Creating a chef server using the AWS service OpsWorks is rather easy. In addition to creating the chef server, OpsWorks gives you this fully managed configuration management service (i.e., Chef) with:
- Automatic backups
- Automatic security updates
- Automatic Chef software updates
- Just you can focus on writing cookbooks and recipes that meet your needs!
With OpsWorks, other benefits:
- 1- Automatic instance-to-chef-server registration
- 2- Secure and easy-scaling using autoscaling groups
- 3- No separate license fees, only pay for what you use
- 4- Supports both EC2 and on-perm instances
- 5- API endpoints for AS and management of Chef automate
- 6- Best practices, AWS support and guidance
What would I use (with) OpsWorks for:
- 1- Bootstrap ec2 instances with the correct configurtion
- 2- Update the configuration of running instances
- 3- Assure instance comply ith a predefined policy
- 4- Automate your auto-scaling application in ec2
- 5- Maintain continuous compliance with audit scans every 30 mins
After you create a chef server, you can now upload to it cookbooks.
- While server creation is still in progress, download the sign-in credentials for the Chef server, and save them in a secure, but convenient, location.
- Download the Starter Kit, and unzip the Starter Kit .zip file into your workspace directory. Do not share the Starter Kit private key. If other users will be managing the Chef server, add them as administrators in the Chef Automate dashboard later. For more information about how to add users to the Chef server, see Manage Users in the Chef Automate documentation.
- Download and install the Chef Development Kit, or Chef DK, on the computer you will use to manage your Chef server and nodes. The
knifeutility is part of the Chef DK. For instructions, see Install the Chef DK on the Chef website.
Configure Your Server with the
.chef directory is hidden, and contains the following files:
.chef/knife.rb– A knife configuration file (knife.rb). The
knife.rbfile is configured so that Chef’s
knifetool operations run against the AWS OpsWorks for Chef Automate server.
.chef/ca_certs/opsworks-cm-ca-2016-root.pem– A certification authority (CA)-signed SSL private key that is provided by AWS OpsWorks. This key allows the server to identify itself to the chef-client agent on nodes that your server manages.
- o identify itself to the chef-client agent on nodes that your server manages.
Set Up Your Chef Repository
A Chef repository contains several directories. Each directory in the Starter Kit contains a README file that describes the directory’s purpose, and how to use it for managing your systems with Chef. There are two ways to get cookbooks installed on your Chef server:
knife commands, or Berkshelf commands. This walkthrough uses Berkshelf to install cookbooks on your server.
- Create a directory on your local computer for storing cookbooks, such as
chef-repo. After you add cookbooks, roles, and other files to this repository, we recommend that you upload or store it in a secure, versioned system, such as AWS CodeCommit, Git, or Amazon S3.
- In the
chef-repodirectory, create the following three directories, as shown in the Starter Kit:
cookbooks/– Stores cookbooks that you download or create.
roles/– Stores roles in
environments/– Stores environments in
Use Berkshelf to Get Cookbooks from a Remote Source
Berkshelf is a tool for managing cookbooks and their dependencies. It downloads a specified cookbook into local storage, which is called the Berkshelf. You can specify which cookbooks and versions to use with your Chef server and upload them.
The Starter Kit contains a file, named
Berksfile, that lists your cookbooks. The included Berksfile references the chef-client cookbook that configures the Chef client agent software on each node that you connect to your Chef server. To learn more about this cookbook, see Chef Client Cookbook in the Chef Supermarket.
- Using a text editor, append another cookbook to your Berksfile in which to install the web server software; for example, to install the Apache web server application. Your Berksfile should resemble the following.
source 'https://supermarket.chef.io' cookbook 'chef-client' cookbook 'apache2'
- Download and install the cookbooks on your local computer.
- Upload the cookbook to the Chef server.On Linux, run the following.
SSL_CERT_FILE='.chef/ca_certs/opsworks-cm-ca-2016-root.pem' berks upload
On Windows, run the following Chef DK command in a PowerShell session. Before you run the command, be sure to set the execution policy in PowerShell to
chef shell-initto make Chef DK utility commands available to PowerShell.
$env:SSL_CERT_FILE="ca_certs\opsworks-cm-ca-2016-root.pem" chef shell-init berks upload Remove-Item Env:\SSL_CERT_FILE
- Verify the installation of the cookbook by showing a list of cookbooks that are currently available on the Chef Automate server.You are ready to add nodes to manage with the AWS OpsWorks for Chef Automate server.
knife cookbook list
knife bootstrap 184.108.40.206 -N ssm-test-instance -x ubuntu --sudo --identity-file ~/keys/yourkey --run-list "recipe[apache2]"