Skip to main content

On-Premises Deployment with AWS Managed Database

Note

Chef Automate 4.10.1 released on 6th September 2023 includes improvements to the deployment and installation experience of Automate HA. Please read the blog to learn more about key improvements. Refer to the pre-requisites page (On-Premises, AWS) and plan your usage with your customer success manager or account manager.

This section will discuss deploying Chef Automate HA on-premises machines with AWS Managed Database. Please see the On-Premises Prerequisites page and move ahead with the following sections of this page.

Warning

  • If SELinux is enabled, deployment with configure it to permissive (Usually in case of RHEL SELinux is enabled)
  • The SSH user should have execute permissions on the /tmp directory.

Generate configuration file

  1. Generate config using the below command:
sudo chef-automate config gen config.toml

You can also view the Sample Config.

Note

You can also generate a configuration file using the init-config subcommand. The command is as shown below:

chef-automate init-config-ha existing_infra

Verify Configuration file

  1. We verify the above config using the below command:

    sudo chef-automate verify -c config.toml
    

    To know more about config verify, you can check Config Verify Doc page.

    Once the verification is successfully completed, then proceed with deployment, In case of failure, please fix the issue and re-run the verify command.

Steps to Deploy

The following command will run the deployment. The deploy command will first run the verify command internally, to skip verification process during deploy command use --skip-verify flag

 chef-automate deploy config.toml --airgap-bundle automate.aib

To skip verification in the deployment command, use --skip-verify flag

 chef-automate deploy config.toml --airgap-bundle automate.aib --skip-verify

Verify Deployment

  1. Once the deployment is successful, Get the consolidated status of the cluster

     chef-automate status summary
    
  2. Get the service status from each node

     chef-automate status
    
  3. Post Deployment, you can run the verification command

     chef-automate verify
    
  4. Get the cluster Info

     chef-automate info
    

Check if Chef Automate UI is accessible by going to (Domain used for Chef Automate) https://chefautomate.example.com.

After successful deployment, proceed with the following:

  1. Create users and organizations
  2. Workstation setup
  3. Node bootstrapping

Backup/Restore

A shared file system is always required to create OpenSearch snapshots. To register the snapshot repository using OpenSearch, it is necessary to mount the same shared filesystem to the exact location on all master and data nodes. To know more about the backup and restore configuration, see On-Premise Deployment using Filesystem or using Object Storage.

Add/Remove Nodes

The Chef Automate commands require some arguments so that it can determine which types of nodes you want to add or remove to/from your HA setup from your bastion host. To know more see Add Nodes to the Deployment to add nodes and Remove Single Node from Cluster to remove nodes.

Patch Configs

The bastion server can patch new configurations in all nodes. To know more see Patch Configuration section.

Sample Config to setup On-Premise Deployment with AWS Managed Services

[architecture]
  [architecture.existing_infra]
    ssh_user = "ec2-user"
    ssh_group_name = "ec2-user"
    ssh_key_file = "/home/ec2-user/KEY_FILENAME.pem"
    ssh_port = "22"
    secrets_key_file = "/hab/a2_deploy_workspace/secrets.key"
    secrets_store_file = "/hab/a2_deploy_workspace/secrets.json"
    architecture = "existing_nodes"
    workspace_path = "/hab/a2_deploy_workspace"
    backup_mount = "/mnt/automate_backups"
    backup_config = "object_storage"
[object_storage]
  [object_storage.config]
    bucket_name = "fdjlfdsklfds"
    access_key = "CCAI..............."
    secret_key = "JVS................"
    endpoint = "https://s3.amazonaws.com"
    region = "us-east-2"
[automate]
  [automate.config]
    admin_password = "adminpassword"
    fqdn = "chefautomate.example.com"
    config_file = "configs/automate.toml"
    root_ca = "-----BEGIN CERTIFICATE-----
    -----END CERTIFICATE-----"
    instance_count = "2"
[chef_server]
  [chef_server.config]
    fqdn = "chefinfraserver.example.com"
    lb_root_ca = "-----BEGIN CERTIFICATE-----
    -----END CERTIFICATE-----"
    instance_count = "2"
[opensearch]
  [opensearch.config]
    instance_count = "0"
[postgresql]
  [postgresql.config]
    instance_count = "0"
[existing_infra]
  [existing_infra.config]
    automate_private_ips = ["192.0.0.1", "192.0.0.2"]
    chef_server_private_ips = ["192.0.0.3", "192.0.0.4"]
[external]
  [external.database]
    type = "aws"
    [external.database.postgre_sql]
      instance_url = "pg.aws.com:5432"
      superuser_username = "masteruser"
      superuser_password = "masterpassword"
      dbuser_username = "dbusername"
      dbuser_password = "dbpassword"
    [external.database.open_search]
      opensearch_domain_name = "opensearchdomain"
      opensearch_domain_url = "os.aws.com"
      opensearch_username = "osuser"
      opensearch_user_password = "opensearchpassowrd"
      [external.database.open_search.aws]
        aws_os_snapshot_role_arn = "arn:aws:acm:ap-southeast-2:112758395563:certificate/9b04-6513-4ac5-9332-2ce4e"
        os_snapshot_user_access_key_id = "CCAI..............."
        os_snapshot_user_access_key_secret = "JVS................"

Uninstall Chef Automate HA

To uninstall Chef Automate HA instances after unsuccessful deployment, run the below command in your bastion host.

chef-automate cleanup --onprem-deployment
Edit this page on GitHub

Thank you for your feedback!

×