The Chef Configuration Manager

The Chef configuration manager provides integration with your Chef server.

Features

The integration supports these features from the CloudBolt UI:

  • Installation of Chef cookbooks and roles on servers
  • Discovery/synchronization of Chef Nodes
  • Automatic installation of the Chef agent on new servers being built (ie. the Chef agent does not have to be added to images, you can use your existing images as-is)

Assumptions

CloudBolt’s Chef support makes a few assumptions about your Chef environment. If your environment deviates from these assumptions, Chef support may not work correctly. These assumptions are:

  • The Chef DK must be installed on the CloudBolt server. For versions of CloudBolt 8.3 and above, the Chef DK is installed out-of-the-box. For any pre-8.3 versions of CloudBolt, the Chef DK can be installed by following these instructions from the Chef documentation: https://docs.chef.io/install_dk.html.
  • Direct connectivity from the CloudBolt server to the Chef server
  • Direct connectivity from the CloudBolt server to the new servers being built
  • sshd installed and set to automatically start on newly deployed Linux servers (the chef agent bootstrap process relies on this)
  • CloudBolt configured to know the credentials on the servers being built (so it can automatically install the Chef agent on the servers)
  • CloudBolt has experimental support for bootstrapping of agents on Windows servers. This relies on:
  • Windows remote management 2.0 on the remote, newly-built server
  • The knife windows plugin on the CloudBolt server

For more info on the Windows requirements, see: http://docs.chef.io/plugin_knife_windows.html. Please let CloudBolt support know if you plan to use Chef on Windows and they can help you through the process.

Connecting CloudBolt with a Chef server

This section describes how to create a Chef configuration manager that can be used to take advantage of CloudBolt–Chef integration.

Creating a Chef Configuration Manager in CloudBolt

  1. Navigate to the Configuration Managers admin page in the CloudBolt web interface.
  2. Click the Add a configuration manager button, then click Chef in the resulting dialog.
  3. Fill out the form, then click the Create button to create your configuration manager and show its detail page.
  4. When prompted for the CloudBolt client name, enter a placeholder value for now.
  5. If using a self-signed certificate, you will need to add the option --node-ssl-verify-mode none to the knife bootstrap arguments.

Providing CloudBolt with files Needed to Communicate with Chef

For each organization on your Chef that you would like CloudBolt to utilize, perform these steps on the CloudBolt server:

  1. Run mkdir -p /var/opt/cloudbolt/connectors/chef/<connector ID> (the connector ID can be seen in the URL when viewing the details for the connector)
  2. Obtain the validator PEM file, client PEM file, and knife.rb config file. They can be downloaded via the Chef web UI (https://docs.chef.io/install_dk.html#manually-w-webui).
  3. Copy those three files into /var/opt/cloudbolt/connectors/chef/<connector ID> on the CloudBolt server.
  4. Edit /var/opt/cloudbolt/connectors/chef/<connector ID>/knife.rb, changing the client_key and validation_key lines to reference the directory /var/opt/cloudbolt/connectors/chef/<connector ID>. If setting up import from community site, set syntax_check_cache_path to cache_options( :path => “/var/chef/.chef/checksums” ).

Then, return to the CloudBolt UI, edit the config manager, and enter the client name from certificate filename used above.

Enabling Bootstrapping of New Servers

To enable CloudBolt to use knife to install the Chef agent on servers during the server provisioning process, CloudBolt must be able to log in to the servers being provisioned. This means it needs to know the appropriate credentials for those servers, as mentioned above.

For some instances, such as Linux servers on AWS, the credentials should include an SSH key. For others, it will be a password and optionally a username. Credentials can be configured on templates from the Resource Handler page or using parameters globally (using Global Parameter Defaults), on the group or environment, or entered on the order form.

For more information on the necessary credentials and how to configure them, see the Authentication section of the Remote Scripts page.

Windows

In order to bootstrap agents on Windows servers, the CloudBolt server will need the knife Windows plugin. As root, run:

/opt/chef/embedded/bin/gem install nokogiri -- --use-system-libraries
/opt/chef/embedded/bin/gem install knife-windows

The bootstrap process uses Windows Remote Management 2.0 on port 5986 over HTTPS, so this will need to be enabled in the template/image that is used to deploy the Windows servers. For futher information about how this works, see the Chef docs on bootstrapping Windows agents: http://docs.chef.io/plugin_knife_windows.html. You can also reference the WinRM section of the Remote Scripts page for general information on how to configure and troubleshoot running scripts with WinRM.

If you would like to override that port and use 5985 instead, you can edit the Chef configuration manager and put this in the Knife bootstrap additional args field:

{% if server.is_windows %}
   -p 5985
{% endif %}

Harnessing Chef’s Power from CloudBolt

After associating your new Chef Configuration Manager with the right environments and creating a few Chef cookbook and/or role objects in CloudBolt, you can provision a new server to that environment. You will be given a choice of applications (cookbooks and roles) to install on the new server as part of the order form. Note that CloudBolt will automatically install a Chef agent on the new VM and will call into Chef to apply the chosen cookbooks and roles. You can see that CloudBolt has taken these actions as part of the order by clicking on the link to the job and viewing its progress.

After initial installation of a new server in a Chef environment, you can choose to install and remove applications from the server at any point (either from the server list page or the server’s detail page).

These features can be used by users who do not know anything about Chef and perhaps who do not even know that Chef is present. This allows for full application stack management with the simple, clean user experience provided by the CloudBolt web interface.