Achieve compliance with AWS OpsWorks for Chef Automate (Example)
The demo is based on a webinar presented by Mark Rambow and me. This repository follows the pattern of the webinar by showcasing how continuous compliance is applied with AWS OpsWorks. Since OpsWorks is based on Chef Automate, it works very similar with Chef Automate standalone.
The blog post is walking you through all the details.
This zip file starts you out with a simple example of a Chef repository that is preconfigured to work with an AWS OpsWorks Chef Automate server. In this repository, you store cookbooks, roles, configuration files, and other artifacts for managing systems with Chef. It is recommended that you store this repository in a version control system such as Git, and treat it like source code.
This repository contains several directories. Each directory contains a README file that describes the directory's purpose, and how to use it for managing your systems with Chef.
cookbooks/- Cookbooks that you download or create.
roles/- Stores roles in .rb or .json in the repository.
environments/- Stores environments in .rb or .json in the repository.
.chef is a hidden directory that contains a knife configuration file (knife.rb) and the secret authentication key (private.pem).
knife.rb file is configured so that knife operations will run against the AWS OpsWorks managed Chef Automate server.
Use Berkshelf to get cookbooks from a remote source and install an Apache Web Server
Berkshelf is a tool to help you manage cookbooks and their dependencies. It downloads a specified cookbook into
local storage, also called the Berkshelf. You can specify which cookbooks and versions to use with your Chef server
and upload them. This Starter Kit contains a file, named Berksfile, that can contain your cookbooks.
Also included is the
chef-client cookbook that configures the Chef client agent software on each node that you connect to your Chef server.
To learn more about this cookbook, see Chef Client Cookbook in the Chef Supermarket.
- Using a text editor, append another cookbook to your Berksfile to install software; for example, to install the Apache web server application. Your Berksfile should resemble the following.
source 'https://supermarket.chef.io' cookbook 'chef-client' cookbook 'apache2'
- Download and install the cookbooks on your local computer.
- Upload the cookbook. You'll need to specify the CA-signed certificate that is included with the Starter Kit. On Linux:
SSL_CERT_FILE='.chef/ca_certs/opsworks-cm-ca-2016-root.pem' berks upload
On Windows, run a Chef DK PowerShell command:
$env:SSL_CERT_FILE="ca_certs\opsworks-cm-ca-2016-root.pem"; berks upload Remove-Item Env:\SSL_CERT_FILE
- Verify the installation of the cookbook by showing a list of cookbooks that are currently available on the Chef Automate server.
knife cookbook list
Attach an Amazon EC2 instance to the newly-launched Chef Automate server
- Bootstrap a new Amazon EC2 instance.
knife bootstrap <IP address of the Amazon EC2 instance> -N <instance name> -x <user name> -i <path to your ssh key file> --sudo --run-list "recipe[chef-client],recipe[apache2]"
- Show the new node.
knife client show <instance name> knife node show <instance name>
Learn more about using Chef Automate to configure your systems on the Learn Chef website
Visit the Learn Chef tutorial site to learn more about using AWS Opsworks for Chef Automate.