-->

Chef enables you to deliver automation and desired state configurations.

Jul 09, 2019 Public Key Infrastructure (PKI) security is about using two unique keys: the Public Key is encrypted within your SSL Certificate, while the Private Key is generated on your server and kept secret. All the information sent from a browser to a website server is encrypted with the Public Key, and gets decrypted on the server side with the Private Key.

With the latest cloud API release, Chef provides seamless integration with Azure, giving you the ability to provision and deploy configuration states through a single command.

1. The Chef Infra Server stores cookbooks, the policies that are applied to nodes, and metadata that describes each registered node that is being managed by Chef Infra Client. Nodes use Chef Infra Client to ask the Chef Infra Server for configuration details, such as recipes, templates, and file distributions.
2. Brief quote you have to: chef-server-ctl user-create username firstname lastname email password which will return the rsa key for the user which will be you validation key at end. Chef-server-ctl org-create shortname fullorganizationname -associationuser username To create your organization and associate the previous user as the.
3. Don't ship SSH private keys to nodes with Chef, generate them programmatically with Chef and ship the public key to Chef Server, so it can be searched. For Github/Gitlab/Bitbucket keys, maybe Cassiano Leal's deploykeys cookbook will suit your needs. Here is how I generate and ship a public deploykey to another server with Chef.

In this article, you set up your Chef environment to provision Azure virtual machines and walk through creating a policy or cookbook and then deploying this cookbook to an Azure virtual machine.

Chef basics

Before you begin with this article, review the basic concepts of Chef.

The following diagram shows the high-level Chef architecture.

Chef has three main architectural components:

• Chef Server - The management point and there are two options for the Chef Server: a hosted solution or an on-premises solution.
• Chef Client (node) - The agent that sits on the servers you are managing.
• Chef Workstation - The name for both the admin workstation (where you create policies and run management commands) and the software package of Chef tools.

Generally, you see your workstation as the location where you run commands and Chef Workstation for the software package.

For example, you download the knife command as part of the Chef Workstation, but you run knife commands from your workstation to manage infrastructure.

Chef also uses the concepts of cookbooks and recipes. These terms are the policies that are defined and applied to the servers, respectively.

Preparing your workstation

First, prep your workstation by creating a directory to store Chef configuration files and cookbooks.

Create a directory named C:Chef.

Download and install the latest Azure CLI version on to your workstation.

Configure Azure Service Principal

We'll be using a Service Principal to help us create Azure resources from our Chef Workstation. To create the relevant Service Principal with the required permissions, run the following commands within PowerShell:

Take note of your SubscriptionID, TenantID, ClientID, and Client Secret (the password you set previously in this tutorial) as you will need these values.

Configure Chef Server

This guide assumes that you'll sign up for Hosted Chef.

If you're not already using a Chef Server, you can:

• Sign up for Hosted Chef, which is the fastest way to get started with Chef.
• Install a standalone Chef Server on linux-based machine, following the installation instructions from Chef Docs.

Create a Hosted Chef account

Sign up for a Hosted Chef account here.

During the sign-up process, you will be asked to create a new organization.

Once your organization is created, download the starter kit.

Note

If you receive a prompt warning you that your keys will be reset, it's okay to proceed as we have no existing infrastructure configured as yet.

This starter kit zip file contains your organization configuration files and user key in the .chef directory.

The organization-validator.pem must be downloaded separately, because it's a private key and private keys should not be stored on the Chef Server. From Chef Manage, go into the Administration section, and select 'Reset Validation Key', which provides a file for you to download separately. Save the file to c:chef.

Configure a Chef workstation

Extract the content of the chef-starter.zip to c:chef.

Copy all files under chef-starterchef-repo.chef to your c:chef directory.

Copy the organization-validator.pem file to c:chef, if it's saved in c:Downloads.

Your directory should now look something like the following example.

You should now have five files and four directories (including the empty chef-repo directory) in the root of c:chef.

Edit knife.rb

The PEM files contain your organization and administrative private keys for communication and the knife.rb file contains your knife configuration. We will need to edit the knife.rb file.

Open the knife.rb file in the editor of your choice. The unaltered file should look something like:

Add the following information to your knife.rb, replacing the placeholders with your information:

These lines will ensure that Knife references the cookbooks directory under c:chefcookbooks.

Your knife.rb file should now look similar to the following example:

Install Chef Workstation

Next, download, and install the Chef Workstation.

Install Chef Workstation to the default location.

On the desktop, you'll see a CW PowerShell. This tool is used to interact with Chef products. The CW PowerShell makes new commands available, such as chef-run and Chef CLI commands (such as chef). See your installed version of Chef Workstation and the Chef tools with chef -v. You can also check your Workstation version by selecting About Chef Workstation from the Chef Workstation App.

chef --version should return something like:

Note

The order of the path is important! If your opscode paths are not in the correct order, problems will result.

Reboot your workstation before you continue.

Install Knife Azure

This tutorial assumes that you're using the Azure Resource Manager to interact with your virtual machine.

Install the Knife Azure extension, which includes the Azure Plugin.

Run the following command.

Note

The –-pre argument ensures you are receiving the latest RC version of the Knife Azure Plugin which provides access to the latest set of APIs.

It's likely that a number of dependencies will also be installed at the same time.

To ensure everything is configured correctly, run the following command.

If everything is configured correctly, you will see a list of available Azure images scroll through.

Congratulations. Your workstation is set up!

Chef Server Generate Private Key Ubuntu

Create a Chef cookbook

A cookbook is used by Chef to define a set of commands that you wish to run on your managed client. Creating a cookbook is straightforward, just use the chef generate cookbook command to generate the cookbook template. This cookbook is for a web server that automatically deploys IIS.

Under your C:Chef directory, run the following command.

This command generates a set of files under the directory C:Chefcookbookswebserver. Next, define the set of commands for the Chef client to run on the managed virtual machine.

The commands are stored in the file default.rb. In this file, define a set of commands that installs IIS, starts IIS, and copies a template file to the wwwroot folder.

Modify the C:chefcookbookswebserverrecipesdefault.rb file and add the following lines.

Save the file once you are done.

Create a template

In this step, you'll generate a template file to use as the default.html page.

Run the following command to generate the template:

Navigate to the C:chefcookbookswebservertemplatesdefaultDefault.htm.erb file. Edit the file by adding some simple Hello World HTML code, and then save the file.

Upload the Chef cookbook to the Chef Server

In this step, you make a copy of the cookbook that you have created on the local machine and upload it to the Chef Hosted Server. Once uploaded, the cookbook appears under the Policy tab.

Deploy a virtual machine with Knife Azure

Deploy an Azure virtual machine and apply the Webserver cookbook using the knife command.

The knife command will also install the IIS web service and default web page.

Chef Server Generate Private Key For Pfx

The knife command example creates a Standard_DS2_v2 virtual machine with Windows Server 2016 installed within the West US region. Modify these values to per your app needs.

After running the command, browse to the Azure portal to see your machine begin to provision.

The command prompt appears next.

Chef Server Generate Private Key From Bitcoin Address

Once the deployment is complete, the public IP address of the new virtual machine is displayed. Paste this value into a web browser to view the new website. When we deployed the virtual machine, we opened port 80 so it should be available externally.

This example uses creative HTML code.

You can also view the node's status Chef Manage.

Don't forget you can also connect through an RDP session from the Azure portal via port 3389.

Next steps