Enroll nodes with a Chef Infra cookbook
With cookbook-based node enrollment, you upload cookbooks with enrollment settings to Chef Infra Server and Chef Infra Client enrolls the node with Chef 360 Platform.
Cookbook-based enrollment can fully or partially enroll nodes.
Requirements
Nodes enrolled with Chef 360 Platform using a Chef Infra cookbook have the following requirements:
- Nodes must have Chef Infra Client installed.
- Nodes have a public DNS or public IP address.
- Nodes can’t have localhost (
127.0.0.1
) as an IP address. - Nodes can’t have a CIDR address in the same range as the Chef 360 Platform services. The default CIDR range for Chef 360 Platform services is
10.244.0.0/16
or10.96.0.0/12
. - You must have sudo privileges on the node.
Enroll nodes
The chef-cookbook-enroll
cookbook uses the node_management_enroll
custom resource and a wrapper cookbook to define enrollment settings.
To configure the cookbooks and define enrollment settings, follow these steps:
Upload the
chef-cookbook-enroll
cookbook, which includes thenode_management_enroll
resource, to your Chef Infra Server:knife cookbook upload chef-cookbook-enroll --cookbook-path <COOKBOOK_DIR_PATH>
Replace
COOKBOOK_DIR_PATH
with the path to your cookbook directory.Create a wrapper cookbook and add
chef-cookbook-enroll
cookbook as a dependency:chef generate cookbook <COOKBOOK_NAME>
In the
metadata.rb
file of your wrapper cookbook, add the following dependency to include thechef-cookbook-enroll
cookbook:depends 'chef-cookbook-enroll', '~> 1.0.0'
Define the
node_management_enroll
resource in your wrapper cookbook’s recipe:node_management_enroll 'Enroll Node' do chef_platform_url '<CHEF_360_FQDN>' enroll_type '<ENROLLMENT_TYPE>' api_port '<API_PORT>' access_key '<ACCESS_KEY>' secret_key '<SECRET_KEY>' cohort_id '<COHORT_ID>' hab_builder_url '<HABITAT_BUILDER_URL>' working_dir_path '<VALID_DIR_PATH>' upgrade_skills <UPGRADE_SKILLS> end
Replace:
<CHEF_360_FQDN>
with the fully qualified domain name (FQDN) for your Chef 360 Platform deployment.<ENROLLMENT_TYPE>
with eitherfull
orpartial
depending on the form of enrollment.<API_PORT>
with the API port configured in Chef 360 Platform. The default value is31000
.<ACCESS_KEY>
with an access key for secure communication with Chef 360 Platform. Store securely using an encrypted Chef data bag or a secrets manager.<SECRET_KEY>
with a secret key for secure communication with Chef 360 Platform. Store securely using an encrypted Chef data bag or a secrets manager.<COHORT_ID>
with a valid cohort UUID. The cohort defines all skills and settings installed on the node.<HABITAT_BUILDER_URL>
with the URL for the Chef Habitat Builder used by your organization. Default value:https://bldr.habitat.sh
<VALID_DIR_PATH>
with a temporary working directory where all required builds are downloaded. Specify a valid path based on the OS. Default value:/tmp
.<UPGRADE_SKILLS>
withtrue
orfalse
. Iftrue
, Chef 360 Platform checks for the latest skill versions and installs them if found. Default value:false
.
Push the wrapper cookbook or policy to the Chef Infra Server.
If you’re using a role, upload the wrapper cookbook to the Chef Infra Server:
knife cookbook upload <WRAPPER_COOKBOOK_NAME> --cookbook-path <WRAPPER_COOKBOOK_DIR_PATH>
If you’re using a policy, create
Policyfile.lock.json
file and push the policy to the Chef Infra Server:chef install chef push <POLICY_GROUP> <POLICYFILE>
Include the wrapper cookbook in your node’s run-list by adding it to a role or policy. See the run-list and role documentation for more information.
The next time Chef Infra Client runs, it executes the
node_management_enroll
resource and the node is enrolled with Chef 360 Platform.