Skip to main content

Enroll nodes with a Chef Infra cookbook

With cookbook-based node enrollment, you upload cookbooks with enrollment settings to Chef Infra Server and Chef Infra Client enrolls the node with Chef 360 Platform.

Cookbook-based enrollment can fully or partially enroll nodes.

Requirements

Nodes enrolled with Chef 360 Platform using a Chef Infra cookbook have the following requirements:

  • Nodes must have Chef Infra Client installed.
  • Nodes have a public DNS or public IP address.
  • Nodes can’t have localhost (127.0.0.1) as an IP address.
  • Nodes can’t have a CIDR address in the same range as the Chef 360 Platform services. The default CIDR range for Chef 360 Platform services is 10.244.0.0/16 or 10.96.0.0/12.
  • You must have sudo privileges on the node.

Enroll nodes

The chef-cookbook-enroll cookbook uses the node_management_enroll custom resource and a wrapper cookbook to define enrollment settings.

To configure the cookbooks and define enrollment settings, follow these steps:

  1. Upload the chef-cookbook-enroll cookbook, which includes the node_management_enroll resource, to your Chef Infra Server:

    knife cookbook upload chef-cookbook-enroll --cookbook-path <COOKBOOK_DIR_PATH>
    

    Replace COOKBOOK_DIR_PATH with the path to your cookbook directory.

  2. Create a wrapper cookbook and add chef-cookbook-enroll cookbook as a dependency:

    chef generate cookbook <COOKBOOK_NAME>
    

    In the metadata.rb file of your wrapper cookbook, add the following dependency to include the chef-cookbook-enroll cookbook:

    depends 'chef-cookbook-enroll', '~> 1.0.0'
    
  3. Define the node_management_enroll resource in your wrapper cookbook’s recipe:

    node_management_enroll 'Enroll Node' do
      chef_platform_url '<CHEF_360_FQDN>'
      enroll_type '<ENROLLMENT_TYPE>'
      api_port '<API_PORT>'
      access_key '<ACCESS_KEY>'
      secret_key '<SECRET_KEY>'
      cohort_id '<COHORT_ID>'
      hab_builder_url '<HABITAT_BUILDER_URL>'
      working_dir_path '<VALID_DIR_PATH>'
      upgrade_skills <UPGRADE_SKILLS>
    end
    

    Replace:

    • <CHEF_360_FQDN> with the fully qualified domain name (FQDN) for your Chef 360 Platform deployment.
    • <ENROLLMENT_TYPE> with either full or partial depending on the form of enrollment.
    • <API_PORT> with the API port configured in Chef 360 Platform. The default value is 31000.
    • <ACCESS_KEY> with an access key for secure communication with Chef 360 Platform. Store securely using an encrypted Chef data bag or a secrets manager.
    • <SECRET_KEY> with a secret key for secure communication with Chef 360 Platform. Store securely using an encrypted Chef data bag or a secrets manager.
    • <COHORT_ID> with a valid cohort UUID. The cohort defines all skills and settings installed on the node.
    • <HABITAT_BUILDER_URL> with the URL for the Chef Habitat Builder used by your organization. Default value: https://bldr.habitat.sh
    • <VALID_DIR_PATH> with a temporary working directory where all required builds are downloaded. Specify a valid path based on the OS. Default value: /tmp.
    • <UPGRADE_SKILLS> with true or false. If true, Chef 360 Platform checks for the latest skill versions and installs them if found. Default value: false.
  4. Push the wrapper cookbook or policy to the Chef Infra Server.

    1. If you’re using a role, upload the wrapper cookbook to the Chef Infra Server:

      knife cookbook upload <WRAPPER_COOKBOOK_NAME> --cookbook-path <WRAPPER_COOKBOOK_DIR_PATH>
      
    2. If you’re using a policy, create Policyfile.lock.json file and push the policy to the Chef Infra Server:

      chef install
      chef push <POLICY_GROUP> <POLICYFILE>
      
  5. Include the wrapper cookbook in your node’s run-list by adding it to a role or policy. See the run-list and role documentation for more information.

    The next time Chef Infra Client runs, it executes the node_management_enroll resource and the node is enrolled with Chef 360 Platform.

Thank you for your feedback!

×











Search Results