Connect to Chef Declarative State Management (DSM)
If you’re enabling the Chef Declarative State Management (DSM) services, install Chef Workstation and configure knife to connect to Chef DSM.
Prerequisites
Before you begin:
The DSM administrator must complete the following tasks:
- In Organization Management > Users, assign DSM Org Admin privileges to new users.
- Onboard users into DSM using Invite user for new users, or Retry for users already in the organization.
- In Tenant Management, confirm the DSM org status is Completed. If it isn’t, select Retry to complete the setup.
You must get the following information on the Account Settings page in the Chef 360 Platform web UI:
- your DSM username
- your DSM user key: select Regenerate Key and save the downloaded file as a
.pemfile to~/.chef/(Linux and macOS) or%USERPROFILE%\.chef\(Windows).
Install and configure Chef Workstation
To install Chef Workstation and configure knife to connect to Chef DSM, follow these steps:
Set up Chef Workstation to connect to Chef DSM.
In the
config.rborcredentialsfile, use the following settings:node_name "<DSM_USER_NAME>" client_key "#{ENV['HOME']}/.chef/<KEY_FILE_NAME>" chef_server_url "https://<CHEF_360_FQDN>:31000/organizations/<ORG_NAME>"Replace the following:
<DSM_USER_NAME>with your DSM user name.<KEY_FILE_NAME>with your PEM key filename.<CHEF_360_FQDN>with your Chef 360 Platform FQDN.<ORG_NAME>with your DSM organization name.
Fetch SSL certificates using the
knife ssl fetchcommand.knife ssl fetchThis copies SSL certificates from an HTTPS server to the
$HOME/.chef/trusted_certsdirectory used by knife and Chef Infra Client.If Chef 360 Platform authenticates with self-signed certificates, retrieve your root CA certificate with the following command:
curl -k <TENANT_URL>/platform/system/v1/tenant/root-ca \ | jq -r '.item.rootCa' \ | sed 's/\\n/$'\''\n'\''/g' \ > root-ca.crtReplace
<TENANT_URL>with your Chef 360 Platform server hostname or IP address.Save the CA certificate file locally in
$HOME/.chef/trusted_certs.