Overview

Skill Level: Intermediate

This tutorial describes how an organization can integrate an existing Chef server with IBM Cloud Automation Manager. Integrating an existing Chef server with IBM Cloud Automation Manager provides the benefit of automation content (Chef Cookbooks and Terraform templates) provided by IBM while minimizing the operational costs of managing an additional Chef server.

Chef Cookbooks and Terraform templates are available from IBM for Cloud Automation Manager customers.

Automation content exists for middleware products such as:

IBM DB2
IBM WebSphere Application Server Network Deployment
IBM MQ
and more …

Within CAM, the Content Runtime describes the configuration of the set of resources which are required to provision and manage middleware workloads with the IBM provided automation.

At a high-level, the Content Runtime configuration includes:

– Chef server
– Software repository
– Pattern Manager

The step by step instructions which follow, describe the common case where a Chef server already exists in the organization. Instead of installing a new Chef server, the Content Runtime configuration can use the existing Chef server.

NOTE: This tutorial is not intended to explain all aspects of the Cloud Automation Manager Content Runtime.

Prerequisites

Steps will vary for deployment of the Content Runtime in different Cloud environments.

The following steps describe in detail the VMware Lab was setup for this scenario. General steps can be followed for similar scenario in other cloud environments. See documentation  on Content Runtimes

Prior to completing this content management objective, the following must be completed.

  • A running instance of IBM Cloud Private with Cloud Automation Manager in VMware.
  • A general understanding of the IBM Cloud Automation Manager Content Runtime.
  • An existing Chef Server (Min Version 12.11.1) network accessible by Cloud Automation Manager.
  • A VMware cloud environment to target new deployments.
  • Access to the internet to download install content runtime components and load in the Chef cookbooks.

Refer to the IBM Cloud Automation Manager Knowledge Center for fulfilling the CAM-related prerequisites.

In order to use an existing Chef server when deploying a Content Runtime, the following will be needed.

  • The Chef server, needs to have a static IP address assigned to it.
    • This IP address must be accessible from the Content Runtime.
  • Chef server Organization name
  • Chef Administrator username
  • Chef Server FQDN
  • Server Certficiaste – Base 64 Encoded

For more information on how to perform these steps, please refer to Chef’s documentation.

Note: When creating a user, by default, the chef-server-ctl user-create command will print the certificate file for the new user to the standard output. To store this result in a file, use the -f option.

 

A worksheet is available from Github, which summarizes the list of input parameters that are common between IBM Cloud Automation Manager template deployments. It is meant to be used as a guide when preparing for creating an instance of a template based on the cloud that is going to be used.

Step-by-step

  1. Learn Content Runtime deployment – overview

     The following diagram summarizes the content runtime deployment:

    • Deploys a Virtual Machine
      • installs docker
      • loads pattern manager
      • loads software repositorty
    • Connects Pattern Manager with existing Chef Server instance

    Use Existing Chef Server

     

    Practioners will need to work with their local teams to collect the information:

    • VMware Environment details
    • Network IP details

     

    For more information, see the VMware Content Runtime template variables  knowledge center documentation.

  2. Collect information for Content Runtime deployment – Cloud Provider Group

    Cloud Provider – VMWARE Environment

    Parameter Description Example Value
    vSphere Datacenter The name of a Datacenter in which to launch the virtual machine. DC01
    vSphere Disk Datastore Datastore for the created disks. Two disk are created, one for the OS template, the other for the data including the software repository content DC01/SANDISK01
    Domain name Content Runtime Virtual Machine’s domain name ibm.com
    CPU cores The number of CPU cores to allocate for the Content Runtime. The default value is sufficient for the Content Runtime 4
    RAM The amount of RAM to allocate for the virtual machine. The default value is sufficient for the Content Runtime 8192
    Size of image disk (in GBs) The size of the disk for the Content Runtime. It must be equal or larger than the provided image 25
    Size of data disk (in GBs) The size of the data disk for the Content Runtime, and Software Repository 100
    Network interface label Label to assign to this network interface. PortGroup1
    Static IPv4 Static IPv4 address to be assigned to this network interface for the Content Runtime VM. The address must be a static IP. 192.168.0.10
    Gateway IP address IPv4 gateway address to be used 192.168.0.1
    IPv4 prefix length (CIDR) Integer value between 1 and 32 for the prefix length, CIDR, to use when statically assigning an IPv4 address 24
    OS Template Name The VMware Template to be cloned Ubuntu16Template
    Template image’s username The user name to use while configuring the Content Runtime VM root
    Template image’s password The password to use for the provided SSH user name while configuring the Content Runtime VM. The password is optional if an SSH key is provided. sup3r$ecret
    Template image’s private key for SSH connection – Base 64 encoded A base 64 encoded SSH private key used for configuring the Content Runtime virtual machine. This key is optional if a password is specified. ¬†

     

  3. Collect information for Content Runtime deployment – Cloud Provider Optional Settings Group

     

    Cloud Provider Optional Settings Group

    Parameter Description Example Value
    vSphere Folder Name of the vSphere folder where the VM is created ContentRuntimes
    Keep Disks On Remove Should disks be kept on vSphere even if the virtual machine is destroyed? false
    vSphere Network Adapter Type Network interface type vmxnet3
    DNS servers List of DNS servers for the virtual network adapter. For more than one DNS, the values can be entered by adding more fields. corporate DNS Servers eg 192.168.0.5
    DNS suffix list List of DNS suffixes for the virtual network adapter. For more than one suffix, the values can be entered by adding more fields Corportate DNS Suffix eg ibm.com
  4. Collect information for Content Runtime deployment – Docker and Chef Group

    Docker & Chef Settings

    Parameter Description Example Value
    Docker Registry Docker registry to pull the Content Runtime docker images. The images by default reside on public docker hub. The value is read only as to inform the users as to the location which an image is being pulled. hub.docker.com
    Chef server Organization Name Chef server Organization name associated with the configuration of the Chef server chef-org
    Chef Administrator Username Chef administrator user name associated with the configuration of the Chef server chef-admin
    Chef Server FQDN Chef Server FQDN chefserver.ibm.com
    Chef Server IP Address Chef Server Static IPv4 Address 192.168.0.9
    Chef Server Certificate – Base 64 Encoded The certificate (usually .pem format) containing the private key associated to the provided Chef user in the server. This key allows the Pattern Manager to perform requests to the Chef server. See below
    Install Chef Cookbooks This input represents the option to install the set of cookbooks that are usually bundled on a Content Runtime deployment. If needed, this value can be set to False and cookbooks can be loaded manually into the server by following Cloud Automation Content APIs. True

     

    Obtaining the Chef server FQDN
    The fully qualified domain name of the existing Chef server can be obtained from the /etc/hosts file. It contains the machine’s hostname and its associated domain name.

    Obtaining the Chef server certificate
    When a new user is created with the user-create option in chef-server-ctl, its private key is displayed in the standard output. This value can be copied into a file or the -f option can be used to automatically store it in a specific location.

    If the existing Chef server was created using a Content Runtime deployment, then by default the created organization would be named chef-org and its user chef-admin. The .pem file in this case can be found at /etc/opscode/chef-admin.pem.

    Base 64 encoding
    To encode the .pem file into base 64, use the following command in a terminal window:

    base64 <filename>.pem -w 0

    The resulting value should be provided in the ‘Chef Server Certificate – Base 64 Encoded’ field.

  5. Collect information for Content Runtime deployment – CAM Parameters Group

    CAM Parameters Group

    Parameter Description Example Value
    Content Runtime Host Name The host name of the virtual machine being created to be used as the Content Runtime. The name is just the host name and not the fully qualified host name. vmware-content-runtime1
    Pattern Manager Access Passphrase Passphrase used to access the REST API calls to the Pattern Manager. sup3r$ecret1
    Pattern Manager Administration Passphrase Administration passphrase used to access the administrative REST API calls to the Pattern Manager sup3r$ecret2
    Key Name for Pattern Manager key set

    For Amazon and IBM clouds, the key must exist as a resource.

    For other provider types, the content is simply the name associated with the key

    ContentRuntimeKeyVMware
    Private Key for Pattern Manager – Base 64 encoded Private key to be used by Pattern Manager to communicate with the newly instantiated VM. The key should be base64 encoded. See Below
    Public Key for Pattern Manager Public key to be used by Pattern Manager to communicate with the newly instantiated VM. See Below
    User’s Public Key Public key added to the Content Runtime VM’s authorized_keys file to allow access using the associated private key. ¬†

    SSH public and private keys.

    They can be generated with the following commands:

    In macOs: 
    ssh-keygen -t rsa -f [output_keyfile] -N "" -C "";base64 [output_keyfile] > [output_keyfile].enc

    In Unix:
    ssh-keygen -t rsa -f [output_keyfile] -N "" -C ""; base64 -w 0 [output_keyfile] > [output_keyfile].enc

    The [output_keyfile].enc output file is the encoded private key used. The [output_keyfile].pub file is the public key. The content of these files are used as input to the template.

  6. Collect information for Content Runtime deployment – Software Respository Group

    Software Repository Group

    Parameter Description Example Value
    Software Repository Username Username to access the Software Repository repouser
    Password for Software Repository Password for Software Repository User. The combination of user name and password is required to access the Software Repository. Sup3r$cret
    Software Repository Port Number Port number for Software Repository HTTP access. 8888
    Software Repository Secure Port Number Port number for Software Repository HTTPS access 9999

     

  7. Collect information for Content Runtime deployment – Additional Settings Group

    Additional Settings Group

    Parameter Example Value Description Example Value
    Network Visibility The network connection associated with the Content Runtime VM instance. If network visibility is private, connection must exist from the IBM Cloud Private to the network connection associated with the Content Runtime VM being created. public
    Prerequisite checker strictness If set to strict, the prerequisite checker stops execution if one or more requirements is not installed. If set to lenient, If set to lenient, the prerequisite checker proceeds to install any missing requirement. lenient

     

  8. Deploy the Content Runtime with existing Chef Server template

    Using the worksheet above to fill in the values

    In order to deploy a Content Runtime that will connect to an external Chef server, a custom template needs to be selected.

    1. Start the creation process by displaying the top left menu, and selecting Manage > Content Runtimes in the Cloud Automation Manager user interface.
    2. Click Create Content Runtime.
    3. Enter a descriptive name for your Content Runtime.
    4. Select the Cloud Provider.
      From the dropdown select the option CAM Content Runtime with existing Chef Server
    5. Using the worksheet above to fill in the values
    6. Click Deploy

     

    Verification of the Install

    The verification script bundled with the Content Runtime deployment should be able to establish a connection to the external Chef server and obtain the number of existing cookbooks and roles. If this step is successful, the Logs section should display messages like the following

    Note: If practioner selected “Install Cookbooks” to false, you won’t see the cookbook count.

    null_resource.call_launcher (remote-exec): [INFORMATIONAL] An external Chef server was configured on installation
    ...
    null_resource.call_launcher (remote-exec): [SUCCESS] Chef Cookbooks verified successfully
    null_resource.call_launcher (remote-exec): [SUCCESS] Cookbooks response verified successfully
    null_resource.call_launcher (remote-exec): [SUCCESS] Total Chef Cookbook count 13
    null_resource.call_launcher (remote-exec): [SUCCESS] Total Chef role count 38

Expected outcome

By the end of this tutorial, the practitioner will be familiar with the processes and procedures required to deploy a content runtime with existing Chef Server in IBM Cloud Automation Manager.

IBM Cloud Automation Manager is now ready to deploy Middleware Templates (follow the steps in the following Knowledge Center. IBM Chef cookbooks are available from GitHub or you can load your own cookbooks via the Pattern Manager API.

 

A worksheet is available from Github, which summarizes the list of input parameters that are common between IBM Cloud Automation Manager template deployments. It is meant to be used as a guide when preparing for creating an instance of a template based on the cloud that is going to be used.

Join The Discussion

Your email address will not be published. Required fields are marked *