UXNS_Stefano_Sidoti 270003UXNS Visits (7478)
This blog is meant to share information about the on-going integration between BigFix and Chef.
What is Chef and why to integrate it with BigFix
Chef is used for automating server management and, like BigFix, it pushes most of the work to the endpoint, avoiding to centralize the work at the server.
With Chef you can describe how each part of infrastructure should be built, then when a new server comes online you tell it what role you want it to play and Chef will configure it properly.
Recipes describe what state the server should be in, for example what packages should be installed, what services should be running, etc. Chef makes sure that each server is properly configured to its Recipes only taking corrective action when necessary.
For a detailed Chef documentation you can refer to the Opscode site: http
Chef has a growing collection of community-provided automation for many tools that IBM would never provide, but customers would find useful.
Let's consider leveraging the Chef model for how automation gets packaged/delivered and used by Tivoli/IBM products, allowing reuse of automation packages across Cloud/SCP/IWD, IEM offerings, RAF, etc. (so we don’t have duplication of automation packages for DB2, WAS, etc which is already happening).
We could also potentially consider delivering Chef cookbooks/recipes directly from IBM-provided site.
The goal of the BigFix-Chef integration is to enable Chef within the BigFix offerings as a model to deliver and perform automation on endpoints, which is in addition to the fixlet model available in BigFix, but the aggregation of both the BigFix and Chef automation models will provide the customer with a more complete and more powerful solution.
Stage 1 - Integration with Chef Solo
The first stage of the integration was released early 2014 within IBM Endpoint Manager for Server Automation and currently available to customers.
You can refer to the following IBM Knowledge Center link for the available documentation about this integration:
For the target machines this integration supports all the platforms supported by both BigFix Agent and Chef Solo, while for the BigFix Server you can install it on both Windows and Linux. No more than a BigFix Agent is required for any Chef Node to be supported.
The architectural picture of the solution is depicted in the following
As you can see from the picture above the available content is able to:
- install Chef Solo on an BigFix endpoint (Fixlet1) on all the platforms that are supported by both BigFix Agent and Chef Solo
- execute a Chef recipe through Chef Solo on a BigFix endpoint (Fixlet2)
The available content provides also additional fixlets to download a cookbook to the BigFix endpoint before executing it.
There is a separate fixlet to download a cookbook each from a different location, in particular:
- from an internal or external URL, specified from the customer (it can be an internal or external file server)
- directly from Opscode web site
- from a file system location, specified by the customer
Once you have downloaded and executed a cookbook from whatever location, it can be mis-configured during normal day-to-day activities so you can enforce it by running just the fixlet that executes it (you don't need to download the cookbook any more since it's already present in the endpoint chef repository). You can also schedule this fixlet to run periodically if you need continuous maintenance.
Every time the cookbook is executed again, it will configure properly the machine according to the cookbook desiderata. If nothing changed after the last run, Chef Solo won't do anything.
You can also monitor the status of your Chef nodes (where Chef Solo is installed) through the monitoring analysis provided by the integration.
In particular you can see:
- the Chef Solo installed version on each Chef endpoint
- the cookbooks available in the Chef local repository
You can also easily modify the analysis to check for the presence of one or more installed cookbooks. An example is provided by default by the integration, namely for a simple cookbook named getting-started.
Stage 2 - Integration with Chef Server
The second step of the BigFix integration with Chef is currently under development and will deal with the support from BigFix Console of the whole Chef infrastructure made by one Chef Server, many Chef Workstations (among them there's one considered as primary) and many Chef clients or nodes.
The difference with the stage 1 is that we're removing the limitation to manage just endpoints running Chef-Solo, being able to monitor and manage all the Chef components from a single interface.
There will be many management capabilities from BigFix Console, including the monitoring and management of Chef Workstations that is currently not available even in the Chef Server UI.
Additional infrastructural details and use cases will be added into this blog as soon as the new content will be available.