How to get started with Chef Automate and AWS OpsWorks

As you may be aware this month during the AWS conference it was announced AWS OpsWork for Chef Automate. You may be wonder what this means for you and how it helps. I think this is a easy way to get started with CHEF and get your organization excited about the product.

Now, if you ask yourself does this works only with AWS ? The answer is no, you can have your clients talking to the CHEF Automate server from your on-prem datacenter or any other cloud provider. The only requirement is that the clients need to be able to connect to the server via HTTP(443).

  1. Login to your AWS console and click on OpsWorks2016-12-04_14-43-37
  2. Now click on create Chef Automate
    Choose a server name
    Region
    The instance size will point out how many nodes can manage. Remember you can have as many Chef Automate servers as you want. I would guess as time passes there are going to be more available regions
    2016-12-04_14-49-30
  3. I would recommend to connect select an SSH key in case you need to connect but it is not necessary at all
    2016-12-04_14-51-15
  4. Now will select you security, VPC, settings, subnet settings. The cool thing is that AWS will take care of updates to Chef Automate and you have to choose a maintenance window.

    A backup service is also included that window that you will select when to backup
    2016-12-04_14-55-04

  5. The process to create and configure the server takes around 20 minutes2016-12-04_14-56-59.png
  6. Click download the credentials but we will reset the password later on. This credential is to access the Chef web console.
  7. Click on Chef Automate dashboard
    2016-12-04_15-05-42
  8. Now to change the password click on admin on the top center pane and then click on the pencil next to admin
    2016-12-04_15-07-26.png
  9. You will need add first name, last name and email address if you want to change the password
    2016-12-04_15-08-34
  10. Now go back to AWS and click on download Starter Kit. This files are going to allow you communicate and configure your Chef Automate server
    2016-12-04_15-11-58.png
  11. Now we need to setup your local computer. You will need to download the CHEFDK from https://downloads.chef.io/chef-dk/ and choose the Operating System. This needs to be computer different than the CHEF Automate server. In Chef terms this is called a workstation. I will install the CHEFDK on my Windows 10 computer

    2016-12-04_15-20-17.png

    To install it just follow the prompts on the screen. To make sure it was installed properly open PowerShell window and type “chef verify”

    2016-12-04_15-30-27.png

    If everything is ok each component should say succeeded

  12. Create a new folder in the root of the C:\ drive called chef-repo
    2016-12-04_15-36-26
  13. Now unzip the content of the starter kit and move all the files from the folder into the chef-repo
    2016-12-04_15-39-12
  14. In order to interact with Chef server there is a tool called Knife. This tool allows you to manage the server via cli. For information about Knife click here

    You can run the following command to make sure you are communicating to CHEF server without problems “knife opc org list”. It should return default
    2016-12-04_16-03-31

    For a list of knife commands just type knife
    2016-12-04_16-05-04.png

  15. Let’s upload some cookbooks from the Chef supermarket. The Chef supermarket is a repository of cookbooks maintain by CHEF and the community. For information go to https://supermarket.chef.io/

    The easy way to upload cookbooks to the Chef Automate server is by using a tool called berks. This allow you to upload cookbook but it will also grab and dependencies on other cookbooks.

    On the c:\chef-repo folder there is file called berksfile. If you open it you can see what includes
    2016-12-04_16-12-30.png

  16. By default it will only add the chef-client cookbook to the Chef Automate server. In order to add more cookbooks just add a cookbook name
    2016-12-04_16-38-19.png
  17. Now run berks install
    2016-12-04_16-39-45
  18. Now that you have downloaded the cookbooks locally, it is time to upload them to chef server by running the following command
    berks upload --ssl-verify false

    2016-12-04_17-15-27

  19. The way to verify that the cookbooks are on the Chef Automate server
    – You can run

    knife cookbook list2016-12-04_17-19-13
  20. Now that we have some cookbook uploads lets bootstrap the chef client to a Linux sever. I already have a linux ec2 instance ready to get bootstrap and make sure you have ssh keys to authenticate against the node
    knife bootstrap -i my.pem  54.208.184.154 -N test -x ec2-user --sudo

    -i = ssh key
    -N = Name of the node as is going to be reference in Chef Automate server
    -x = username

    2016-12-04_17-37-08

  21. Now if you check the Check the Chef Automate server you will see your managed node
    2016-12-04_17-41-22
  22. Login to you instance and run the following command to run the ntp cookbook to install and configure ntp
    sudo chef-client -r ntp

    2016-12-04_17-46-42

    You can also check on the web site what happened
    2016-12-04_17-50-11

  23. On the linux server if you run ntpq -p you can query the status
    2016-12-04_17-52-42.png

As you can see it is pretty easy to get going to start testing the Chef  Automate capabilities in conjunction with AWS. You also have the options to configure different environments, integrate with external repo like Github and Bitbucket and take advantage of the built-in pipeline

For more information about this offering you can go here

https://aws.amazon.com/opsworks/chefautomate/

 

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s