Chef Manage

[edit on GitHub]

Warning

Chef Manage is deprecated. The Chef Enterprise Automation Stack allows you to define infrastructure, security policies, and application dependencies as code, deliver the stack via an automated pipeline to any platform, and deploy, observe, and manage the stack over its lifecycle. Chef Automate is included as part of the Chef license agreement and is available via subscription.

The Chef management console enables the management of nodes, data bags, roles, environments, and cookbooks by using a web user interface. In addition, access to nodes, data bags, roles, environments, and cookbooks is configurable using role-based access control (RBAC).

Nodes

A node is any device—physical, virtual, cloud, network device, etc.—that is under management by Chef Infra.

The Chef management console provides ways for users to delete nodes and reset their private keys, edit node attributes, manage the run-lists, configure user and group permissions, and manage tags.

_images/step_manage_webui_nodes.png

Policy

Policy maps business and operational requirements, process, and workflow to settings and objects stored on the Chef Infra Server:

  • Roles define server types, such as “web server” or “database server”

  • Environments define process, such as “dev”, “staging”, or “production”

  • Certain types of data—passwords, user account data, and other sensitive items—can be placed in data bags, which are located in a secure sub-area on the Chef Infra Server that can only be accessed by nodes that authenticate to the Chef Infra Server with the correct SSL certificates

  • The cookbooks (and cookbook versions) in which organization-specific configuration policies are maintained

The Chef management console provides ways for users to manage data bags, environments, roles, cookbooks, clients, and managing tags.

_images/step_manage_webui_policy.png

Admin

Organizations, users, and groups can be managed from the Chef management console, including role-based access control for any user and group to any of the objects saved to the Chef Infra Server.

The Chef Infra Server uses role-based access control (RBAC) to restrict access to objects—nodes, environments, roles, data bags, cookbooks, and so on. This ensures that only authorized user and/or Chef Infra Client requests to the Chef Infra Server are allowed. Access to objects on the Chef Infra Server is fine-grained, allowing access to be defined by object type, object, group, user, and organization. The Chef Infra Server uses permissions to define how a user may interact with an object, after they have been authorized to do so.

_images/step_manage_webui_admin.png

Install Chef Manage

The install subcommand downloads packages from https://packages.chef.io/ by default. For systems that are not behind a firewall (and have connectivity to https://packages.chef.io/), these packages can be installed as described below.

Feature

Command

Chef Manage

Use Chef management console to manage data bags, attributes, run-lists, roles, environments, and cookbooks from a web user interface.

On the Chef Infra Server, run:

$ sudo chef-server-ctl install chef-manage

then:

$ sudo chef-server-ctl reconfigure

and then:

$ sudo chef-manage-ctl reconfigure

To accept the Chef MLSA:

$ sudo chef-manage-ctl reconfigure --accept-license

Chef Manage Local Installation

The install subcommand is used to install premium features of the Chef server: Chef management console(chef-manage) and push jobs(opscode-push-jobs-server).

$ sudo chef-server-ctl install PACKAGE_NAME --path /path/to/package/directory

For example:

$ sudo chef-server-ctl install chef-manage --path /root/packages

The chef-server-ctl command will install the first chef-manage package found in the /root/packages directory.