This how-to will walk you through a basic bootstrap scenario for an Azure VM. By following this guide, you'll accomplish the following:
- Create a Blob Storage Container in Azure that contains your bootstrap scrip and validation pem.
- Create an ARM Template that reads the contents of the Blob Storage Container and deploys a VM with Chef Infra Client boostrapped and registered to your Chef Infra Server.
- Validate the VM has been deployed and is checking into Automate.
Assumptions -- This guide assumes that you, as the reader, have the following already setup.
- A working Azure account with the following already created:
- Permissions to create:
- Virtual Machine
- Virtual NIC
- Virtual Network
- Public IP
- Storage Account
- Disk
- Permissions to create:
- Access to the proper Windows Azure ./images.
- 2016-Datacenter (this is what's used in the guide)
- Windows Azure Powershell
2.7.0(This was tested on a Windows 10 workstation)
Versions Tested On
- Chef Infra Client |
15.3.14 - Chef Infra Server |
12.17.33 - Chef Automate |
20190904132002
In this step, you're going to pull down the example bootstrap script from this repo, you'll modify it, and get it ready to upload along with your validation pem for the next step.
- Pull down the bootstrap.ps1 and put it into a directory on your local workstation.
- Open the file in your favorite editor and update all of the variables on lines 4-15 to match your setup. Only change things past line 15 if you know what you're doing.
- Next, go get your validator pem file and put it in the same directory, make sure the name of the validator file is the same as your validator name.
- Finally, pull down the azuredeploy.json and azuredeploy.parameters.json files and put them into the same working directory as the other files.
- Once these 4 files are ready to go, move on to Part 2.
We're going to create the storage account + container in the Azure GUI, I know this can be done using Terraform, ARM templates, etc... but for the sake of this excercise, it's good to walk through the process first.
- In Azure, click "Storage Accounts" -> then "+ Add"
- Fill out the first tab, in my example below, I create a new Resource Group, however you can use an existing one if you'd like:
- Next, click "Review + Create" - you can go through all of the steps in the wizard if you'd like, but we're just going to get'er'done here. Once you confirm, you'll be taken to a page that says "Your deployment is underway" - just wait for that to complete before moving on.
- Once it completes, click on "Go to resource"
- Click on the box labelled "Blobs"
- Click on the "+ Container" an create a new container named "client-bootstrap", leave it as private.
- Click on your newly created container, you should now see nothing in it.
- Next, click "Upload" and upload the 2 files you staged in Part 1.
- You should now see both files in the container as below, my client is named "dbright" so my validator is named
dbright.pem.
- Now, for each file, we're going to generate an SAS token, so first click on the
bootstrap.ps1file, then click on the "Generate SAS" tab. - Change the settings to your liking, you can set the token to expire quickly or make it longer lived. Ideally, this will be part of a pipeline process so the tokens should always be short-lived.
- Next, click "Generate blob SAS token and URL"
- Copy the "Blob SAS URL".
- Open up the
azuredeploy.parameters.jsonfile you pulled down in Part 1. Update the value for thebootstrapURLparameter with the URL you copied in the previous step. - Repeat the process for the
VALIDATOR.pem, making usre the URL is updated in the parameters file as well. - Verify that all other parameters have been set (especially if the say
CHANGEME!)
- In Windows, open Powershell and navigate to the directory you have your files stored in.
- Be sure to logon to Azure by using
Connect-AzAccountbefore proceeding. - Next, change the following code snippet to match your ResourceGroupName and run it you can also change
ChefClientBootstrapto whatever you want:New-AzResourceGroupDeployment -Name ChefClientBootstrap -ResourceGroupName CHANGEME ` -TemplateFile ./azuredeploy.json ` -TemplateParameterFile ./azuredeploy.parameters.json
- You can follow-along in Azure if you want, however I just open up Automate and wait to see my new node get created on the dashboard. Once I see it, I can also go inspect the Chef Infra Client run to see if it converged succesfully. I've found this can take up to 10 minutes, so be patient. Here's my node showing up in Automate:
- Here's what my completed Powershell output looks like:
PS C:\git\azure-bootstrap\chef-client-policyfiles> New-AzResourceGroupDeployment -Name ChefClientBootstrap -ResourceGroupName dbright ` >> -TemplateFile ./azuredeploy.json ` >> -TemplateParameterFile ./azuredeploy.parameters.json DeploymentName : ChefClientBootstrap ResourceGroupName : dbright ProvisioningState : Succeeded Timestamp : 9/26/2019 3:17:35 PM Mode : Incremental TemplateLink : Parameters : Name Type Value ================== ========================= ========== adminUsername String dbright adminPassword SecureString dnsLabelPrefix String myawsmvm01 bootstrapURL SecureString validatorURL SecureString vNicName String myVNic vNetName String myVNet pubIPName String myPubIP vmName String dbrighttest01 windowsOSVersion String 2016-Datacenter location String eastus Outputs : Name Type Value =============== ========================= ========== hostname String myawsmvm01.eastus.cloudapp.azure.com DeploymentDebugLogLevel :
- [This section should be updated regularly as people ask about certain behaviours and you answer questions related to this example.]