Bulk node enrollment
With bulk node enrollment, you define the nodes, credentials, and enrollment settings in a CSV file that’s uploaded to Chef 360 Platform. Once uploaded, Chef 360 Platform handles the process of connecting to and enrolling each node defined in the file with a node cohort.
Bulk enrollment fully enrolls nodes.
Requirements
Connection requirements:
- Nodes must be accessible with SSH or WinRM.
- Nodes must have a public DNS or public IP address.
- A node IP address can’t be localhost (
127.0.0.1
) - A node CIDR address can’t be in the same range as the Chef 360 Platform services. The default CIDR range for Chef 360 Platform services is
10.244.0.0/16
or10.96.0.0/12
. - The node’s ports for RabbitMQ and the nginx API gateway must be open to Chef 360 Platform. Additionally, the Chef 360 Platform should allow inbound connections to these ports from the node.
Nodes connected to with SSH have the following requirements:
- Port 22 must be open.
- The user must have sudo privileges.
- The user must connect with an ed25519 or RSA(2048) login key without a passphrase.
Nodes connected to with WinRM have the following requirements:
Ports 5985–5986 must be open.
Configure WinRM by running the following:
winrm quickconfig # select Yes winrm set winrm/config/service/Auth '@{Basic="true"}' winrm set winrm/config/service '@{AllowUnencrypted="true"}' netsh advfirewall firewall add rule name="WinRM-HTTP" dir=in localport=5985 protocol=TCP action=allow
Enroll nodes
To bulk enroll nodes, follow these steps:
Create a CSV file with the following columns and fill in the ones that are relevant for each node, leaving the others blank:
nodeId
- A node ID. If empty, a UUID is generated and assigned to each node at the time of enrollment.
Optional
cohortId
- The ID of the node cohort that the node is assigned to.
Required
url
- The public domain or IP address used to connect to the node.
Required
sshCredentials.username
- The username to connect to the node with SSH.
Required if using SSH as the connection protocol.
sshCredentials.password
- The password to connect to the node with SSH.
Use
sshCredentials.key
orsshCredentials.password
if using SSH as the connection protocol. sshCredentials.key
- The SSH key to connect to the node.
Prepend the key with a single quote (
'
) so that Excel can process the key and save the file.Use
sshCredentials.key
orsshCredentials.password
if using SSH as the connection protocol. sshCredentials.port
- The port number used to connect to the node.
Required if using SSH as the connection protocol.
winRMCredentials.username
- The username to connect to the node with WinRM.
Required if using WinRM as the connection protocol.
winRMCredentials.password
- The password to connect to the node with WinRM.
Required if using WinRM as the connection protocol.
protocol
- The connection protocol. Allowed values are:
ssh
orwinrm
.Optional
credentialId
- A credential ID. If you don’t want to use SSH or WinRM credentials, then you can give a credential ID.
Optional
Enroll the nodes using the
enrollment bulk-enroll
subcommand:chef-node-management-cli enrollment bulk-enroll --file <CSV_FILENAME> --profile <NODE_MANAGER_PROFILE_NAME>
The response includes an enrollment ID similar to:
{ "item": { "id": "ebff692a-ca22-4841-afc9-b334b9e2256a" } }
Get node enrollment status
Nodes have the following enrollment levels:
- Admitted
- A node’s credentials and IP address are provided for enrollment and a node ID is assigned.
- Enrolled
- The node is successfully enrolled with Chef 360 Platform.
Get the enrollment status of a single node
You can get the node enrollment level of a node using the node ID and the management node find-one-node
subcommand:
chef-node-management-cli management node find-one-node --nodeId <NODE_ID> --profile <NODE_MANAGER_PROFILE_NAME>
Once a node is successfully enrolled, the enrollment level is set to enrolled
, otherwise it remains at admitted
.
"enrollmentLevel": "enrolled"
You can also check the enrollment status for the individual steps:
chef-node-management-cli status get-status --nodeId <NODE_ID> --profile <NODE_MANAGER_PROFILE_NAME>
Each step should have a success
status.
"status": "Success"
Get the enrollment status using the enrollment ID
You can get the node enrollment status and node IDs using an enrollment ID and the status get-enrollmentId-status
subcommand:
chef-node-management-cli status get-enrollmentId-status --enrollmentId <ENROLLMENT_ID> --profile <NODE_MANAGER_PROFILE_NAME>
The response is similar to:
{
"item":{
"id":"ebff692a-ca22-4841-afc9-b334b9e2256a",
"items":[
{
"nodeId":"4a85f9bc-db17-4cc9-a253-f6e1fb57f000",
"status":"Enrollment"
},
{
"nodeId":"bc7976cb-70b3-41bb-b82f-c7209a8e3364",
"status":"Enrollment"
}
]
}
}