Skip to main content

Bulk node enrollment

With bulk node enrollment, you define the nodes, credentials, and enrollment settings in a CSV file that’s uploaded to Chef 360 Platform. Once uploaded, Chef 360 Platform handles the process of connecting to and enrolling each node defined in the file with a node cohort.

Bulk enrollment fully enrolls nodes.

Requirements

Connection requirements:

  • Nodes must be accessible with SSH or WinRM.
  • Nodes must have a public DNS or public IP address.
  • A node IP address can’t be localhost (127.0.0.1)
  • A node CIDR address can’t be in the same range as the Chef 360 Platform services. The default CIDR range for Chef 360 Platform services is 10.244.0.0/16 or 10.96.0.0/12.
  • The node’s ports for RabbitMQ and the nginx API gateway must be open to Chef 360 Platform. Additionally, the Chef 360 Platform should allow inbound connections to these ports from the node.

Nodes connected to with SSH have the following requirements:

  • Port 22 must be open.
  • The user must have sudo privileges.
  • The user must connect with an ed25519 or RSA(2048) login key without a passphrase.

Nodes connected to with WinRM have the following requirements:

  • Ports 5985–5986 must be open.

  • Configure WinRM by running the following:

    winrm quickconfig   # select Yes
    winrm set winrm/config/service/Auth '@{Basic="true"}'
    winrm set winrm/config/service '@{AllowUnencrypted="true"}'
    netsh advfirewall firewall add rule name="WinRM-HTTP" dir=in localport=5985 protocol=TCP action=allow
    

Enroll nodes

To bulk enroll nodes, follow these steps:

  1. Create a CSV file with the following columns and fill in the ones that are relevant for each node, leaving the others blank:

    nodeId
    A node ID. If empty, a UUID is generated and assigned to each node at the time of enrollment.

    Optional

    cohortId
    The ID of the node cohort that the node is assigned to.

    Required

    url
    The public domain or IP address used to connect to the node.

    Required

    sshCredentials.username
    The username to connect to the node with SSH.

    Required if using SSH as the connection protocol.

    sshCredentials.password
    The password to connect to the node with SSH.

    Use sshCredentials.key or sshCredentials.password if using SSH as the connection protocol.

    sshCredentials.key
    The SSH key to connect to the node.

    Prepend the key with a single quote (') so that Excel can process the key and save the file.

    Use sshCredentials.key or sshCredentials.password if using SSH as the connection protocol.

    sshCredentials.port
    The port number used to connect to the node.

    Required if using SSH as the connection protocol.

    winRMCredentials.username
    The username to connect to the node with WinRM.

    Required if using WinRM as the connection protocol.

    winRMCredentials.password
    The password to connect to the node with WinRM.

    Required if using WinRM as the connection protocol.

    protocol
    The connection protocol. Allowed values are: ssh or winrm.

    Optional

    credentialId
    A credential ID. If you don’t want to use SSH or WinRM credentials, then you can give a credential ID.

    Optional

  2. Enroll the nodes using the enrollment bulk-enroll subcommand:

    chef-node-management-cli enrollment bulk-enroll --file <CSV_FILENAME> --profile <NODE_MANAGER_PROFILE_NAME>
    

    The response includes an enrollment ID similar to:

    {
        "item": {
            "id": "ebff692a-ca22-4841-afc9-b334b9e2256a"
        }
    }
    

Get node enrollment status

Nodes have the following enrollment levels:

Admitted
A node’s credentials and IP address are provided for enrollment and a node ID is assigned.
Enrolled
The node is successfully enrolled with Chef 360 Platform.

Get the enrollment status of a single node

You can get the node enrollment level of a node using the node ID and the management node find-one-node subcommand:

chef-node-management-cli management node find-one-node --nodeId <NODE_ID> --profile <NODE_MANAGER_PROFILE_NAME>

Once a node is successfully enrolled, the enrollment level is set to enrolled, otherwise it remains at admitted.

"enrollmentLevel": "enrolled"

You can also check the enrollment status for the individual steps:

chef-node-management-cli status get-status --nodeId <NODE_ID> --profile <NODE_MANAGER_PROFILE_NAME>

Each step should have a success status.

"status": "Success"

Get the enrollment status using the enrollment ID

You can get the node enrollment status and node IDs using an enrollment ID and the status get-enrollmentId-status subcommand:

chef-node-management-cli status get-enrollmentId-status --enrollmentId <ENROLLMENT_ID> --profile <NODE_MANAGER_PROFILE_NAME>

The response is similar to:

{
  "item":{
    "id":"ebff692a-ca22-4841-afc9-b334b9e2256a",
    "items":[
      {
        "nodeId":"4a85f9bc-db17-4cc9-a253-f6e1fb57f000",
        "status":"Enrollment"
      },
      {
        "nodeId":"bc7976cb-70b3-41bb-b82f-c7209a8e3364",
        "status":"Enrollment"
      }
    ]
  }
}

Thank you for your feedback!

×