Chef Legacy¶
Archived (pre-2022)
Preserved for reference only -- likely outdated. View original | Last updated: September 2020
Prehistory¶
Back in 2017 there was a time when we had OnPremise DataCenter based infrastructure with dozens of servers. To manage this server fleet we were using configuration management tool - Chef. Because of the high complexity of the cookbooks written for that old infrastructure it's very difficult to update the Chef Server, in fact, it's more difficult than supporting the old Chef setup. Updating old Chef Server doesn't make much sense, because we are planning to gradually upgrade the dependant infrastructure components and sunset Chef completely.
Present¶
Nowadays, in uncertain 2020 we moved all infrastructure to the AWS Cloud, while rewriting the old infrastructure components. Therefore, some of them still rely on the old Chef Server to have their configurations managed. Furthermore, this Chef Server was deployed in the Hetzner Cloud which we were planning to sunset. So it was decided to move the old buddy to the AWS Cloud as is. And so it was done.
Here is the list of infra components depending on Chef Legacy:
| Component | Connected to AWS Chef Legacy |
|---|---|
| ELK Cluster | done |
| OFW Cluster | done |
| ENG Cluster | done |
| KFK Cluster | done |
| WRK Cluster | done |
| ECL Cluster | done |
All clusters can be connected to the AWS Chef Legacy, the status is showing which servers were connected and tested (i.e. successful chef run was made)
Information for DevOps¶
Endpoint
The Chef Legacy server is available through SSH at chef-forever.prd-aws.fyber.com. You can find organisation validation key under /chef/ directory. If you didn't manage to create the admin chef user, please do so by following this manual: Server Users
Switching Chef Node from Old Chef to Chef Legacy¶
- Remove both client.pem and validaton.pem from /etc/chef
- Upload fyber_validator.pem from the Chef Legacy to the server, put it to the /etc/chef/ directory
- Edit /etc/chef/client.rb file:
- replace chef_server_url to "Chef Forever - Fyber"
- change validation_keyto "/etc/chef/fyber_validator.pem"
- Make a chef-run:
Knife Configuration Example¶
log_level :info
log_location STDOUT
node_name 'skruglov'
client_key "/Users/skruglov/.chef/client_#{ENV['CHEFSERVER']}.pem" # Key that got generated when you created chef user
knife[:editor]="/usr/bin/vim"
knife[:vault_mode]="client"
ssl_verify_mode :verify_none
### AWS Chef Core Central Production
if ENV['CHEFSERVER'] == 'aws'
chef_server_url 'https://chef.prd-aws.fyber.com/organizations/fyber'
cookbook_path ["/Users/skruglov/Repos/aws-infrastructure-code/chef-ng/cookbooks"] # use your cookbook path
### AWS Chef Legacy
elsif ENV['CHEFSERVER'] == 'forever'
chef_server_url 'https://chef-forever.prd-aws.fyber.com/organizations/fyber'
node_name 'master_chef' # username you used when created chef user
cookbook_path ["/Users/skruglov/Repositories/chef-forever/cookbooks"] # use your cookbook path
Future¶
In the bright future one of the following things should happen: either we invest time to rewriting the configuration and migrating the cookbooks to the modern version Chef Server (i.e. Chef Core Central), or we will completely sunset Chef by containerising the apps and using stateless approach.