In a previous article, we worked on building a Windows machine with Chef SDK and the main purpose was to create our cookbooks and recipes and upload them to a Chef server.
The Chef server comes in several flavors: on-premises or as an appliance in Microsoft Azure or AWS Cloud. In this article, we will be creating the Chef server in Microsoft Azure. Using Azure, we will provide a Chef server that is a Linux-based VM. The first step is to configure an SSH key pair to be used to connect to the VM to be created.
We are all about interoperability, and to make things interesting we will be using a MacOS client to create the certificates required to connect to the new Chef server. In order to create the keys, we will use the command below to create the private and public key. We can also define a passphrase (not a requirement). By default, the files created are id_rsa for the private key and id_rsa.pub for the public key.
Ssh-keygen -t rsa –b 2048
After creating the keys, our next step is to copy the public key to the memory. Since we are using a Mac OS, we can store all the content of the file id_rsa.pub, which is displayed using cat in memory by using pipe and adding the command pbcopy. To validate if the pbcopy has the entire information, we are using pbpaste to display the memory content. The following sequence of commands and their short description will help you to understand the steps.
|cd ~||Go to the user’s home folder|
|cd .ssh||Go to the hidden folder .ssh|
|ls||Retrieve all files. We should be able to see the public and private keys|
|cat id_rsa.pub | pbcopy||Retrieve the public key to the memory. This content will be used on Microsoft Azure portal|
|Pbpaste||Validate the output|
All commands described above on the left column are depicted in the image below.
The next step is to configure the Chef server in Microsoft Azure. Logged on the Azure Portal, click on New, type in Chef Automate and select it from the list. In the first blade a summary of the Chef Automate solution, click on Create. Note: If you don’t have a license, you can deploy and use with a free 30-day trial — just leave the license field empty.
In the Basics blade, define a username and paste the public key that we generated in the previous step. When provisioning a Chef server, we must use a new or empty Resource Group. Click on Okay.
In the Virtual Machine Settings blade, we can define the storage account, diagnostics storage account, VM size, which can be left using default values. What we need to focus on this point are these key settings:
- Chef Automate FQDN DNS Label, which is the name that we will find this server and it will be publicly available.
- Virtual Network, where we should place the server. The recommendation is to use the same segment of the current production servers.
- Subnets: Use an existent subnet where this server would be able to communicate with any existent servers (if any).
In all other blades required to complete the provisioning, just leave default settings and wait for the completion of the VM creation process.
After the provisioning process is complete, we can check the ChefAutomate VM on the Resource Group that we created during the provisioning process. In the Overview tab, we can copy the DNS Name. In our example here it is andersonlab.canadaeast.cloudapp.azure.com.
Initializing the Chef server
After provisioning the Chef Automation VM, we need to use the DNS name that we defined during the provisioning of the VM and add the prefix https and the suffix /biscotti/setup to the string that we copied in the previous step. The complete URL will be something similar to this: https://andersonlab.canadaeast.cloudapp.azure.com/biscotti/setup
The initial page of the setup will ask some personal information and the most important is the Organization Name . After filling out all the information, click on Setup Chef Automate and Download Starter Kit.
The next page will be a “You’re all set” and the starter_kit.zip will be downloaded. That file is important to configure the environment. It has all the passwords used by Chef on the file chef-automate-credentials.txt. (We will have username and credentials for admin, builder and user.)
The second important piece of information is the folder .chef , which contains all the required certificates and the knife.rb, which has all configuration to connect the local workstation (Chef SDK) with the Chef server in Microsoft Azure.
We should copy the entire folder .chef to the C:\Chef\ folder and after that we will be able to send cookbooks from the Chef SDK to the Chef server.
We can test the connection between our workstation and the Chef server by running the knife ssl check command, and the result should be similar to the image below.
Generating a cookbook and uploading to the Chef server
Logged on the Chef SDK machine, we will create a new cookbook called CoreWS, and we will be using the following command depicted in the image below. This command will generate the structure of folders required for the cookbook. Our next step is to edit the default.rb located under Recipes folder and enter our recipe information. We can have more than one recipe in a cookbook.
To upload a specific cookbook to the server, use the following command from the command line:
Knife upload cookbook cookboks\CoreWS
The result of the operation can be seen on the Chef Automate server where the first cookbook was uploaded.
In this article, we covered the basic steps to provision a Chef server in Microsoft Azure. In future articles, we will be going over the nodes that are a key part of the Chef system and using more of Chef to build consistent servers and create consistency among those servers.
Photo credit: Shutterstock