Deploying the Chef shared service

Configure and deploy the Chef shared service to connect Cloud Pak System with your Chef server.

Before you begin

Chef clients that are installed on instances on Cloud Pak System use this shared service to communicate with the Chef server.

You must be assigned either the Workload resources administration with Full permission or the cloud administrator role to complete this task.

About this task

The Chef shared service instance is an external shared service, and can be used by all instances in the environment (across multiple cloud groups), including multiple systems in a multisystem environment. If needed, you can define access control on the Chef server by using organizations.
Restriction:
  • Only Chef server 12 and later is supported. Earlier versions of Chef are not supported.
  • SSH access to the Chef server is not supported; therefore, do not set up SSH access when you deploy the Chef shared service.

Procedure

  1. Click Patterns > Shared Services.
  2. Expand the External Chef Server section.
  3. Click Deploy in the Actions column of the External Chef Server (External) <version> shared service.
    Continue deploying the shared service. For detailed steps, see Deploying shared services.
  4. Configure the specific properties for the shared service:
    Chef Server URL
    Required. Specify the URL for your existing Chef server.

    The Chef server organization is required in the Chef server URL. For example, https://<CHEF_SERVER_HOST_NAME>/organizations/<ORGANIZATION_NAME>.

    Validation Key
    Required. Specify the validation key for your existing Chef server.

    Use the validation key for the organization that was specified in the Chef server URL. This key is generated when you create the organization through the Chef server console (typically the file name is /etc/chef/validation.pem).

    Chef Server SSL Certificate File
    Required. Specify the SSL Certificate File for your existing Chef server.

    The certificate file is in the /var/opt/opscode/nginx/ca directory on the Chef server. The file name is <CHEF_SERVER_HOSTNAME>.crt.

    Proxy URL for Chef Client
    Optional. If the system must use a proxy server to access the Chef server, specify the proxy server's URL and port. For example, http://1xx.19.0.2:3128.
    Restriction: Proxy servers that require authentication are not currently supported.
    No proxy for
    Optional. If a proxy server is in use, specify a comma-separated list of any URLs that do not need the proxy for access, such as localhost.
    Gem Repository URL for Chef Recipes
    Optional. Specify the URL to download Ruby files if they are needed by a Chef recipe. For example, https://rubygems.org/.
    Proxy URL for Gem Repository
    Optional. If the system must use a proxy server to access the Gem Repository, specify the proxy server's URL and port. For example, http://1xx.19.0.2:3128.
  5. Continue deploying the shared service. For detailed steps, see Deploying shared services.

    The shared service deploys.

  6. After a short time, a message displays at the top of the deployment page: The instance 'External Chef Server' is launching. You can check the status by clicking here.. Click the link in the message to change to the Shared Service Instances page.
  7. Wait until the shared service status is in a Running state before you deploy any patterns that use the Chef client.

What to do next

Add the Chef software component to patterns so that you can use Chef services for instances.