Chef Automate for Microsoft Azure

[edit on GitHub]

Microsoft Azure is a cloud hosting platform from Microsoft that provides virtual machines and integrated services for you to use with your cloud and hybrid applications. Through the Azure Marketplace and the Azure portal, virtual machines can be bootstrapped and ready to run Chef Automate, Chef Compliance and Chef client.

Chef Automate

Chef provides a fully functional Chef Automate server that can be launched from the Azure Marketplace. A single VM running Chef Automate and Chef server will be provisioned and configured for you. The only requirement is that you provide your own Chef Automate license at the time of launch; otherwise, Chef Automate will run under a 30-day free trial. If you would like to continue using the image after 30 days, please contact amp@chef.io to obtain a new license.

  1. Sign in to the Azure portal and authenticate using your Microsoft Azure account credentials.

  2. Click the New icon in the upper-left corner of the portal and search the Azure Marketplace for Chef Automate.

  3. Locate the Chef Automate product and click the create button to launch it through the Resource Manager.

  4. Complete each configuration step, agree to the software and marketplace terms and create the Chef Automate VM.

    Note

    Remember the DNS label of the Chef Automate VM. It will be required to access the Chef Automate UI and Chef server.

  5. While the Chef Automate VM is being provisioned, download and install the Chef development kit. The Chef development kit is a collection of tools —Test Kitchen, ChefSpec, knife, delivery-cli, chef, chef-vault, Foodcritic, and more— and libraries that are all packaged together to get your started with the Chef Automate workflow. You’ll need this to interact with Chef Automate and Chef server from the command line.

  6. After the VM has been provisioned and the Resource Manager has completed (usually 10 to 13 minutes), finish configuring Chef Automate and Chef server. Access the initial configuration page by loading the /biscotti/setup route. Build the URL by prepending https:// and appending /biscotti/setup to the DNS label that you chose when the VM was launched. For example, https://<dns_label>.<location>.cloudapp.azure.com/biscotti/setup or https://chef-automate-01.eastus.cloudapp.azure.com/biscotti/setup.

    Note

    In order to use TLS/SSL for the Chef Automate Web UI, the VM will automatically create and use a self-signed SSL certificate. Modern web browsers typically warn about self-signed certificates during login; however, in this case, you can ignore the warning and accept the certificate.

  7. Fill out the setup form and submit it.

  8. Follow the link and log into the Chef Automate web UI.

  9. Extract the starter_kit.zip file to a directory on the workstation. Open a command prompt and change into the chef-repo directory extracted from the starter kit. For example:

    $ cd ~/Downloads
    $ unzip starter_kit.zip
    $ cd starter_kit/chef-repo
    
  10. Run knife client list to test the connection to the Chef server. The command should return <orgname>-validator, where <orgname> is the name of the organization that was created previously.

  11. Optionally, bootstrap a node using knife.

    $ cd ~/Downloads/starter_kit/chef-repo
    $ knife bootstrap chef-automate-01.eastus.cloudapp.azure.com --ssh-user azure --sudo
    

Migrate to Chef Automate on Microsoft Azure

The process of migrating from an existing Chef server installation to the Chef Automate Azure VM image differs depending on which software version is being used and the location in which it is deployed. In all scenarios, data is first migrated to the latest Chef server schema, after which it is migrated to the Chef Automate Azure VM image.

  • Verify that the latest version of the Chef server is installed by using the platform package manager. For example, in a terminal run rpm -qa | grep chef-server-core on CentOS/RHEL or dpkg -l | grep chef-server-core on Ubuntu/Debian. Compare the result to the latest version available on the downloads site. If you are not using the latest version, download the package and then upgrade to the latest version.
  • Upgrade an Enterprise Chef node to the latest version of the Chef server by following the enterprise upgrade instructions.
  • Upgrade an Open Source Chef node to the latest version of the Chef server by following the open source upgrade instructions.

After verifying that your existing Chef server installation is up to date, do the following to migrate to the Chef Automate Azure VM:

  1. Backup the data on the Chef server using knife ec backup. This backup method will export all Chef server data into nested JSON files that can be used to import into the Chef Automate Azure VM. We must use the JSON-based backup and restore procedure because the Chef server data on the Chef Automate VM image is stored in a combined configuration with Chef Automate, therefore, using file based backups from your existing Chef server is not supported.

    Note

    The Chef server services must be online for the entire duration of the backup.

    $ mkdir -p /tmp/chef-backup
    $ /opt/opscode/embedded/bin/knife ec backup /tmp/chef-backup --with-user-sql --with-key-sql
    $ tar -czvf chef-backup.tgz -C /tmp/chef-backup
    
  2. Using the Admin Username and FQDN that you choose when provisioning the Chef Automate Azure VM from the Azure portal, copy the resulting tarball to your Azure VM:

    $ scp /tmp/chef-backup.tgz <Admin Username>@<FQDN>:/tmp/
    

    Note

    You can find the FQDN of the Automate VM by checking the deployment outputs in the Azure portal. Navigate to the resource group, click on the deployment history, select the main template and location the FQDN in the outputs section.

  3. Login to your Chef Automate VM and ensure that it is running the latest version of the Chef server:

    $ chef-marketplace-ctl upgrade --server
    
  4. Reconfigure Chef Automate and the Chef server:

    $ sudo automate-ctl reconfigure
    $ sudo chef-server-ctl reconfigure
    
  5. Restore the backup:

    $ mkdir -p /tmp/chef-backup
    $ mv /tmp/chef-backup.tgz /tmp/chef-backup
    $ cd /tmp/chef-backup
    $ tar -ztf chef-backup.tgz
    $ /opt/opscode/embedded/bin/knife ec restore /tmp/chef-backup --with-user-sql --with-key-sql
    
  6. Update your workstation knife configuration. Open .chef/config.rb in a text editor and modify the chef_server_url with your Azure VM FQDN. For example:

    $ vim ~/chef-repo/.chef/config.rb
    

    will open a config.rb file similar to:

    current_dir = ::File.dirname(__FILE__)
    log_level                :info
    log_location             $stdout
    node_name                'your_username'
    client_key               "#{current_dir}/your_username.pem"
    validation_client_name   'your_orgname-validator'
    validation_key           "#{current_dir}/your_orgname-validator.pem"
    chef_server_url          'https://<FQDN>/organizations/your_org'
    cookbook_path            ["#{current_dir}/../cookbooks"]
    
  7. Run knife ssl fetch to add the Chef server SSL certificate as a trusted SSL certificate.

  8. Run knife client list to test the connection to the Chef server. The command should return <orgname>-validator, where <orgname> is the name of the organization that was created previously.

  9. Update the /etc/chef/client.rb on all of your nodes to use the new FQDN. For example:

    $ knife ssh name:* 'sudo sed -ie "s/chef_server_url.*/chef_server_url 'https://<FQDN>/organizations/your_org'/" /etc/chef/client.rb