Warning
Warning
Use Chef Automate to install Chef Infra Server either for a single-host installation that contains both Chef Infra Server and Chef Automate, or for a standalone Chef Infra Server instance. See the Chef Infra Server documentation for instructions and guidance on using and managing your Chef Infra Server.
Before beginning your installation, check the System Requirements for Chef Automate, and ensure that the chef-automate command line tool installed.
To download the chef-automate command line tool, run the following command in your command line interface:
curl https://packages.chef.io/files/current/latest/chef-automate-cli/chef-automate_linux_amd64.zip | gunzip - > chef-automate && chmod +x chef-automate
Use either a command line interface or a configuration file to install Chef Automate and Chef Infra Server on the same host. Installations require elevated privileges, so run the commands as the superuser or use sudo at the start of each command.
For a single-host installation that contains Chef Infra Server and Chef Automate, we recommend the following memory and vCPU minimums:
A single-host installation that contains Chef Infra Server and Chef Automate requires a /hab directory that contains 80 GB of disk space for software artifacts plus 2 MB of disk space per managed node.
Install Chef Automate and Chef Infra Server on the same host with this command:
sudo chef-automate deploy --product automate --product infra-server
Then, set up knife for use with Chef Infra Server.
Installing Chef Automate and Chef Infra Server on the same host using a configuration file also requires the use of the Chef Automate CLI. Installations require elevated privileges, so run the commands as the superuser or use sudo at the start of each command.
First, generate a skeleton configuration file by running this command:
sudo chef-automate init-config
Add a stanza to the configuration file to deploy Chef Automate and Chef Infra Server:
[deployment.v1.svc]
products=["automate", "infra-server"]
Make any other configuration changes desired.
Run the chef-automate deploy command with your configuration file:
sudo chef-automate deploy config.toml
Set up knife for use with Chef Infra Server.
Use either a command line interface or a configuration file to install Chef Infra Server using the Chef Automate deploy command.
Refer to the Chef Infra Server hardware requirements for guidance on memory and number of CPUs.
When Chef Automate deploys the Chef Infra Server, it automatically configures the Chef Infra Server to collect data to send to Chef Automate. To deploy a standalone Chef Infra Server with Chef Automate, you must turn off data collection in the configuration. Installations require elevated privileges, so run the commands as the superuser or use sudo at the start of each command.
First, generate a skeleton configuration file by running:
sudo chef-automate init-config
Add a stanza to the configuration file to disable Chef Automate data collection:
[erchef.v1.sys.data_collector]
enabled = false
Use the configuration file to deploy Chef Infra Server by running the following command:
sudo chef-automate deploy --product infra-server <configuration_file>
Set up knife for use with Chef Infra Server.
To send data from the Chef Infra Server to an external Chef Automate installation, first create a patch.toml file that contains the configuration stanza:
[global.v1.external.automate]
enable = true
node = "https://<automate server url>"
[global.v1.external.automate.auth]
token = "<data-collector token>"
[global.v1.external.automate.ssl]
server_name = "<server name from the automate server ssl cert>"
root_cert = """<pem format root CA cert>
"""
[auth_n.v1.sys.service]
# It is fine to use an A2 data collector token.
a1_data_collector_token = "<data-collector token>"
[erchef.v1.sys.data_collector]
enabled = true
Then run chef-automate config patch patch.toml to patch your Chef Infra Server configuration.
Installing Chef Infra Server through Chef Automate using a configuration file also requires the use of the Chef Automate CLI. When Chef Automate deploys the Chef Infra Server, it automatically configures the Chef Infra Server to collect data to send to Chef Automate. To deploy a standalone Chef Infra Server with Chef Automate, you must turn off data collection in the configuration. Installations require elevated privileges, so run the commands as the superuser or use sudo at the start of each command.
First, generate a skeleton configuration file by running the following command:
sudo chef-automate init-config
Add a stanza to the configuration file to deploy Chef Infra Server:
[deployment.v1.svc]
products=["infra-server"]
# Disable Automate data collection as Automate will not be deployed
[erchef.v1.sys.data_collector]
enabled = false
Run the chef-automate deploy command with your configuration file (config.toml):
sudo chef-automate deploy config.toml
Set up knife for use with Chef Infra Server.
To send data from the Chef Infra Server to an external Chef Automate installation, first create a patch.toml file that contains the configuration stanza:
[global.v1.external.automate]
enable = true
node = "https://<automate server url>"
[global.v1.external.automate.auth]
token = "<data-collector token>"
[global.v1.external.automate.ssl]
server_name = "<server name from the automate server ssl cert>"
root_cert = """<pem format root CA cert>
"""
[auth_n.v1.sys.service]
# It is fine to use an A2 data collector token.
a1_data_collector_token = "<data-collector token>"
[erchef.v1.sys.data_collector]
enabled = true
Then run chef-automate config patch patch.toml to patch your Chef Infra Server configuration.
Patch an existing Chef Automate installation to add Chef Infra Server:
Create a patch.toml file to add infra-server to the list of products to deploy:
[deployment.v1.svc]
products=["automate", "infra-server"]
Apply the patch to the Chef Automate installation:
sudo chef-automate config patch ./patch.toml
The command output shows the added Chef Infra Server services:
Updating deployment configuration
Applying deployment configuration
Installed automate-cs-bookshelf
Installed automate-cs-oc-bifrost
Installed automate-cs-oc-erchef
Installed automate-cs-nginx
Started automate-cs-bookshelf
Started automate-cs-oc-bifrost
Started automate-cs-oc-erchef
Started automate-cs-nginx
Started automate-load-balancer
Success: Configuration patched
The knife command-line utility provides an interface to interact with a Chef Infra Server from a workstation.
On the Chef Infra Server host:
Run the following command to create a user:
sudo chef-server-ctl user-create USER_NAME FIRST_NAME LAST_NAME EMAIL 'PASSWORD' --filename USER_NAME.pem
An RSA private key generates automatically and is the chef-validator key. Save this RSA private key to a safe location. The --filename option will save the RSA private key to the specified absolute path.
Run the following command to create an organization, generate its validator key, and assign the user created in the previous step as an administrator:
sudo chef-server-ctl org-create SHORT_NAME 'FULL_ORGANIZATION_NAME' --association_user USER_NAME --filename ORGANIZATION-validator.pem
The short name must begin with a lower-case letter or digit, may contain lower-case letters, digits, hyphens, and underscores, and must be between 1 and 255 characters. For example: 4thcoffee.
The full organization name must begin with a non-white space character and must be between 1 and 1023 characters. For example: 'Fourth Coffee, Inc.'.
The --association_user option will associate the USER_NAME with the admins security group on the Chef Infra Server.
An RSA private key generates automatically and is the chef-validator key. Save this RSA private key to a safe location. The --filename option will save the RSA private key to the specified absolute path.
On the workstation:
Install Chef Workstation.
Create a Chef repository by using the chef generate repo subcommand. For example, create a Chef repository named chef-repo by running:
chef generate repo chef-repo
Replace chef-repo with your desired repository name.
Within your named Chef repository, create a .chef directory with the mkdir command. For example:
mkdir /chef-repo/.chef
Copy ORGANIZATION-validator.pem and USER_NAME.pem to the .chef directory.
In the .chef directory, create a config.rb file that contains:
current_dir = File.dirname(__FILE__)
node_name 'USER_NAME'
client_key "#{current_dir}/USER_NAME.pem"
validation_client_name 'ORGANIZATION-validator'
validation_key "#{current_dir}/ORGANIZATION.pem"
chef_server_url 'https://automate.example.com/organizations/ORGANIZATION'
cookbook_path ["#{current_dir}/../cookbooks"]
For airgapped installations, create a bootstrap template and add it to your config.rb.
Run knife ssl fetch to get the SSL certificates from Chef Infra Server and make them available to knife.
For more information on how to set up the workstation, see the Chef Workstation documentation.
© Chef Software, Inc.
Licensed under the Creative Commons Attribution 3.0 Unported License.
The Chef™ Mark and Chef Logo are either registered trademarks/service marks or trademarks/servicemarks of Chef, in the United States and other countries and are used with Chef Inc's permission.
We are not affiliated with, endorsed or sponsored by Chef Inc.
https://docs.chef.io/automate/infra_server/