CHEF Server Workflows

CHEF Server Workflows

Have you ever wanted orchestrate nodes, roles, data bags, attributes, etc. on a Chef Server?  Give this plugin and package a try!  Try the official Chef Plugin for vRealize Orchestrator‌ !

See the attached pdf for a workflow listing and documentation of the workflows in this package:

chef1.pngchef2.pngchef3.png

This solution interfaces directly with the Chef Server REST API.  Works with all three variations of Chef (Open Source, Private, Hosted).

Workflows that interact with the guest OS for Chef-Client first run use either SSH or VMtools with workflows from: Guest script manager package

The plugin helps with signing the authentication headers as required by the Chef API.  The rest of this solution is pure vCO JavaScript.

Dependencies: HTTP-REST Plugin.

To install:  The attached zip contains 2 files:

  • o11nplugin-chef.dar - Install as a plugin through the vCO configuration interface.  This plugin only has a single method to aid in signing requests
  • com.vmware.pso.chef.<date>.package - The package of vCO workflows and actions to import.

To get running, simply run the Library/Chef/Add Chef Server workflow.  This workflow will create the REST Host and store your private key per chefHostname and userid.  Use the same chefHostname and userid in any other workflow.  The orgName input is optional but required if you are using private or hosted chef.

The chefHostname input is the name of the REST host the workflows will use.

UPDATES:

  • 07/07/2015
    • Improved vRO 6 compatibility
      • Incorporated Cody Hill's "Add Chef Server" workflow with some minor tweaks.
      • REST Host is no longer automatically created on workflow execution.  If a REST host is not found by the name supplied to chefHostname input, an exception will ask you to run "Add Chef Server" workflow.
    • Added client private key input (pem) to all API related workflows.
    • Added Global workflows for managing Private Chef orgs and users.  Requires the pem of the pivotal user of the Chef server.
    • Fixed workflows that update a runlist for a node or a role.
    • Fixed required inputs of most workflows. chefHostname, userid are required when present.
    • Improved open source Chef compatibility with workflows in the Linux/SSH, Linux/VMtools and Windows/VMtools folders.
      • The name of the validator key for open source chef is defined in the configuration element: Library/Chef/Chef Globals
    • Knife bootstrap hostname and credentials is now defined in the configuration element: Library/Chef/Chef Globals
  • 1/11/2015:
    • Reduced verbosity of logging by default.  Debug logging can be enabled per Chef Server using Toggle Debug Logging workflow.
    • Removed RESTHostManager.reloadConfiguration() call from every Chef Server API Execution improving performance.
    • The orgName input is automatically hidden from the presentation if target Chef Server is an open source variant.
    • The client private key can be provided as an input to any Chef Server workflow.  This is useful if you are storing your private keys elsewhere (besides the Chef Private Keys Configuration Element) or reading it from a guest OS as in: Linux VMTools Delete Instance with own key workflow which deletes a Node and Client with it's own key.
    • Tag Node and Untag Node workflows add or remove Knife tags on nodes.
    • Chef-Client first run workflows for Linux via SSH and VMtools.
    • Chef-Client first run workflows for Windows via VMtools.
  • 11/16/2013:
    • Refactored hashing and encryption actions to reuse actions from CryptoJS Hashers and Ciphers
    • Much more granular data bag support.  Workflows to retrieve, add/update, delete individual data bag item attributes.
    • More complete encrypted data bag support.  Workflows to add encrypted data bag item attributes, convert data bag items from cleartext to/from encrypted.
Attachments
1_o11n_Chef.zip
o11n_Chef.zip
o11n_Chef_20150707.zip
o11n_Chef_20150111.zip
Comments
DefiantFrog
‎10-28-2014 03:27 AM
‎10-28-2014 03:27 AM

Brilliant.  All working nicely when you know what it's doing!  Although, if you ever come to refresh this, I am finding that when registering a new node in Chef using the Register Node workflow, the workflow ends successfully even if the Chef client doesn't actually deploy successfully.  The issue I have personally faced that brought this to light is the end-point node can't resolve the chef server hostname in DNS.  Obviously, it's an easy fix, but it'd be nice if there was some way of throwing an exception instead of being successful.

That said though, I am new to both Chef and vCO, and to have an incredibly easy way of linking the two and have it all just work out of the box has saved me probably weeks of headaches.  Thank you! Smiley Happy

Dan_Linsley
‎10-28-2014 09:56 PM
‎10-28-2014 09:56 PM

Thanks for the feedback!  Good test case to check with.  I'll check what the expected return codes are for chef-client and make sure they are captured correctly via SSH in vCO.

c0dyhi11
‎02-20-2015 06:48 AM
‎02-20-2015 06:48 AM

This is an amazing help to us.

Before this we were shelling out and running knife commands via VCO.

This should allow us to do a lot more.

One bit of feedback.

There is no "Config" section of the workflows.

I did as you said and imported my pem key. Then I ran the "Get Clients" workflow to see how it works.

And the workflow requires an organization.

Since I'm running open source chef that didn't work for me.

Typing in opensource didn't help either.

So, I dug through your presentation tab and realized that the rest-host needs to be flagged with opensource=true

I had no clue how to do that... I finally stumbled across your "Toggle Debug Logging" workflow and saw it needs to be done inside a scriptable task.

So I decided to write a workflow that handles this and wraps a few of your own workflows together.

I named this workflow "Add Chef Server" and it lives in {VCOServer}/Chef Configuration/

Here is a link where you can download the workflow package: http://www.codyhill.co/vco/vco-chef-config.zip

And here is a link to the workflow documentation: http://www.codyhill.co/vco/Add-Chef-Server.2015-02-20.pdf


The workflow does the following:

Imports the SSL cert for your chef-server.

Adds your chef server as a rest-host.

Saves your chef server, chef user, & chef user private key as a configuration element

Asks whether or not to add the debug flag to the chef server.

Asks whether or not to add the open source flag to the chef server.

Asks whether or not a proxy is needed to connect to the chef server, and then configures the proxy if needed.


This is my first public workflow. Please be gentle.

I hope this helps someone else.

Thank you,

Cody Hill

Dan_Linsley
‎02-20-2015 07:40 AM
‎02-20-2015 07:40 AM

Glad you found this valuable Cody!

The idea behind how I designed this is that is would configure / create the REST hosts on the fly.  This might be tricky with opensource hosts now on the latest update as you have found.  The first workflow run may fail, but subsequent runs once the REST host is defined should hide the orgName input in the presentation.

I didn't account for proxy usage, so your config workflow is a great idea.

victorfondevill
‎11-02-2015 03:15 AM
‎11-02-2015 03:15 AM

I'm trying to use this plugin + Chef OpenSource 12.2.0-1 and the /clients URL is not working. Can you confirm if the plugin is compatible with that version of Chef OpenSource?

Greets!

Atiniir
‎12-02-2015 06:43 PM
‎12-02-2015 06:43 PM

Running Get Cookbooks and Get Organizations (the workflows i've tried so far) I keep getting the error "ReferenceError: "ChefAuthUtil" is not defined. (Dynamic Script Module name : executeRequest#52) - chef.example.com"

Atiniir
‎12-03-2015 12:58 PM
‎12-03-2015 12:58 PM

Turns out i forgot to restart the vRO service after installing the .dar via vRO configuration. Leaving this here in case someone else does the same thing.

Version history
Revision #:
1 of 1
Last update:
‎10-10-2013 04:27 AM
Updated by:
VMware Employee
 
View Article History