Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove references to packages.chef.io #4316

Merged
merged 7 commits into from
Dec 12, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion _vendor/modules.txt
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
# github.com/inspec/inspec-azure/docs-chef-io v0.0.0-20240122032234-c1394fc25525
# github.com/inspec/inspec-habitat/docs-chef-io v0.0.0-20220218210405-bfd542da49fd
# github.com/inspec/inspec-k8s/docs-chef-io v0.0.0-20240122032042-421355eaf502
# github.com/chef/chef-workstation/docs-chef-io v0.0.0-20240809064339-878cb76b2b66
# github.com/chef/chef-workstation/docs-chef-io v0.0.0-20241212065721-f1621731d636
# github.com/chef/supermarket/docs-chef-io v0.0.0-20241105172430-a362eded8f72
# github.com/chef/effortless/docs-chef-io v0.0.0-20230711123605-c8beb79aba4f
# github.com/chef/compliance-profiles/docs-chef-io v0.0.0-20241211025148-fb9cb1f3e2bc
Expand Down
20 changes: 10 additions & 10 deletions content/azure_chef_cli.md
Original file line number Diff line number Diff line change
Expand Up @@ -22,8 +22,8 @@ Windows PowerShell cmdlets and two Microsoft Azure CLI commands.

If the Microsoft Azure [cross-platform command line tool
(Xplat-CLI)](https://github.com/Azure/azure-xplat-cli) is installed on
the workstation, along with the Azure Chef Extension, the `get-chef` and
`set-chef` extensions may be used to manage Chef running on virtual
the workstation along with the Azure Chef Extension, you can use the `get-chef` and
`set-chef` extensions to manage Chef running on virtual
machines in Microsoft Azure.

### get-chef
Expand Down Expand Up @@ -125,7 +125,7 @@ azure vm extension set-chef your-vm-name --validation-pem ~/chef-repo/.chef/test
azure vm extension set-chef your-vm-name --validation-pem ~/chef-repo/.chef/testorg-validator.pem --client-config ~/chef-repo/.chef/client.rb --version "1201.12" -R 'recipe[your_cookbook_name::your_recipe_name]'
```

##### Azure Resource Manager (ARM) Templates
##### Azure Resource Manager (ARM) templates

If you are using Azure Resource Manager templates to create your infrastructure you can use the Chef extension to have Azure handle the bootstrapping/configuration of your node to your Chef Infra Server.

Expand Down Expand Up @@ -222,7 +222,7 @@ The extension has the following options that can be provided in the

: Verify the SSL certificate on the Chef Infra Server. When `true`, Chef Infra Client always verifies the SSL certificate. When `false`, Chef Infra Client uses the value of `ssl_verify_mode` to determine if the SSL certificate requires verification.

#### Protected Settings
#### Protected settings

The following options can be provided to the extension through the `protectedSettings` hash:

Expand All @@ -240,9 +240,9 @@ The following options can be provided to the extension through the `protectedSet

### Examples

The following examples show how Chef Infra Client can be installed and configured from an ARM template.
The following examples show how you can install and configure Chef Infra Client from an ARM template.

#### Installing the Azure Chef extension on a Linux system
#### Install the Azure Chef extension on a Linux system

```json
{
Expand Down Expand Up @@ -270,7 +270,7 @@ The following examples show how Chef Infra Client can be installed and configure
}
```

#### Installing the Azure Chef extension on a Windows system
#### Install the Azure Chef extension on a Windows system

```json
{
Expand All @@ -289,7 +289,7 @@ The following examples show how Chef Infra Client can be installed and configure
"validation_client_name": "my-chef-organization-validator"
},
"runlist": "recipe[awesome_customers_windows],recipe[iis],role[windows_base]",
"chef_package_url" : "https://my.packages.chef.io/chef-client-15.11.8-1-x64.msi",
"chef_package_url" : "https://download.example.com/chef-client-15.11.8-1-x64.msi",
"validation_key_format": "plaintext"
},
"protectedSettings": {
Expand All @@ -299,7 +299,7 @@ The following examples show how Chef Infra Client can be installed and configure
}
```

#### Installing the Azure Chef extension on a Linux system with SSL peer verification turned off and given a data bag secret
#### Install the Azure Chef extension on a Linux system with SSL peer verification turned off and given a data bag secret

```json
{
Expand Down Expand Up @@ -331,6 +331,6 @@ The following examples show how Chef Infra Client can be installed and configure

{{< note >}}

Here we're also base64 encoding our validator key which is a recommended approach when using the Azure Chef extension in an ARM template
In this example the validator key is base64 encoded, which is a recommended approach when using the Azure Chef extension in an ARM template.

{{< /note >}}
58 changes: 32 additions & 26 deletions content/install_bootstrap.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
+++
title = "Bootstrap a Node"
title = "Bootstrap a node"
draft = false
gh_repo = "chef-web-docs"
aliases = ["/install_bootstrap.html"]
Expand All @@ -23,21 +23,26 @@ product = ["client", "workstation"]

### Run the bootstrap command

The `knife bootstrap` subcommand is used to run a bootstrap operation that installs Chef Infra Client on the target node. The following steps describe how to bootstrap a node using knife.
The `knife bootstrap` command runs a bootstrap operation that installs Chef Infra Client on a target node. The following steps describe how to bootstrap a node using knife.

1. Identify the FQDN or IP address of the target node. The `knife bootstrap` command requires the FQDN or the IP address for the node to complete the bootstrap operation.

2. Once the workstation machine is configured, it can be used to install Chef Infra Client on one (or more) nodes across the organization using a knife bootstrap operation. The `knife bootstrap` command is used to SSH into the target machine, and then do what is needed to allow Chef Infra Client to run on the node. It will install the Chef Infra Client executable (if necessary), generate keys, and register the node with the Chef Infra Server. The bootstrap operation requires the IP address or FQDN of the target system, the SSH credentials (username, password or identity file) for an account that has root access to the node, and (if the operating system is not Ubuntu, which is the default distribution used by `knife bootstrap`) the operating system running on the target system.
2. Once the workstation machine is configured, it can be used to install Chef Infra Client on one (or more) nodes across the organization using a knife bootstrap operation. The `knife bootstrap` command is used to SSH into the target machine, and then do what's needed to allow Chef Infra Client to run on the node. It will install the Chef Infra Client executable (if necessary), generate keys, and register the node with the Chef Infra Server. The bootstrap operation requires the IP address or FQDN of the target system, the SSH credentials (username, password or identity file) for an account that has root access to the node, and (if the operating system isn't Ubuntu, which is the default distribution used by `knife bootstrap`) the operating system running on the target system.

In a command window, enter the following:

```bash
knife bootstrap 172.16.1.233 -U USERNAME --sudo
knife bootstrap <ADDRESS> -U <USERNAME> --sudo
```

where `172.16.1.233` is the IP address or the FQDN for the node, and `USERNAME` is the username you want to use to connect, and `--sudo` specifies to elevate privileges using the sudo command on UNIX-based systems.
Replace:

Then while the bootstrap operation is running, the command window will show something similar to the following:
- `<ADDRESS>` the IP address or the FQDN of the node
- `<USERNAME>` with the username used to connect to the node

The `--sudo` option elevates privileges using the sudo command on UNIX-based systems.

While the bootstrap operation is running, the command window returns something similar to the following:

```bash
Enter password for [email protected]:
Expand Down Expand Up @@ -123,16 +128,16 @@ The `knife bootstrap` subcommand is used to run a bootstrap operation that insta
client2
```

## Validatorless and Legacy Validator Bootstraps
## Validatorless and legacy validator bootstraps

We recommended using "validatorless bootstrapping" to authenticate new nodes with the Chef Infra Server.

The legacy Chef Infra validator-based node bootstrapping process depended on using a shared "validatory" key throughout an organization for authenticating new nodes with the Chef Infra Server.

Shortcomings of the legacy validator process are:

* All users share the same key for bootstrapping new systems
* Key sharing makes key rotation difficult, if it is compromised or if an employee leaves the organization.
- All users share the same key for bootstrapping new systems
- Key sharing makes key rotation difficult, if it's compromised or if an employee leaves the organization.

The "validatorless bootstrap" generates a key for each node, which is then transferred to the new node and used to authenticate with the Chef Infra Server instead of relying on a shared "validator" key.

Expand All @@ -152,7 +157,7 @@ Use the following options with a validatorless bootstrap to specify items that a

`--bootstrap-vault-json VAULT_JSON`

: A JSON string that contains a list of vaults and items to be updated. --bootstrap-vault-json '{ "vault1": \["item1", "item2"\], "vault2": "item2" }'
: A JSON string that contains a list of vaults and items to be updated. `--bootstrap-vault-json '{ "vault1": \["item1", "item2"\], "vault2": "item2" }'`

## Examples

Expand All @@ -175,7 +180,7 @@ cat sea-power-content.json
knife vault create sea power -M client -A sean_horn,angle -J sea-power-content.json
```

No clients, because the `-S` option was not specified while creating the vault.
No clients, because the `-S` option wasn't specified while creating the vault.

At this time, only the users `sean_horn` and `angle` are authorized to read and manage the vault.

Expand All @@ -190,7 +195,7 @@ search_query:
some: content for them
```

It is definitely an encrypted databag, see?
It's definitely an encrypted databag, see?

```bash
knife data_bag show sea power
Expand Down Expand Up @@ -344,36 +349,37 @@ search_query:
some: content for them
```

## Unattended Installs
## Unattended installs

Chef Infra Client can be installed using an unattended bootstrap. This allows Chef Infra Client to be installed from itself, without requiring SSH. For example, machines are often created using environments like AWS Auto Scaling, AWS CloudFormation, Rackspace Auto Scale, and PXE. In this scenario, using tooling for attended, single-machine installs like `knife bootstrap` or `knife CLOUD_PLUGIN create` is not practical because the machines are created automatically and someone cannot always be on-hand to initiate the bootstrap process.
Chef Infra Client can be installed using an unattended bootstrap. This allows Chef Infra Client to be installed from itself, without requiring SSH. For example, machines are often created using environments like AWS Auto Scaling, AWS CloudFormation, Rackspace Auto Scale, and PXE. In this scenario, using tooling for attended, single-machine installs like `knife bootstrap` or `knife CLOUD_PLUGIN create` is not practical because the machines are created automatically and someone can't always be on-hand to initiate the bootstrap process.

When Chef Infra Client is installed using an unattended bootstrap, remember that Chef Infra Client:

* Must be able to authenticate to the Chef Infra Server
* Must be able to configure a run-list
* May require custom attributes, depending on the cookbooks that are being used
* Must be able to access the chef-validator.pem so that it may create a new identity on the Chef Infra Server
* Must have a unique node name; Chef Infra Client will use the FQDN for the host system by default
- Must be able to authenticate to the Chef Infra Server.
- Must be able to configure a run-list.
- May require custom attributes, depending on the cookbooks that are being used.
- Must be able to access the `chef-validator.pem` file so that it may create a new identity on the Chef Infra Server.
- Must have a unique node name; Chef Infra Client will use the FQDN for the host system by default.

When Chef Infra Client is installed using an unattended bootstrap, it may be built into an image that starts Chef Infra Client on boot, or installed using User Data or some other kind of post-deployment script. The type of image or User Data used depends on the platform on which the unattended bootstrap will take place.

### Bootstrapping with User Data
### Bootstrapping with user data

The method used to inject a user data script into a server will vary depending on the infrastructure platform being used. For example, on AWS you can pass this data in as a text file using the command line tool.
The method used to inject a user data script into a server varies depending on the infrastructure platform being used.
For example, on AWS you can pass this data in as a text file using the command line.

The following user data examples demonstrate the process of bootstrapping Windows and Linux nodes.

#### PowerShell User Data
#### PowerShell user data

```powershell
## Set host file so the instance knows where to find chef-server
$hosts = "1.2.3.4 hello.example.com"
$file = "C:\Windows\System32\drivers\etc\hosts"
$hosts | Add-Content $file

## Download the Chef Infra Client
$clientURL = "https://packages.chef.io/files/stable/chef/12.19.36/windows/2012/chef-client-<version-here>.msi"
## Download Chef Infra Client
$clientURL = "https://chefdownload-commercial.chef.io/stable/client/download?p=windows>&pv=<PLATFORM_VERSION>&m=<ARCHITECTURE>&v=<PRODUCT_VERSION>&license_id=<LICENSE_ID>"
$clientDestination = "C:\chef-client.msi"
Invoke-WebRequest $clientURL -OutFile $clientDestination

Expand Down Expand Up @@ -402,7 +408,7 @@ Set-Content -Path c:\chef\client.rb -Value $clientrb
C:\opscode\chef\bin\chef-client.bat -j C:\chef\first-boot.json
```

#### Bash User Data
#### Bash user data

```bash
#!/bin/bash -xev
Expand Down Expand Up @@ -447,7 +453,7 @@ EOF
chef-client -j /etc/chef/first-boot.json
```

It is important that settings in the [client.rb file](/config_rb_client/)---`chef_server_url`, `http_proxy`, and so on are used---to ensure that configuration details are built into the unattended bootstrap process.
It's important that settings in the [client.rb file](/config_rb_client/)---for example `chef_server_url` and `http_proxy`---are used to ensure that configuration details are built into the unattended bootstrap process.

##### Setting the initial run-list

Expand Down
Loading
Loading