Enroll nodes
Node enrollment brings nodes under management by Chef 360 Platform.
This document demonstrates two different methods of node enrollment:
- cookbook-based enrollment
- single-node enrollment
For more information on node enrollment, see the node enrollment documentation.
Prerequisites
Requirements
Review the node requirements before enrolling nodes.
Single-node enrollment
Single-node enrollment enrolls nodes from the server side. With this method, you define connection and configuration details and push them up to Chef 360 Platform, which connects to each node and installs Chef Habitat, Chef Node Management, and any skills or agents assigned to a node cohort.
Enroll Linux nodes
You can enroll Linux nodes using a YAML or JSON file.
JSON file enrollment
Create a file name
enroll-linux.json
with the following payload:{ "cohortId": "<COHORT_ID>", "url": "<NODE_DNS_OR_PUBLIC_IP>", "sshCredentials": { "username": "<SSH_USER_NAME>", "key": "<SSH_KEY>", "port": <SSH_PORT> } }
Replace the following:
<COHORT_ID>
with the cohort ID returned bychef-node-management-cli
when you created the node cohort<NODE_DNS_OR_PUBLIC_IP>
with a public domain name or IP address<SSH_USERNAME>
with the SSH username to authenticate with the node<SSH_KEY>
with the SSH key used to authenticate with the node<SSH_PORT>
with the SSH port. Default is22
.
Note
SSH keys in a JSON payload must formatted as a single-line string. To add a multiline key, replace new lines with the newline character
\n
.You can use the following command to replace new lines in a PEM file:
awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' <FILENAME.pem>
Enroll the node:
chef-node-management-cli enrollment enroll-node --body-file enroll-linux.json
The response is similar to the following:
{ "item": { "id": "36c570b1-798a-4530-ada5-2661dfeb3fac", "nodeId": "e4b1b524-4e77-4448-b1a9-01b80288c898" } }
YAML file enrollment
Create a file name
enroll-linux.yaml
with the following payload:cohortId: <COHORT_ID> url: <NODE_DNS_OR_PUBLIC_IP> sshCredentials: username: <SSH_USERNAME> key: | <SSH_KEY> port: <SSH_PORT>
Replace the following:
<COHORT_ID>
with the cohortId bychef-node-management-cli
when you created the node cohort<NODE_DNS_OR_PUBLIC_IP>
with a public domain name or IP address<SSH_USERNAME>
with the SSH username to authenticate with the node<SSH_KEY>
with the SSH key used to authenticate with the node<SSH_PORT>
with the SSH port. Default is22
.
Enroll the node:
chef-node-management-cli enrollment enroll-node --body-file enroll-linux.yaml
The response is similar to the following:
{ "item": { "id": "36c570b1-798a-4530-ada5-2661dfeb3fac", "nodeId": "e4b1b524-4e77-4448-b1a9-01b80288c898" } }
Enroll Windows nodes
JSON file enrollment
Create a JSON file with WinRM credentials:
{ "cohortId": "<COHORT_ID>", "url": "<NODE_DNS_OR_PUBLIC_IP>", "winRMCredentials": { "username": "<WINDOWS_USERNAME>", "password": "<WINDOWS_PASSWORD>", "port": <PORT_NUMBER> } }
Replace the following:
<COHORT_ID>
with the cohortId returned bychef-node-management-cli
when you created the node cohort<NODE_DNS_OR_PUBLIC_IP>
with a public domain name or IP address<WINDOWS_USERNAME>
with the Windows username to authenticate with the node<WINDOWS_PASSWORD>
with the Windows password used to authenticate with the node<PORT_NUMBER>
with the WinRM port number. Default is 5985-5986.
Enroll the node:
chef-node-management-cli enrollment enroll-node --body-file enroll-windows.json
The response is similar to the following:
{ "item": { "id": "36c570b1-798a-4530-ada5-2661dfeb3fac", "nodeId": "e4b1b524-4e77-4448-b1a9-01b80288c898" } }
YAML file enrollment
Create a YAML file with WinRM credentials:
cohortId: <COHORT_ID> url: <NODE_DNS_OR_PUBLIC_IP> winRMCredentials: username: <WINDOWS_USERNAME> password: <WINDOWS_PASSWORD>
Replace the following:
<COHORT_ID>
with the cohortId returned bychef-node-management-cli
when you created the node cohort<NODE_DNS_OR_PUBLIC_IP>
with a public domain name or IP address<WINDOWS_USERNAME>
with the Windows username to authenticate with the node<WINDOWS_PASSWORD>
with the Windows password used to authenticate with the node<PORT_NUMBER>
with the WinRM port number. Default is 5985-5986.
Enroll the node:
chef-node-management-cli enrollment enroll-node --body-file <FILENAME.yaml>
The response is similar to the following:
{ "item": { "id": "36c570b1-798a-4530-ada5-2661dfeb3fac", "nodeId": "e4b1b524-4e77-4448-b1a9-01b80288c898" } }
Cookbook-based enrollment
With cookbook-based enrollment, you enroll nodes from the client side by uploading a cookbook with enrollment settings to Chef Infra Server and then Chef Infra Client enrolls the node with Chef 360 Platform.
Enroll nodes
The chef-cookbook-enroll
cookbook uses the node_management_enroll
custom resource and a wrapper cookbook to define enrollment settings.
To configure the cookbooks and define enrollment settings, follow these steps:
Download the
chef360-node-enroll
cookbook.Upload the
chef360-node-enroll
cookbook, which includes thenode_management_enroll
resource, to your Chef Infra Server:knife cookbook upload chef360-node-enroll --cookbook-path <COOKBOOK_DIR_PATH>
Replace
COOKBOOK_DIR_PATH
with the path to your cookbook directory.Create a wrapper cookbook and add the
chef360-node-enroll
cookbook as a dependency:chef generate cookbook <COOKBOOK_NAME>
In the
metadata.rb
file of your wrapper cookbook, add the following dependency to include thechef-cookbook-enroll
cookbook:depends 'chef360-node-enroll', '~> 1.0.0'
Define the
node_management_enroll
resource in your wrapper cookbook’s recipe:node_management_enroll 'Enroll Node' do chef_platform_url '<CHEF_360_FQDN>' enroll_type '<ENROLLMENT_TYPE>' api_port '<API_PORT>' access_key '<ACCESS_KEY>' secret_key '<SECRET_KEY>' cohort_id '<COHORT_ID>' hab_builder_url '<HABITAT_BUILDER_URL>' working_dir_path '<VALID_DIR_PATH>' upgrade_skills <UPGRADE_SKILLS> end
Replace:
<CHEF_360_FQDN>
with the fully qualified domain name (FQDN) for your Chef 360 Platform deployment.<ENROLLMENT_TYPE>
with eitherfull
orpartial
depending on the form of enrollment. Usefull
unless you mustpartial
. See the node enrollment documentation for details on the difference between these types.<API_PORT>
with the API port configured in Chef 360 Platform. The default value is31000
.<ACCESS_KEY>
with an access key for secure communication with Chef 360 Platform. Store securely using an encrypted Chef data bag or a secrets manager.<SECRET_KEY>
with a secret key for secure communication with Chef 360 Platform. Store securely using an encrypted Chef data bag or a secrets manager.<COHORT_ID>
with a valid cohort UUID. The cohort defines all skills and settings installed on the node.<HABITAT_BUILDER_URL>
with the URL of the Chef Habitat Builder used by your organization. Default value:https://bldr.habitat.sh
<VALID_DIR_PATH>
with a temporary working directory where all required builds are downloaded. Specify a valid path based on the OS. Default value:/tmp
.<UPGRADE_SKILLS>
withtrue
orfalse
. Iftrue
, Chef 360 Platform checks for the latest skill versions and installs them if found. Default value:false
.
Push the wrapper cookbook or policy to the Chef Infra Server.
If you’re using a role, upload the wrapper cookbook to the Chef Infra Server:
knife cookbook upload <WRAPPER_COOKBOOK_NAME> --cookbook-path <WRAPPER_COOKBOOK_DIR_PATH>
If you’re using a Policyfile, create
Policyfile.lock.json
file and push the Policyfile to Chef Infra Server:chef install chef push <POLICY_GROUP> <POLICYFILE>
Include the wrapper cookbook in your node’s run-list by adding it to a role or Policyfile. See the run-list and role documentation for more information.
The next time Chef Infra Client runs, it executes the
node_management_enroll
resource and the node is enrolled with Chef 360 Platform.
Check the node enrollment status
You can get the node enrollment level of a node using the node ID and the management node find-one-node
subcommand:
chef-node-management-cli management node find-one-node --nodeId <NODE_ID>
Once a node is successfully enrolled, the enrollment level is set to enrolled
, otherwise it remains at admitted
.
"enrollmentLevel": "enrolled"
You can also check the enrollment status for the individual steps:
chef-node-management-cli status get-status --nodeId <NODE_ID>
Each step should have a success
status.
"status": "Success"
Verify that the skills are installed
Verify that the skills are installed:
chef-node-management-cli management node find-one-node --nodeId <NODE_ID>
The response includes a list of the installed skills.
More information
- See the node enrollment documentation