Using an existing Chef server when deploying a Content Runtime

Using the Content Runtime templates, you can provide an existing Chef server to which the Pattern Manager will connect.

Requirements

To use an existing Chef server when deploying a Content Runtime, the following are needed:

  • The Chef server needs to have a static IP address assigned to it.

    Note: This IP address must be accessible from the Content Runtime.

  • A user has to be created in the existing Chef server and associated to an organization. For more information on how to perform these steps, see Chef's documentation External link icon.

    Note: When creating a user, by default, the chef-server-ctl user-create command will print the certificate file for the new user to the standard output. To store this result in a file, use the -f option.

Procedure

To deploy a Content Runtime that will connect to an external Chef server, a custom template needs to be selected.

  1. Start the creation process by selecting Manage > Content runtimes in the Managed services.

  2. Click Create content runtime.

  3. Enter a descriptive name for your Content Runtime.

  4. Select the Cloud Provider. (Note: Select Other as cloud provider for offline install).

  5. From the dropdown select the option CAM Content Runtime with existing Chef Server

  6. The additional fields that need to be filled in are:

    • Chef Server FQDN: This is the fully qualified domain name of the Chef server.
    • Chef Server IP Address: The static IPv4 address of the existing Chef server.
    • Chef Server Certificate - Base 64 Encoded: The certificate (usually .pem format) containing the private key associated to the provided Chef user in the server. This key allows the Pattern Manager to perform requests to the Chef server.
    • Install Chef Cookbooks This input represents the option to install the set of cookbooks that are usually bundled on a Content Runtime deployment. If needed, this value can be set to False and cookbooks can be loaded manually into the server by following Managed services Content APIs.

  7. Click Deploy.

Input Parameters

The following tables contain a complete list of all the input parameters available in these templates

Obtaining the Chef server FQDN

The fully qualified domain name of the existing Chef server can be obtained from the /etc/hosts file. It contains the machine's hostname and its associated domain name.

Obtaining the Chef server certificate

When a new user is created with the user-create option in chef-server-ctl, its private key is displayed in the standard output. This value can be copied into a file or the -f option can be used to automatically store it in a specific location.

If the existing Chef server was created using a Content Runtime deployment, then by default the created organization would be named chef-org and its user chef-admin. The .pem file in this case can be found at /etc/opscode/chef-admin.pem.

Base 64 encoding

To encode the .pem file into base 64, use the following command in a terminal window:

bash
base64 <filename>.pem -w 0

The resulting value must be provided in the Chef Server Certificate - Base 64 Encoded field.

Verifying Installation

The verification script bundled with the Content Runtime deployment should be able to establish a connection to the external Chef server and obtain the number of existing cookbooks and roles. If this step is successful, the Logs section displays the following messages:

bash
null_resource.call_launcher (remote-exec): [INFORMATIONAL] An external Chef server was configured on installation
...
null_resource.call_launcher (remote-exec): [SUCCESS] Chef Cookbooks verified successfully
null_resource.call_launcher (remote-exec): [SUCCESS] Cookbooks response verified successfully
null_resource.call_launcher (remote-exec): [SUCCESS] Total Chef Cookbook count 13
null_resource.call_launcher (remote-exec): [SUCCESS] Total Chef role count 38