|
|
||
| ```sh | ||
| Knife org create myorg “My New Organization” | ||
| ``` | ||
|
|
||
| The private key for the organization’s validator client is returned. | ||
|
|
||
| ### Create User in CLI | ||
|
|
||
| A new user must be created which will be associated with the new Chef Organization and will be leveraged in the credentials file. Use the knife user create command to create your new user account. For example, to create a User named chefadmin: | ||
|
|
||
| ```sh | ||
| knife user create chefadmin --first-name Chef --last-name Admin --email [email protected] –password securepassword -f chefadmin.pem | ||
| ``` | ||
|
|
||
| Ensure the new chefadmin.pem file that is created with this command is copied to the ~/.chef directory prior to updating credentials file later in this document. | ||
|
|
||
| ### Add New User to Organization in CLI | ||
|
|
||
| Now that the Organization and User are created, the two must be associated together. Use the knife org user command to add the user to an organization. For example, to add the User named chefadmin to the Organization called myorg: | ||
|
|
||
| ```sh | ||
| knife org user add myorg chefadmin | ||
| ``` | ||
| ## Verify Client-to-Server Communication | ||
|
|
||
| ### Update Credentials file to use new account | ||
| To verify that the Chef Workstation can connect to the Chef Infra Server: | ||
|
|
||
| The credentials file located under the ~/.chef directory on Chef Workstation needs to be updated to reflect the new Organization, User, and PEM file. | ||
| Run the following command on the command line: | ||
|
|
||
| 1. Navigate to ~/.chef | ||
| ### Knife Client List | ||
|
|
||
| 1. Modify the credentials file | ||
| ### Workstation Setup | ||
|
|
||
| * Change the client_name to the new account that was created (Example: chefadmin) | ||
| 1. To set up the workstation on your instance follow these steps: | ||
|
|
||
| * Change the client_key to the new PEM file that was created (Example: ‘home/admin/.chef/chefadmin.pem’ | ||
| * Install the latest version of Chef Workstation on the Ubuntu system. Install the version using the command shown below: | ||
|
|
||
| * Change the chef_server_url to include the new Organization (Example: ‘https://mycompany-demo.saas.chef.io/organizations/myorg’ | ||
| ```sh | ||
| wget https://packages.chef.io/files/stable/chef-workstation/21.2.524/ubuntu/20.04/chef-workstation_21.2.524-1_amd64.deb | ||
| ``` | ||
|
|
||
| * Save and Quit | ||
| * For Deb packaging run the following command: | ||
|
|
||
| IMAGE | ||
| ```sh | ||
| dpkg -i chef-workstation_21.2.524-1_amd64.deb | ||
| ``` | ||
|
|
||
| ### Create Organization in Web User Interface | ||
| * Verify installation by running the following command: | ||
|
|
||
| The following steps will add the Organization in the Chef SaaS Web User Interface to allow for visualization of Cookbooks, Data Bags, Nodes, Policyfiles, etc. Connect to the URL provided by Progress Chef and login with the admin account credentials. | ||
| ```sh | ||
| chef -v | ||
| ``` | ||
|
|
||
| 1. Select Infrastructure in the top navigation. | ||
| For additional information refer to the [Install Workstation](https://docs.chef.io/workstation/install_workstation/) page. | ||
|
|
||
| 1. Select Chef Infra Servers in the left-hand navigation. | ||
| * Generate `chef-repo` using the following command: | ||
|
|
||
| 1. Select the Infra Server that was created earlier. | ||
| ```sh | ||
| chef generate repo chef-repo | ||
| ``` | ||
|
|
||
| 1. Click Add Chef Organization. | ||
| For additional information refer to the [Getting Started](https://docs.chef.io/workstation/getting_started/) page of Workstation. | ||
|
|
||
| * Provide the Name of the Organization that was created earlier in the CLI. (Example: myorg) | ||
| * Paste the `pem` file of user inside `/root/.chef/<pem_file_of_user>`. | ||
|
|
||
| * For Admin User, enter the new account that was created earlier (Example: chefadmin) | ||
| * Paste the `pem` file of node you want to bootstrap inside `/root/.ssh/<pem_file_of_node>`. | ||
|
|
||
| * For Admin Key, paste the contents of the new PEM file that was created along with the account (Example: chefadmin.pem) | ||
| * Edit credentials file using the following command: | ||
|
|
||
| * Click Add Chef Organization | ||
| ```sh | ||
| vi /root/.chef/credentials | ||
| ``` | ||
|
|
||
| IMAGE | ||
| Provide the name of the user created in **chef_server**, the correct path of `pem` file of the user, and the chef server URL and organization name. | ||
|
|
||
| ### Run Knife SSL Check | ||
| ```sh | ||
| [default] | ||
| client_name = "<name_of_user>" | ||
| client_key = "/root/.chef/<pem_file_of_user>" | ||
| chef_server_url = "https://demo-server.saas.chef.io/organizations/<name_of_organization>/" | ||
| ``` | ||
|
|
||
| Chef SaaS leverages public certificates to ensure a secure connection to the service. It is always best to run an SSL check on Workstation to verify that the certificate is trusted to eliminate any connection issues. | ||
| * Run bootstrap command using the following command: | ||
|
|
||
| 1. Run the following command: knife ssl check and ensure a successful message is displayed. | ||
| ```sh | ||
| knife bootstrap <Public_ip> -i ~/<pem_file_of_node> -U ubuntu -N <name_of_node> --sudo | ||
| ``` | ||
|
|
||
| ### Run Knife client list | ||
| * **Public IP**: Public IP is the IP address of node which we are bootstrapping. | ||
|
|
||
| Lastly, run a client list command to verify that a successful connection can be made to the new organization. | ||
| * **pem_file_of_node**: `pem` file of node which we have saved at `/root/.ssh/<pem_file_of_node>`. | ||
|
|
||
| 1. Run the following command: knife client list and ensure a validator entry is returned (Example: myorg-validator) | ||
| * **name_of_node**: You can provide any name to your node. | ||
Oops, something went wrong.