Install Chef Infra Server With Automate
Warning
Warning
Use Chef Automate to install Chef Infra Server either for a single-host installation that contains both Chef Infra Server and Chef Automate, or for a standalone Chef Infra Server instance. See the Chef Infra Server documentation for instructions and guidance on using and managing your Chef Infra Server.
System Requirements and Prerequisites
Before beginning your installation, check the System Requirements for Chef Automate, and ensure that the chef-automate
command line tool installed.
To download the chef-automate
command line tool, run the following command in your command line interface:
curl https://packages.chef.io/files/current/latest/chef-automate-cli/chef-automate_linux_amd64.zip | gunzip - > chef-automate && chmod +x chef-automate
Install Chef Automate and Chef Infra Server on the Same Host
Use either a command line interface or a configuration file to install Chef Automate and Chef Infra Server on the same host.
Installations require elevated privileges, so run the commands as the superuser or use sudo
at the start of each command.
Hardware Requirements for Single-Host Installation
For a single-host installation that contains Chef Infra Server and Chef Automate, we recommend the following memory and vCPU minimums:
- up to 200 managed nodes: 8GB RAM, 2 vCPUs
- between 200 and 500 managed nodes: 30GB RAM, 4 vCPUs
- between 500 and 5000 managed nodes: 61GB RAM, 8vCPUs
A single-host installation that contains Chef Infra Server and Chef Automate requires a /hab
directory that contains 80 GB of disk space for software artifacts plus 2 MB of disk space per managed node.
Command Line Install of Chef Automate and Infra Server
Install Chef Automate and Chef Infra Server on the same host with this command:
sudo chef-automate deploy --product automate --product infra-server
Then, set up knife for use with Chef Infra Server.
Configuration File Install of Chef Automate and Infra Server
Installing Chef Automate and Chef Infra Server on the same host using a configuration file also requires the use of the Chef Automate CLI.
Installations require elevated privileges, so run the commands as the superuser or use sudo
at the start of each command.
First, generate a skeleton configuration file by running this command:
sudo chef-automate init-config
Add a stanza to the configuration file to deploy Chef Automate and Chef Infra Server:
[deployment.v1.svc] products=["automate", "infra-server"]
Make any other configuration changes desired.
Run the
chef-automate deploy
command with your configuration file:sudo chef-automate deploy config.toml
Set up knife for use with Chef Infra Server.
Install A Standalone Chef Infra Server
Use either a command line interface or a configuration file to install Chef Infra Server using the Chef Automate deploy
command.
Refer to the Chef Infra Server hardware requirements for guidance on memory and number of CPUs.
Command Line Install of Standalone Chef Infra Server
When Chef Automate deploys the Chef Infra Server, it automatically configures the Chef Infra Server to collect data to send to Chef Automate.
To deploy a standalone Chef Infra Server with Chef Automate, you must turn off data collection in the configuration.
Installations require elevated privileges, so run the commands as the superuser or use sudo
at the start of each command.
First, generate a skeleton configuration file by running:
sudo chef-automate init-config
Add a stanza to the configuration file to disable Chef Automate data collection:
[erchef.v1.sys.data_collector] enabled = false
Use the configuration file to deploy Chef Infra Server by running the following command:
sudo chef-automate deploy --product infra-server <configuration_file>
Set up knife for use with Chef Infra Server.
To send data from the Chef Infra Server to an external Chef Automate installation, first create a
patch.toml
file that contains the configuration stanza:[global.v1.external.automate] enable = true node = "https://<automate server url>" [global.v1.external.automate.auth] token = "<data-collector token>" [global.v1.external.automate.ssl] server_name = "<server name from the automate server ssl cert>" root_cert = """<pem format root CA cert> """ [auth_n.v1.sys.service] # It is fine to use an A2 data collector token. a1_data_collector_token = "<data-collector token>" [erchef.v1.sys.data_collector] enabled = true
Then run
chef-automate config patch patch.toml
to patch your Chef Infra Server configuration.
Install a Standalone Chef Infra Server with a Configuration File
Installing Chef Infra Server through Chef Automate using a configuration file also requires the use of the Chef Automate CLI.
When Chef Automate deploys the Chef Infra Server, it automatically configures the Chef Infra Server to collect data to send to Chef Automate.
To deploy a standalone Chef Infra Server with Chef Automate, you must turn off data collection in the configuration.
Installations require elevated privileges, so run the commands as the superuser or use sudo
at the start of each command.
First, generate a skeleton configuration file by running the following command:
sudo chef-automate init-config
Add a stanza to the configuration file to deploy Chef Infra Server:
[deployment.v1.svc] products=["infra-server"] # Disable Automate data collection as Automate will not be deployed [erchef.v1.sys.data_collector] enabled = false
Run the
chef-automate deploy
command with your configuration file (config.toml):sudo chef-automate deploy config.toml
Set up knife for use with Chef Infra Server.
To send data from the Chef Infra Server to an external Chef Automate installation, first create a
patch.toml
file that contains the configuration stanza:[global.v1.external.automate] enable = true node = "https://<automate server url>" [global.v1.external.automate.auth] token = "<data-collector token>" [global.v1.external.automate.ssl] server_name = "<server name from the automate server ssl cert>" root_cert = """<pem format root CA cert> """ [auth_n.v1.sys.service] # It is fine to use an A2 data collector token. a1_data_collector_token = "<data-collector token>" [erchef.v1.sys.data_collector] enabled = true
Then run
chef-automate config patch patch.toml
to patch your Chef Infra Server configuration.
Add a New Chef Infra Server to an Existing Chef Automate Installation
Patch an existing Chef Automate installation to add Chef Infra Server:
Create a
patch.toml
file to addinfra-server
to the list of products to deploy:[deployment.v1.svc] products=["automate", "infra-server"]
Apply the patch to the Chef Automate installation:
sudo chef-automate config patch ./patch.toml
The command output shows the added Chef Infra Server services:
Updating deployment configuration Applying deployment configuration Installed automate-cs-bookshelf Installed automate-cs-oc-bifrost Installed automate-cs-oc-erchef Installed automate-cs-nginx Started automate-cs-bookshelf Started automate-cs-oc-bifrost Started automate-cs-oc-erchef Started automate-cs-nginx Started automate-load-balancer Success: Configuration patched
Set Up the Chef Infra Server
The knife
command-line utility provides an interface to interact with a Chef Infra Server from a workstation.
On the Chef Infra Server host:
Run the following command to create a user:
sudo chef-server-ctl user-create USER_NAME FIRST_NAME LAST_NAME EMAIL 'PASSWORD' --filename USER_NAME.pem
An RSA private key generates automatically and is the chef-validator key. Save this RSA private key to a safe location. The
--filename
option will save the RSA private key to the specified absolute path.Run the following command to create an organization, generate its validator key, and assign the user created in the previous step as an administrator:
sudo chef-server-ctl org-create SHORT_NAME 'FULL_ORGANIZATION_NAME' --association_user USER_NAME --filename ORGANIZATION-validator.pem
The short name must begin with a lower-case letter or digit, may contain lower-case letters, digits, hyphens, and underscores, and must be between 1 and 255 characters. For example:
4thcoffee
.The full organization name must begin with a non-white space character and must be between 1 and 1023 characters. For example:
'Fourth Coffee, Inc.'
.The
--association_user
option will associate theUSER_NAME
with theadmins
security group on the Chef Infra Server.An RSA private key generates automatically and is the chef-validator key. Save this RSA private key to a safe location. The
--filename
option will save the RSA private key to the specified absolute path.
On the workstation:
Install Chef Workstation.
Create a Chef repository by using the
chef generate repo
subcommand. For example, create a Chef repository namedchef-repo
by running:chef generate repo chef-repo
Replace
chef-repo
with your desired repository name.Within your named Chef repository, create a
.chef
directory with themkdir
command. For example:mkdir /chef-repo/.chef
Copy
ORGANIZATION-validator.pem
andUSER_NAME.pem
to the.chef
directory.In the
.chef
directory, create aconfig.rb
file that contains:current_dir = File.dirname(__FILE__) node_name 'USER_NAME' client_key "#{current_dir}/USER_NAME.pem" validation_client_name 'ORGANIZATION-validator' validation_key "#{current_dir}/ORGANIZATION.pem" chef_server_url 'https://automate.example.com/organizations/ORGANIZATION' cookbook_path ["#{current_dir}/../cookbooks"]
For airgapped installations, create a bootstrap template and add it to your
config.rb
.Run
knife ssl fetch
to get the SSL certificates from Chef Infra Server and make them available toknife
.
For more information on how to set up the workstation, see the Chef Workstation documentation.