Try Chef Automate on Elastic Compute Service

Overview and Objectives

This post features a walkthrough on how to set up and get started with a trial version of Chef Automate in minutes on your Alibaba Cloud Elastic Compute Service (ECS) Ubuntu machine.

About Chef Automate

Chef Automate is a full suite of an enterprise platform to enable continuous automation for delivering infrastructure, compliance, applications effortlessly. It provides actionable insights into the state of your compliance, configurations with an auditable history of every change that’s been applied to your environments.

  • Chef is for infrastructure automation. It helps you to turn infrastructure into code and serve it up quickly with a historical change backlogs.
  • InSpec is for compliance automation. It helps you to assess your infrastructure’s adherence to compliance requirements, correct compliance failures, and monitor your infrastructure on an ongoing basis.
  • Habitat is for application automation. It is a way to build and run your applications both on containers and using traditional services, such as the cloud or on-premise.


You should have an Alibaba Cloud account. If you don’t have one already, visit the Free Trial page for a free account.

Installing Chef Automate

Step 1: Launch Alibaba Cloud ECS Instance for Linux Machine

Chef Automate requires the following minimum system resources in order to work on Ubuntu 16.04 instance:

  • 4GB Ram
  • 5 GB free disk space
  • 2 CPUs

Step 2: Connect ECS Instance Using SSH

Here we’ll show you how to connect ECS instance using terminal on Mac or Linux. If you are using Windows computer to connect the instance, please follow Alibaba's comprehensive guide about it.

LocalMacbook:~ local$ ssh root@
The authenticity of host ' (' can't be established.
ECDSA key fingerprint is SHA256:mIPEqy7CFf6Xv9/5NDxTksbX+t/4IY6+hB0D6+8+NFE.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '' (ECDSA) to the list of known hosts.
root@'s password:
Welcome to Alibaba Cloud Elastic Compute Service !
Last login: Sun Feb 10 05:16:29 2019 from *********
root@iZrj91bne18a1ghb4zbdn6Z:~# sudo apt-get update

Step 3: Install Chef Automate

In order to install Chef Automate, run curl command as shown below. It will download latest Chef Automate Linux Package installer from the Chef's official package distribution service and unzip the executable installer file.

root@iZrj91bne18a1ghb4zbdn6Z:~#  curl | gunzip - > chef-automate && chmod +x chef-automate
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 8689k 100 8689k 0 0 17.3M 0 --:--:-- --:--:-- --:--:-- 17.3M
root@iZrj91bne18a1ghb4zbdn6Z:~# sudo ./chef-automate deploy
fqdn = "your-instance-s-public-ip-address"
root@iZrj91bne18a1ghb4zbdn6Z:~# sudo cat automate-credentials.toml

Configure Chef Automate

Chef Automate installs a chef-automate CLI to provide some configuration commands to help you work and configure your existing Chef Automate installation. Above, at Step 3, we already used it to configure FQDN settings of our installation. Here, we'll explain some more use cases where you can work with it.

  • chef-automate config show shows you your current Chef Automate settings with the exception of default configurations.
  • Chef Automate uses TOML file format for configuration files. In order to update your existing Chef Automate configuration, create a file which includes your changes and save it with .toml file extension. Then use chef-automate patch </path/to/partial-config.toml> to apply any changes into your existing configuration. This command is sufficient in most situations while dealing with Chef Automate settings.
  • If you want to replace the current Chef Automate settings with completely new one, use chef-automate config set </path/to/full-config.toml> command. To be able to generate the configuration file with minimum settings needed to deploy Chef Automate, you can use chef-automate init-config command. Below we'll describe those settings and how to change them.
  • Chef Automate FQDN: We already used this option above to reach Chef Automate Web UI. Create a .toml file that contains the partial configuration as shown below:
fqdn = ""
  • Update Strategy: It allows you to decide how Chef Automate will be upgraded. The default option is at-once which upgrades the installation when new packages are detected. If you want to freeze the installation with current set of packages, create a .toml file that contains the partial configuration as shown below:
upgrade_strategy = "none"
  • Load Balancer Certificate and Private Key: When we try to open Chef Automate Web UI, the browser returned an error regarding SSL certificate. In order to fix this error, you should update Load Balancer Certificate and Private Key regarding your FQDN settings. Create a .toml file that contains the partial configuration which contains the SSL certificate and its private key as shown below:
# The TLS certificate for the load balancer frontend.
cert = """-----BEGIN CERTIFICATE-----
<your certificate>
# The TLS RSA key for the load balancer frontend.
key = """-----BEGIN RSA PRIVATE KEY-----
<your private key>
  • Global Log Level: By default, Chef Automate will initialize all services at the info log level, but there are following settings available: debug, info, warning, panic and fatal. In order to change the logging level of services, create a .toml file that contains the partial configuration for logging level as shown below:
level = "debug"

Original Source



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Alibaba Cloud

Alibaba Cloud

Follow me to keep abreast with the latest technology news, industry insights, and developer trends. Alibaba Cloud website: