Try Chef Automate on Elastic Compute Service

By Ilhan Adiyaman, Alibaba Cloud Tech Share Author. Tech Share is Alibaba Cloud’s incentive program to encourage the sharing of technical knowledge and best practices within the cloud community.

Overview and Objectives

This post features a walkthrough on how to set up and get started with a trial version of Chef Automate in minutes on your Alibaba Cloud Elastic Compute Service (ECS) Ubuntu machine.

About Chef Automate

Chef Automate is a full suite of an enterprise platform to enable continuous automation for delivering infrastructure, compliance, applications effortlessly. It provides actionable insights into the state of your compliance, configurations with an auditable history of every change that’s been applied to your environments.

Chef Automate integrates with the open-source products Chef, InSpec and Habitat and it comes with a comprehensive 24×7 support services for the entire platform, including open source components.

  • Chef is for infrastructure automation. It helps you to turn infrastructure into code and serve it up quickly with a historical change backlogs.
  • InSpec is for compliance automation. It helps you to assess your infrastructure’s adherence to compliance requirements, correct compliance failures, and monitor your infrastructure on an ongoing basis.
  • Habitat is for application automation. It is a way to build and run your applications both on containers and using traditional services, such as the cloud or on-premise.

In this walkthrough, we will guide you to install Chef Automate on Ubuntu machine and introduce the core features of it.

Prerequisites

You should have an Alibaba Cloud account. If you don’t have one already, visit the Free Trial page for a free account.

Installing Chef Automate

Step 1: Launch Alibaba Cloud ECS Instance for Linux Machine

Chef Automate requires the following minimum system resources in order to work on Ubuntu 16.04 instance:

  • 4GB Ram
  • 5 GB free disk space
  • 2 CPUs

In order to match with these requirements, we will launch ecs.t5-lc1m2.large instance which has 2 vCPU+4Gib memory with 40 GiB Ultra Cloud Disks. Follow the steps below to launch an instance with this configuration.

1. Login to your Alibaba Cloud ECS Management Console, where you will be redirected to the main dashboard.

Image for post

2. Click Elastic Compute Service under the Products section. This will take you to the ECS overview dashboard.

Image for post

3. Click Create Instance button. It will redirect you to ECS instance creating wizard. Here, you will have two types of purchase depending on your needs: Basic Purchase and Advanced Purchase. For the sake of the guide, we’ll pick Basic Purhcases. Pick a data center region launch your ECS instance. Choose instance type as Burstable Type t5 2C4G where it perfectly matches with Chef Automate minimum system requirements.

Image for post

4. You will now select the Operating System from the dropdown menu. Select Ubuntu as operating system and 16.04 64bit for the version.

Image for post

5. We’ll use VPC network type and pay-by-traffic billing type for the demo, therefore we don’t need to customize them. However, to be able to connect Chef Automate from the local computer, we’ll need a public IP address. Therefore, increase the bandwidth 1Mbps or more to allocate a public IP address for your instance.

Image for post

6. Review the details of your purchase configuration, and make changes if needed. Click Buy Now to confirm and launch your server.

Image for post

7. You will see your instances in the Instances section of ECS dashboard.

Image for post

8. Click Manage to see detailed informations about your instance. We’ll use SSH for connecting our instance. First, save your instance’s public IP address. Next, change the login password of the instance by clicking Moreand Reset Password from the Basic Information section.

Image for post

9. Enter a new password and restart the instance for the new password to take effect.

Image for post

10. Navigate to Security Groups from the left panel and select Add Rules.

Image for post

11. We’ll use Port 22 to connect the instance and Port 443 to reach the Chef Automate Web UI. Check whether the instance is already set to allow inbound traffic from Port 22 and 443.

Image for post

If not, select Add Security Group Rules to create a new rule.

Image for post

Step 2: Connect ECS Instance Using SSH

Here we’ll show you how to connect ECS instance using terminal on Mac or Linux. If you are using Windows computer to connect the instance, please follow Alibaba's comprehensive guide about it.

Open terminal and run ssh root@[your-instance-public-ip] firstly. Then it will ask you to add host key fingerprint to local storage, write yes. Finally, enter your logon password that you setup at step 9 above. The outputs will look as similar below:

LocalMacbook:~ local$ ssh root@47.89.255.199
The authenticity of host '47.89.255.199 (47.89.255.199)' can't be established.
ECDSA key fingerprint is SHA256:mIPEqy7CFf6Xv9/5NDxTksbX+t/4IY6+hB0D6+8+NFE.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '47.89.255.199' (ECDSA) to the list of known hosts.
root@47.89.255.199's password:
Welcome to Alibaba Cloud Elastic Compute Service !
Last login: Sun Feb 10 05:16:29 2019 from *********
root@iZrj91bne18a1ghb4zbdn6Z:~#

At this stage, you are successfully logged in your Ubuntu 16.04 instance run on Alibaba Cloud. Let’s first update the package list before starting to install anything else. Run the command shown as below.

root@iZrj91bne18a1ghb4zbdn6Z:~# sudo apt-get update

Step 3: Install Chef Automate

In order to install Chef Automate, run curl command as shown below. It will download latest Chef Automate Linux Package installer from the Chef's official package distribution service and unzip the executable installer file.

root@iZrj91bne18a1ghb4zbdn6Z:~#  curl https://packages.chef.io/files/current/automate/latest/chef-automate_linux_amd64.zip | gunzip - > chef-automate && chmod +x chef-automate
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 8689k 100 8689k 0 0 17.3M 0 --:--:-- --:--:-- --:--:-- 17.3M

Run the command below to setup Chef Automate on your instance.

root@iZrj91bne18a1ghb4zbdn6Z:~# sudo ./chef-automate deploy

You will be prompted to accept Chef’s Terms of Service and Master License and Services Agreement. Once you’ve accepted these agreements, the installer will make a pre-flight checks. If everything works well, then it will download, configure, and deploy Chef Automate. Otherwise, try to solve the failed checks by reading the information provided by the installer.

When installer completes, it will return an URL address to access the Web UI. However, it won’t work as we didn’t set up fully qualified domain name (FQDN) of the instance. For the sake of the demo installation, we’ll change the FQDN with our instance’s public ip address. However, in production environment, you should prefer obtaining a domain name for your services.

To change the FQDN of your Chef Automate installation with your instance’s public ip address, create a .toml file that contains the partial configuration:

[global.v1]
fqdn = "your-instance-s-public-ip-address"

Then run chef-automate config patch </path/to/your-file.toml> to deploy your change. Now from your web browser, you can navigate to https://your-instances-public-ip-address to reach Chef Automate Web UI. It might take a minute or so for the site to become available after launch.

The first time you connect you will be presented with a screen saying Your connection is not private. The reason for this is you are using HTTPS, but there is no SSL certificate. That’s OK in our test environment, so click on Advanced then Proceed to your-instance-public-ip-address (unsafe).

You will be prompted for login credentials. You can find these credentials in the file automate-credentials.tomlwithin the instance, so connect to the instance and cat that file.

root@iZrj91bne18a1ghb4zbdn6Z:~# sudo cat automate-credentials.toml
Image for post

You will then be prompted to register for a 60 day trial license. Fill in the form as appropriate, click to agree the Terms and Conditions and click Sign Up.

Image for post

It will show you a date for when the trial license will expire. Click It’s ok, I know what I am doing to see the main Chef Automate screen.

Image for post

At the top, you will see six tabs — Event Feeds, Client Runs, Compliance, Scan Jobs, Asset Store, and Settings. The default view upon login is the Event Feeds tab. This tab shows a timeline representing Chef Server and Compliance events.

Configure Chef Automate

Chef Automate installs a chef-automate CLI to provide some configuration commands to help you work and configure your existing Chef Automate installation. Above, at Step 3, we already used it to configure FQDN settings of our installation. Here, we'll explain some more use cases where you can work with it.

Important: The commands below might require sudo privileges.

  • chef-automate config show shows you your current Chef Automate settings with the exception of default configurations.
  • Chef Automate uses TOML file format for configuration files. In order to update your existing Chef Automate configuration, create a file which includes your changes and save it with .toml file extension. Then use chef-automate patch </path/to/partial-config.toml> to apply any changes into your existing configuration. This command is sufficient in most situations while dealing with Chef Automate settings.
  • If you want to replace the current Chef Automate settings with completely new one, use chef-automate config set </path/to/full-config.toml> command. To be able to generate the configuration file with minimum settings needed to deploy Chef Automate, you can use chef-automate init-config command. Below we'll describe those settings and how to change them.
  • Chef Automate FQDN: We already used this option above to reach Chef Automate Web UI. Create a .toml file that contains the partial configuration as shown below:
[global.v1]
fqdn = "example.fqdn.com"

then run chef-automate config patch </path/to/fqdn-patch-file.toml> to apply changes.

  • Update Strategy: It allows you to decide how Chef Automate will be upgraded. The default option is at-once which upgrades the installation when new packages are detected. If you want to freeze the installation with current set of packages, create a .toml file that contains the partial configuration as shown below:
[deployment.v1]
[deployment.v1.svc]
upgrade_strategy = "none"

then run chef-automate config patch </path/to/update-strategy-patch-file.toml> to apply changes.

  • Load Balancer Certificate and Private Key: When we try to open Chef Automate Web UI, the browser returned an error regarding SSL certificate. In order to fix this error, you should update Load Balancer Certificate and Private Key regarding your FQDN settings. Create a .toml file that contains the partial configuration which contains the SSL certificate and its private key as shown below:
[load_balancer]
[[load_balancer.v1.sys.frontend_tls]]
# The TLS certificate for the load balancer frontend.
cert = """-----BEGIN CERTIFICATE-----
<your certificate>
-----END CERTIFICATE-----
"""
# The TLS RSA key for the load balancer frontend.
key = """-----BEGIN RSA PRIVATE KEY-----
<your private key>
-----END RSA PRIVATE KEY-----
"""

then run chef-automate config patch </path/to/load-balancer-patch-file.toml> to apply changes.

  • Global Log Level: By default, Chef Automate will initialize all services at the info log level, but there are following settings available: debug, info, warning, panic and fatal. In order to change the logging level of services, create a .toml file that contains the partial configuration for logging level as shown below:
[global.v1.log]
level = "debug"

then run chef-automate config patch </path/to/log-level-patch-file.toml> to apply changes.

Here, we explain only the minimal configurations that you might need during the first baby steps of using Chef Automate. If you want to learn more about the configuration options of Chef Automate, please check the comprehensive documentation that explains all other configuration options in detail.

Original Source

https://www.alibabacloud.com/blog/try-chef-automate-on-elastic-compute-service_594944?spm=a2c41.13075892.0.0

Written by

Follow me to keep abreast with the latest technology news, industry insights, and developer trends.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store