AWS Marketplace

[edit on GitHub]

Chef provides a fully licensed Amazon Machine Images (AMIs) for Chef Automate and Chef Compliance that can be launched from the AWS Marketplace. Billing is done through your Amazon Web Services (AWS) account on an hourly basis and is dynamically updated to reflect current node usage.

Chef Automate AMI

The Chef Automate Amazon Machine Image (AMI) is preinstalled with Chef Automate and Chef server on a single instance. Follow the steps in the sections below to use Chef Automate in AWS Marketplace.

Launch the AMI

To get a fully-functional Amazon Machine Image (AMI) for Chef Automate, do the following:

  1. Login to the AWS Marketplace using your Amazon Web Services (AWS) account credentials.

  2. Navigate to the Chef Automate product page and accept the software terms.

  3. Navigate to the IAM Role section in the AWS console.

  4. Create a new role for your marketplace instance with the ‘Amazon EC2’ service type and attach the ‘AWSMarketplaceFullAccess’ policy.

    Note

    If you wish to use Chef Automate’s built-in S3 backup support you’ll also want to create an S3 bucket policy and attach it to your role. See the S3 Backups section for an example policy.

  5. Navigate back to the Chef Automate product page and continue to the launch wizard.

  6. Click the ‘Launch with EC2 Console’ button next to the desired region.

  7. Configure the Amazon EC2 instance type, Amazon Virtual Private Cloud (VPC) settings, SSH key pair, IAM Role and assign a public IP address.

    Note

    You must assign the previously created IAM role or another role with full marketplace access.

  8. Increase the root volume size to a minimum of 30GB. You might consider even larger if you have hundreds of nodes or need to maintain months of Visibility data.

  9. Configure security group to include the required ports 22, 443 and 8989.

  10. Launch the Amazon Machine Image (AMI).

Install the Chef DK

While the Amazon Machine Images (AMI) for Chef Automate is being provisioned, download and install the Chef development kit. The Chef development kit is a collection of tools —Test Kitchen, ChefSpec, knife, delivery-cli, chef, chef-vault, Foodcritic, and more— and libraries that are all packaged together to get your started with the Chef Automate workflow. You’ll need this to interact with Chef Automate and Chef server from the command line.

Configure Chef Automate

After the instance has been provisioned and initial configuration has completed (usually 10 to 13 minutes) finish configuring Chef Automate and Chef server.

  1. Access the intial configuration page by loading /biscotti/setup route. Build the URL by prepending https:// and appending /biscotti/setup to the IP address or public hostname that was automatically assigned to the instance when the Amazon Machine Images (AMI) was launched. For example, https://<fqdn>/biscotti/setup.

    Note

    In order to use TLS/SSL for the Web UI and API, the Amazon Machine Images (AMI) will automatically create and use a self-signed certificate. Modern web browsers typically warn about self-signed certificates during login; however, in this case, you can ignore the warning and accept the certificate.

  2. Use the AWS console or command line tools to determine the Instance ID of your Chef Automate instance. The instance ID is required for authorization to access the setup page.

  3. Fill out the setup form and submit it.

  4. Follow the link and log into the Chef Automate webui.

Configure the workstation

  1. Download and extract the starter_kit.zip file to a directory on the workstation. Open a command prompt and change into the chef-repo directory extracted from the starter kit. For example:

    $ cd ~/Downloads
    $ unzip starter_kit.zip
    $ cd starter_kit/chef-repo
    
  2. Run knife client list to test the connection to the Chef server. The command should return <orgname>-validator, where <orgname> is the name of the organization that was created previously.

Configure backups

Follow the Chef Automate instructions for configuring backups.

Troubleshooting

Required ports

The following are recommended security group rules for Chef Automate from the AWS Marketplace:

Port Description
443 HTTPS for Chef Automate webui
8989 Git access for the delivery-cli and workflow
22 SSH

Change the hostname

To update the hostname, do the following:

  1. Run sudo -i to gain administrator privileges.

  2. Run chef-marketplace-ctl hostname to view the current hostname.

  3. Configure the api_fqdn in /etc/chef-marketplace/marketplace.rb

    $ echo 'api_fqdn "<new.fully.qualified.hostname.com>"' | sudo tee -a /etc/chef-marketplace/marketplace.rb
    
  4. Run chef-marketplace-ctl reconfigure to update Chef Automate and Chef server configuration.

  5. Run chef-server-ctl stop to stop Chef server.

  6. Run automate-ctl stop to stop Chef Automate.

  7. Run chef-marketplace-ctl hostname <new.fully.qualified.hostname.com> to update the hostname.

  8. Run automate-ctl reconfigure to ensure Chef Automate has beeen correctly configured with the new hostname.

  9. Run chef-server-ctl reconfigure to ensure Chef server has beeen correctly configured with the new hostname.

  10. Run automate-ctl restart to restart Chef Automate

  11. Run chef-server-ctl restart to restart Chef server

Change instance size

To edit the Amazon Machine Images (AMI) instance size, do the following:

  1. Login using SSH to access the Chef Automate instance. Use the SSH key pair and the IP address or public hostname that was automatically assigned when the Amazon Machine Images (AMI) was launched. The default user is ec2-user. For example:

    $ ssh -i /path/to/ssh_key.pem ec2-user@<instance IP address>
    
  2. Stop the Chef server services:

    $ sudo chef-server-ctl stop
    
  3. Stop then Chef Automate services:

    $ sudo automate-ctl stop
    
  4. Navigate to the Amazon Web Services (AWS) instance in the AWS Management Console.

  5. From the Actions dropdown, select Instance State, and then Stop.

  6. After the instance transitions to Stopped, edit the instance size. From the Actions dropdown, select Instance Settings, and then Change Instance Type.

  7. From the dropdown, select the desired instance size, and then click Apply.

  8. From the Actions dropdown, select Instance State, and then click Start.

  9. After the instance has started it will have a new public IP address and public DNS.

  10. Use SSH to log into the new instance. Use the SSH key pair and new IP address:

    $ ssh -i /path/to/ssh_key.pem ec2-user@<instance IP address>
    
  11. Follow the instructions for changing the hostname

  12. Verify that you can login to Chef Automate webui by navigating to https://<YOUR NEW PUBLIC DNS>/e/default.

    Note

    In order to use TLS/SSL for the Web UI and API, the Amazon Machine Images (AMI) will automatically create and use a self-signed certificate. Modern web browsers typically warn about self-signed certificates during login; however, in this case, you can ignore the warning and accept the certificate.

  13. Open a command prompt and change into your chef-repo directory.

  14. Open .chef/knife.rb in a text editor and modify the chef_server_url with your new public DNS. For example:

    $ vim ~/chef-repo/.chef/knife.rb
    

    will open a knife.rb file similar to:

    current_dir = ::File.dirname(__FILE__)
    log_level                :info
    log_location             $stdout
    node_name                'your_username'
    client_key               "#{current_dir}/your_username.pem"
    validation_client_name   'your_orgname-validator'
    validation_key           "#{current_dir}/your_orgname-validator.pem"
    chef_server_url          'https://<YOUR NEW PUBLIC DNS>/organizations/your_org'
    cookbook_path            ["#{current_dir}/../cookbooks"]
    
  15. Open .chef/pivotal.rb in a text editor and modify the chef_server_url and chef_server_root with your new public DNS. For example:

    $ vim ~/chef-repo/.chef/pivotal.rb
    

    will open a pivotal.rb file similar to:

    node_name        "pivotal"
    chef_server_url  "<YOUR NEW PUBLIC DNS>"
    chef_server_root "<YOUR NEW PUBLIC DNS>"
    client_key       ::File.join(::File.dirname(__FILE__), "pivotal.pem")
    
  16. Run knife ssl fetch to add the Chef server SSL certificate as a trusted SSL certificate.

  17. Run knife client list to test the connection to the Chef server. The command should return <orgname>-validator, where <orgname> is the name of the organization that was created previously.

  18. Update the /etc/chef/client.rb on all of your nodes to use the new public DNS. For example:

    $ knife ssh name:* 'sudo sed -ie "s/chef_server_url.*/chef_server_url 'https://ec2-52-6-31-230.compute-1.amazonaws.com/organizations/your_org'/"' /etc/chef/client.rb
    

    Replace ec2-52-6-31-230.compute-1.amazonaws.com with your new public DNS name and your_org with your organization name.

Upgrade Chef Automate

The Chef Automate Amazon Machine Images (AMI) can perform in-place upgrades of all of the pre-bundled software. This makes it easy to stay up-to-date with the latest version of Chef Automate, the Chef server and Chef Marketplace, while not requiring data to be migrated to the latest published Amazon Machine Images (AMI).

There are three options: upgrade Chef Automate, upgrade Chef server, upgrade Chef Marketplace; upgrade everything.

To upgrade, do one of the following:

  • Upgrade the Chef Automate package by using the following command:

    $ sudo chef-marketplace-ctl upgrade --automate
    

    Note

    Chef Automate and Chef server services will be unavailable while the software is updated.

  • Upgrade the Chef server package by using the following command:

    $ sudo chef-marketplace-ctl upgrade --server
    

    Note

    Chef server services will be unavailable while the software is updated.

  • Upgrade the Chef Marketplace package by using the following command:

    $ sudo chef-marketplace-ctl upgrade --marketplace
    
  • Upgrade all the installed packages by using the following command:

    $ sudo chef-marketplace-ctl upgrade -y
    

Migrate to Chef Automate on AWS

The process of migrating from an existing Chef server installation to the Amazon Machine Images (AMI) differs depending on which software version is being used and the location in which it is deployed. In all scenarios, data is first migrated to the latest Chef server schema, after which it is migrated to the Amazon Machine Images (AMI).

  • Verify that the latest version of the Chef server is installed by using the platform package manager: rpm -qa | grep chef-server-core and compare the result to the latest version available on the downloads site. If this is not the latest version, download the package, and then upgrade to the latest version.
  • Upgrade an Enterprise Chef node to the latest version of the Chef server by following the enterprise upgrade instructions.
  • Upgrade an Open Source Chef node to the latest version of the Chef server by following the open source upgrade instructions.

After verifying that your existing Chef server installation is up to date, do the following to migrate to the Amazon Machine Images (AMI) instance:

  1. Backup the data on the Chef server using knife ec backup. This method will export all of your existing Chef server data as JSON. We’ll then re-import the same data into a new Chef Automate cluster. We use the JSON based backup and restore procedure because the Chef server data on the Chef Automate Marketplace AMI is stored in shared databases so copying of binary files won’t work.

    $ mkdir -p /tmp/chef-backup
    $ /opt/opscode/embedded/bin/knife ec backup /tmp/chef-backup --with-user-sql --with-key-sql
    $ tar -czvf chef-backup.tgz -C /tmp/chef-backup
    
  2. Copy the resulting tarball to your Amazon Machine Images (AMI) instance:

    $ scp /tmp/chef-backup.tgz ec2-user@<MARKETPLACE AMI IP ADDRESS>:/tmp/
    
  3. Login to the Amazon Machine Images (AMI) and ensure that it is running the latest version of the Chef server:

    $ chef-marketplace-ctl upgrade -y
    
  4. Reconfigure Chef Automate and the Chef server:

    $ sudo automate-ctl reconfigure
    $ sudo chef-server-ctl reconfigure
    
  5. Restore the backup:

    $ mkdir -p /tmp/chef-backup
    $ mv /tmp/chef-backup.tgz /tmp/chef-backup
    $ cd /tmp/chef-backup
    $ tar -ztf chef-backup.tgz
    $ /opt/opscode/embedded/bin/knife ec restore /tmp/chef-backup --with-user-sql --with-key-sql
    
  6. Open .chef/knife.rb in a text editor and modify the chef_server_url with your new public DNS. For example:

    $ vim ~/chef-repo/.chef/knife.rb
    

    will open a knife.rb file similar to:

    current_dir = ::File.dirname(__FILE__)
    log_level                :info
    log_location             $stdout
    node_name                'your_username'
    client_key               "#{current_dir}/your_username.pem"
    validation_client_name   'your_orgname-validator'
    validation_key           "#{current_dir}/your_orgname-validator.pem"
    chef_server_url          'https://<YOUR NEW PUBLIC DNS>/organizations/your_org'
    cookbook_path            ["#{current_dir}/../cookbooks"]
    
  7. Run knife ssl fetch to add the Chef server SSL certificate as a trusted SSL certificate.

  8. Run knife client list to test the connection to the Chef server. The command should return <orgname>-validator, where <orgname> is the name of the organization that was created previously.

  9. Update the /etc/chef/client.rb on all of your nodes to use the new public DNS. For example:

    $ knife ssh name:* 'sudo sed -ie "s/chef_server_url.*/chef_server_url 'https://ec2-52-6-31-230.compute-1.amazonaws.com/organizations/your_org'/" /etc/chef/client.rb
    

    Replace ec2-52-6-31-230.compute-1.amazonaws.com with your new public DNS name and your_org with your organization name.

ace ec2-52-6-31-230.compute-1.amazonaws.com with your new public DNS name and your_org with your organization name.

Chef Compliance AMI

Follow the steps in the sections below to install Chef Compliance in AWS Marketplace.

Launch the AMI

To get a fully-functional Amazon Machine Images (AMI) for Chef Compliance, do the following:

  1. Login to the AWS Marketplace using your Amazon Web Services (AWS) account credentials

  2. Navigate to the Chef Compliance product page and accept the software terms

  3. Navigate to the IAM Role section in the AWS console

    Create a new role for your marketplace instance with the ‘Amazon Ec2’ service type and attach the ‘AWSMarketplaceFullAccess’ policy.

    Note

    You can skip creating a role if you’re launching from the IC Marketplace

  4. Navigate back to the Chef Compliance product page and continue to the launch wizard.

  5. Click the ‘Launch with Ec2 Console’ button next to the desired region

    Configure the Amazon EC2 instance type, Amazon Virtual Private Cloud (VPC) settings, SSH key pair, IAM Role and assign a public IP address.

    Note

    You must assign the previously created IAM role or another role with full marketplace access unless you’re launching from the IC Marketplace

    Optionally add additional storage or increase the root volume size.

    Configure security group to include the required ports for access.

    Note

    Your security group should allow access from your workstation on ports 22 and 443

  6. Launch Amazon Machine Images (AMI)

Configure Chef Compliance

After the instance has been provisioned and initial configuration has completed (usually five to seven minutes) run through the setup wizard to create your user and register for a Chef support account. To complete the configuration, do the following:

  1. Access the Chef Compliance setup wizard. Build the URL by prepending https:// and appending /#/setup to the IP address or public hostname that was automatically assigned when the Amazon Machine Images (AMI) was launched. For example, https://<fqdn>/#/setup.
  2. Run through the setup wizard, and then log in to Chef Compliance webui https://<fqdn>. If you opt into creating a support account you should receive a confirmation email for a Hosted Chef account. Follow the link in the confirmation email to complete the support account creation.

Troubleshooting

Required ports

For a Chef Compliance instance that is launched from the AWS Marketplace, the following ports are configured automatically using the one-click installation:

Port Description
443 HTTPS
22 SSH

If the Chef Compliance instance is launched in a way that does not use the one-click installation, these ports may need to be configured manually.

Change the hostname

To update the hostname, do the following:

  1. Run sudo -i to gain administrator privileges.

  2. Run chef-marketplace-ctl hostname to view the current hostname.

  3. Configure the api_fqdn in /etc/chef-marketplace/marketplace.rb

    $ echo 'api_fqdn "<new.hostname.com>"' | sudo tee -a /etc/chef-marketplace/marketplace.rb
    
  4. Run chef-compliance-ctl stop && mv /etc/chef-compliance/chef-compliance.rb /etc/chef-compliance/chef-compliance.rb.bak to stop Chef Compliance and remove the configuration file.

  5. Run chef-marketplace-ctl hostname <new.hostname.com> to update the hostname.

  6. Run chef-compliance-ctl reconfigure to ensure Chef Compliance has beeen correctly configured with the new hostname.

  7. Run chef-compliance-ctl restart to restart Chef Compliance

Change instance size

To edit the Amazon Machine Images (AMI) instance size, do the following:

  1. Login using SSH to access the Chef Compliance instance. Use the SSH key pair and the IP address or public hostname that was automatically assigned when the Amazon Machine Images (AMI) was launched. The default user is ec2-user. For example:

    $ ssh -i /path/to/ssh_key.pem ec2-user@<instance IP address>
    
  2. Stop the Chef Compliance server:

    $ sudo chef-compliance-ctl stop
    
  3. Navigate to the Amazon Web Services (AWS) instance in the AWS Management Console.

  4. From the Actions dropdown, select Instance State, and then Stop.

  5. After the instance transitions to Stopped, edit the instance size. From the Actions dropdown, select Instance Settings, and then Change Instance Type.

  6. From the dropdown, select the desired instance size, and then click Apply.

  7. From the Actions dropdown, select Instance State, and then click Start.

  8. After the instance has started it will have a new public IP address and public DNS.

  9. Use SSH to log into the new instance. Use the SSH key pair and new IP address:

    $ ssh -i /path/to/ssh_key.pem ec2-user@<instance IP address>
    
  10. Update the fqdn to use the public DNS name.

  11. Reconfigure the Chef Compliance server:

    $ sudo chef-compliance-ctl reconfigure
    
  12. Verify that you can login to Chef Compliance server by navigating to https://fqdn.

  13. Update the public DNS entry: Replace ec2-52-6-31-230.compute-1.amazonaws.com with your new public DNS name and your_org with your organization name.

Upgrade Chef Compliance

The Chef Compliance Amazon Machine Images (AMI) can perform in-place upgrades of all of the pre-bundled software. This makes it easy to stay up-to-date with the latest versions of Chef Compliance and Chef Marketplace while not requiring data to be migrated to the latest published Amazon Machine Images (AMI). There are 3 options: upgrade Chef Compliance; upgrade Chef Marketplace; upgrade everything.

To upgrade, do one of the following:

  • Upgrade the Chef Compliance package by using the following command:

    $ sudo chef-marketplace-ctl upgrade -c
    

    Note

    Chef Compliance will be unavailable while the software is updated.

  • Upgrade the Chef Marketplace package by using the following command:

    $ sudo chef-marketplace-ctl upgrade -m
    
  • Upgrade all the installed packages by using the following command:

    $ sudo chef-marketplace-ctl upgrade -y
    

Migrate to AWS

To migrate an existing Chef Compliance installation to the Amazon Machine Images (AMI), do the following:

  1. Launch the latest Chef Compliance Amazon Machine Images (AMI).

  2. Verify that the latest version of the Chef Compliance is installed by using the platform package manager: rpm -qa | grep chef-compliance and compare the result to the latest version available on the downloads site. If this is not the latest you can download and install the latest package from the downloads site or add the chef repo to your package manager. Follow the upgrade instructions for Chef Compliance to complete the upgrade.

  3. Login using SSH to access the Chef Compliance instance. Use the SSH key pair and the IP address or public hostname that was automatically assigned when the Amazon Machine Images (AMI) was launched. The default user is ec2-user. For example:

    $ ssh -i /path/to/ssh_key.pem ec2-user@<instance IP address>
    
  4. Update the software on the Chef Compliance Amazon Machine Images (AMI). For example:

    $ chef-marketplace-ctl upgrade -y
    
  5. Copy the contents of the old instance to your new instance and restart the service. For example:

    $ ssh -i /path/to/ssh_key.pem ec2-user@<instance IP address>
    $ chef-compliance-ctl stop
    $ rsync -avz -e "ssh -i /path/to/ssh_key.pem -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null" --progress /var/opt/chef-compliance ec2-user@<new instance IP address>:/var/opt/chef-compliance
    $ rsync -avz -e "ssh -i /path/to/ssh_key.pem -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null" --progress /etc/chef-compliance ec2-user@<new instance IP address>:/etc/chef-compliance
    $ chef-compliance-ctl reconfigure
    $ chef-compliance-ctl start
    

Migrate to the latest AMI

To migrate from an older Amazon Machine Images (AMI) to the latest Amazon Machine Images (AMI), do the following:

  1. Launch the latest Chef Compliance Amazon Machine Images (AMI).

  2. Login using SSH to access the Chef Compliance instance and update the software. Use the SSH key pair and the IP address or public hostname that was automatically assigned when the Amazon Machine Images (AMI) was launched. The default user is ec2-user. For example:

    $ ssh -i /path/to/ssh_key.pem ec2-user@<instance IP address>
    $ chef-marketplace-clt upgrade -y
    
  3. Repeat the previous step on the your old Chef Compliance instance.

  4. Copy the contents of the old instance to your new instance and restart the service. For example:

    $ ssh -i /path/to/ssh_key.pem ec2-user@<instance IP address>
    $ chef-compliance-ctl stop
    $ rsync -avz -e "ssh -i /path/to/ssh_key.pem -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null" --progress /var/opt/chef-compliance ec2-user@<new instance IP address>:/var/opt/chef-compliance
    $ rsync -avz -e "ssh -i /path/to/ssh_key.pem -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null" --progress /etc/chef-compliance ec2-user@<new instance IP address>:/etc/chef-compliance
    $ chef-compliance-ctl reconfigure
    $ chef-compliance-ctl start
    

Chef Server AMI

Attention

This AMI has been deprecrated in favor of Chef Automate marketplace AMI.

Follow the steps in the sections below to install the Chef server in AWS Marketplace.

Launch the AMI

To get a fully-functional Amazon Machine Images (AMI) for Chef server, do the following:

  1. Login to the AWS Marketplace using your Amazon Web Services (AWS) account credentials

  2. Navigate to the Chef server product page and accept the software terms

  3. Navigate to the IAM Role section in the AWS console

    Create a new role for your marketplace instance with the ‘Amazon Ec2’ service type and attach the ‘AWSMarketplaceFullAccess’ policy.

    Note

    You can skip creating a role if you’re launching from the IC Marketplace

  4. Navigate back to the Chef server product page and continue to the launch wizard.

  5. Click the ‘Launch with Ec2 Console’ button next to the desired region

    Configure the Amazon EC2 instance type, Amazon Virtual Private Cloud (VPC) settings, SSH key pair, IAM Role and assign a public IP address.

    Note

    You must assign the previously created IAM role or another role with full marketplace access unless you’re launching from the IC Marketplace

    Optionally add additional storage or increase the root volume size.

    Configure security group to include the required ports for access.

    Note

    Your security group should allow access from your workstation on ports 22, 443 and 8443

  6. Launch Amazon Machine Images (AMI)

Install the Chef DK

While the Amazon Machine Images (AMI) for Chef server is being provisioned, download and install the Chef development kit. The Chef management console has many features and is useful for viewing and creating policy to be applied to nodes, the Chef development kit installs a collection of tools—Kitchen, ChefSpec, chef, chef-vault, Foodcritic, and more—and libraries that are all packaged together, which makes it easier to manage the dependencies these tools may have on each other and the dependencies that Chef has on Ruby.

Configure the Chef Server

After the instance has been provisioned and initial configuration has completed (usually 10 to 13 minutes) run through the setup wizard to create your user and register for a Chef support account. To complete the configuration, do the following:

  1. Access the Chef server setup wizard. Build the URL by prepending https:// and appending /signup to the IP address or public hostname that was automatically assigned when the Amazon Machine Images (AMI) was launched. For example, https://<fqdn>/signup.

    Note

    In order to use TLS/SSL for the Web UI and API, the Amazon Machine Images (AMI) will automatically create and use a self-signed certificate. Modern web browsers typically warn about self-signed certificates during login; however, in this case, you can ignore the warning and accept the certificate.

  2. Run through the setup wizard. If you opt into creating a support account you should receive a confirmation email for a Hosted Chef account. Follow the link in the confirmation email to complete the support account creation.

Configure the workstation

  1. Log into Chef server webui and download the starter kit. Build the URL by appending /getting_started to the to the fully qualified path of organization. For example, http://<fqdn>/organizations/<your_org>/getting_started.

  2. Extract the chef-starter.zip file to a directory on the workstation. Open a command prompt and change into the chef-repo directory extracted from the starter kit. For example:

    $ cd ~/Downloads
    $ unzip chef-starter.zip
    $ cd chef-repo
    
  3. Run knife ssl fetch to add the Chef server SSL certificate as a trusted SSL certificate.

  4. Run knife client list to test the connection to the Chef server. The command should return <orgname>-validator, where <orgname> is the name of the organization that was created previously.

  5. Add virtual machines to the Chef server.

  6. Bootstrap nodes with the Chef server.

Troubleshooting

Required ports

For a Chef server configuration that is launched from the AWS Marketplace, access to the instance on the following ports is required:

Port Description
443 HTTPS for Chef management console
8443 HTTPS for Chef Analytics
22 SSH

Change the hostname

To update the hostname, do the following:

  1. Run sudo -i to gain administrator privileges.

  2. Run chef-marketplace-ctl hostname to view the current hostname.

  3. Configure the api_fqdn in /etc/chef-marketplace/marketplace.rb

    $ echo 'api_fqdn "<new.hostname.com>"' | sudo tee -a /etc/chef-marketplace/marketplace.rb
    
  4. Run chef-server-ctl stop to stop Chef server.

  5. Run chef-marketplace-ctl hostname <new.hostname.com> to update the hostname.

  6. Run chef-server-ctl reconfigure to ensure Chef server has beeen correctly configured with the new hostname.

  7. Run chef-server-ctl restart to restart Chef server

Change instance size

To edit the Amazon Machine Images (AMI) instance size, do the following:

  1. Login using SSH to access the Chef server instance. Use the SSH key pair and the IP address or public hostname that was automatically assigned when the Amazon Machine Images (AMI) was launched. The default user is ec2-user. For example:

    $ ssh -i /path/to/ssh_key.pem ec2-user@<instance IP address>
    
  2. Stop the Chef server:

    $ sudo chef-server-ctl stop
    
  3. Navigate to the Amazon Web Services (AWS) instance in the AWS Management Console.

  4. From the Actions dropdown, select Instance State, and then Stop.

  5. After the instance transitions to Stopped, edit the instance size. From the Actions dropdown, select Instance Settings, and then Change Instance Type.

  6. From the dropdown, select the desired instance size, and then click Apply.

  7. From the Actions dropdown, select Instance State, and then click Start.

  8. After the instance has started it will have a new public IP address and public DNS.

  9. Use SSH to log into the new instance. Use the SSH key pair and new IP address:

    $ ssh -i /path/to/ssh_key.pem ec2-user@<instance IP address>
    
  10. Update the API FQDN in /etc/opscode/chef-server.rb using the public DNS name. For example:

    $ sudo sed -ie "s/api_fqdn.*/api_fqdn 'ec2-52-6-31-230.compute-1.amazonaws.com'/" /etc/opscode/chef-server.rb
    

    Replace ec2-52-6-31-230.compute-1.amazonaws.com with the public DNS name.

  11. Reconfigure the Chef server and the Chef management console (standalone and frontend group members

    of a High Availabilty installation):

    $ sudo chef-server-ctl reconfigure
    $ sudo chef-manage-ctl reconfigure
    
  12. Reconfigure the Chef server:

    $ sudo chef-manage-ctl reconfigure
    
  13. Verify that you can login to Chef management console by navigating to https://<YOUR NEW PUBLIC DNS>/login.

    Note

    In order to use TLS/SSL for the Web UI and API, the Amazon Machine Images (AMI) will automatically create and use a self-signed certificate. Modern web browsers typically warn about self-signed certificates during login; however, in this case, you can ignore the warning and accept the certificate.

  14. Open a command prompt and change into your chef-repo directory.

  15. Open .chef/knife.rb in a text editor and modify the chef_server_url with your new public DNS. For example:

    $ vim ~/chef-repo/.chef/knife.rb
    

    will open a knife.rb file similar to:

    current_dir = File.dirname(__FILE__)
    log_level                :info
    log_location             STDOUT
    node_name                'your_username'
    client_key               "#{current_dir}/your_username.pem"
    validation_client_name   'your_username-validator'
    validation_key           "#{current_dir}/your_username-validator.pem"
    chef_server_url          'https://<YOUR NEW PUBLIC DNS>/organizations/your_org'
    cookbook_path            ["#{current_dir}/../cookbooks"]
    
  16. Run knife ssl fetch to add the Chef server SSL certificate as a trusted SSL certificate.

  17. Run knife client list to test the connection to the Chef server. The command should return <orgname>-validator, where <orgname> is the name of the organization that was created previously.

  18. Update the /etc/chef/client.rb on all of your nodes to use the new public DNS. For example:

    $ knife ssh name:* 'sudo sed -ie "s/chef_server_url.*/chef_server_url 'https://ec2-52-6-31-230.compute-1.amazonaws.com/organizations/your_org'/"' /etc/chef/client.rb
    

    Replace ec2-52-6-31-230.compute-1.amazonaws.com with your new public DNS name and your_org with your organization name.

Upgrade the Chef Server

The Chef server Amazon Machine Images (AMI) can perform in-place upgrades of all of the pre-bundled software. This makes it easy to stay up-to-date with the latest version of the Chef server, the Chef management console, Reporting and Chef Marketplace, while not requiring data to be migrated to the latest published Amazon Machine Images (AMI).

There are four options: upgrade the Chef server, the Chef management console, and Reporting; upgrade Chef Analytics; upgrade Chef Marketplace; upgrade everything.

To upgrade, do one of the following:

  • Upgrade the Chef server, the Chef management console and Reporting packages by using the following command:

    $ sudo chef-marketplace-ctl upgrade -s
    

    Note

    The Chef server will be unavailable while the software is updated.

  • Upgrade the Chef Analytics package by using the following command:

    $ sudo chef-marketplace-ctl upgrade -a
    

    Note

    Chef Analytics will be unavailable while the software is updated.

  • Upgrade the Chef Marketplace package by using the following command:

    $ sudo chef-marketplace-ctl upgrade -m
    
  • Upgrade all the installed packages by using the following command:

    $ sudo chef-marketplace-ctl upgrade -y
    

Migrate to AWS

The process of migrating from an existing Chef server installation to the Amazon Machine Images (AMI) differs depending on which software version being used and the location in which it is deployed. In all scenarios, data is first migrated to the latest Chef server schema, after which it is migrated to the Amazon Machine Images (AMI).

  • Verify that the latest version of the Chef server is installed by using the platform package manager: rpm -qa | grep chef-server-core and compare the result to the latest version available on the downloads site. If this is not the latest version, download the package, and then upgrade to the latest version.
  • Upgrade an Enterprise Chef node to the latest version of the Chef server by following the upgrade instructions.
  • Upgrade an Open Source Chef node to the latest version of the Chef server by following the upgrade instructions.

After verifying that your existing Chef server installation is up to date, do the following to migrate to the Amazon Machine Images (AMI) instance:

  1. Backup the data on the Chef server:

    $ sudo chef-server-ctl backup
    
  2. Copy the resulting tarball to your Amazon Machine Images (AMI) instance:

    $ scp /tmp/chef-backup-2014-12-10-20-31-40.tgz ec2-user@<MARKETPLACE AMI IP ADDRESS>:/tmp/
    
  3. Login to the Amazon Machine Images (AMI) and ensure that it is running the latest version of the Chef server:

    $ chef-marketplace-ctl upgrade -y
    
  4. Reconfigure the Chef server and the Chef management console (standalone and frontend group members

    of a High Availabilty installation):

    $ sudo chef-server-ctl reconfigure
    $ sudo chef-manage-ctl reconfigure
    
  5. Restore the backup:

    $ chef-server-ctl restore /tmp/chef-backup-2014-12-10-20-31-40.tgz
    
  6. Download your new starter kit:

    Login to the Chef management console by navigating to https://<MARKETPLACE AMI IP ADDRESS>/getting_started and download the starter kit.

  7. Extract the chef-starter.zip file to a directory on the workstation. Open a command prompt and change into the chef-repo directory extracted from the starter kit. For example:

    $ cd ~/Downloads
    $ unzip chef-starter.zip
    $ cd chef-repo
    
  8. Run knife ssl fetch to add the Chef server SSL certificate as a trusted SSL certificate.

  9. Run knife client list to test the connection to the Chef server. The command should return <orgname>-validator, where <orgname> is the name of the organization that was created previously.

  10. Update the /etc/chef/client.rb on all of your nodes to use the new public DNS. For example:

    $ knife ssh name:* 'sudo sed -ie "s/chef_server_url.*/chef_server_url 'https://ec2-52-6-31-230.compute-1.amazonaws.com/organizations/your_org'/" /etc/chef/client.rb
    

    Replace ec2-52-6-31-230.compute-1.amazonaws.com with your new public DNS name and your_org with your organization name.

Migrate to the latest AMI

To migrate from an older Amazon Machine Images (AMI) to the latest Amazon Machine Images (AMI), do the following:

  1. Launch the latest Chef server Amazon Machine Images (AMI).

  2. Login to the old Amazon Machine Images (AMI) and ensure that it is running the latest version of the Chef server:

    $ chef-marketplace-ctl upgrade -y
    
  3. Backup the data on the Chef server:

    $ sudo chef-server-ctl backup
    
  4. Copy the resulting tarball to your new Amazon Machine Images (AMI) instance:

    $ scp /tmp/chef-backup-2014-12-10-20-31-40.tgz ec2-user@<MARKETPLACE AMI IP ADDRESS>:/tmp/
    
  5. Login to the new Amazon Machine Images (AMI) and ensure that it is running the latest version of the Chef server:

    $ chef-marketplace-ctl upgrade -y
    
  6. Backup the marketplace configuration file on the new Amazon Machine Images (AMI):

    $ cp /etc/chef-marketplace/marketplace.rb /tmp/marketplace.rb
    
  7. Restore the backup:

    $ chef-server-ctl restore /tmp/chef-backup-2014-12-10-20-31-40.tgz
    
  8. Restore the marketplace configuration file on the new Amazon Machine Images (AMI) and configure the Chef server:

    $ cp /tmp/marketplace.rb /etc/chef-marketplace/marketplace.rb
    $ chef-marketplace-ctl reconfigure
    $ chef-server-ctl reconfigure
    $ chef-manage-ctl reconfigure
    
  9. Download your new starter kit:

    Login to the Chef management console by navigating to https://<MARKETPLACE AMI IP ADDRESS>/getting_started and download the starter kit.

  10. Extract the chef-starter.zip file to a directory on the workstation. Open a command prompt and change into the chef-repo directory extracted from the starter kit. For example:

    $ cd ~/Downloads
    $ unzip chef-starter.zip
    $ cd chef-repo
    
  11. Run knife ssl fetch to add the Chef server SSL certificate as a trusted SSL certificate.

  12. Run knife client list to test the connection to the Chef server. The command should return <orgname>-validator, where <orgname> is the name of the organization that was created previously.

  13. Update the /etc/chef/client.rb on all of your nodes to use the new public DNS. For example:

    $ knife ssh name:* 'sudo sed -ie "s/chef_server_url.*/chef_server_url 'https://ec2-52-6-31-230.compute-1.amazonaws.com/organizations/your_org'/" /etc/chef/client.rb
    

    Replace ec2-52-6-31-230.compute-1.amazonaws.com with your new public DNS name and your_org with your organization name.