ericcalabretta

Habitat setup instructions for Windows

1. Download Habitat & unzip to C:\habitat (6.8MB for version 78)

note this assumes version 0.78 of HAb, you'll have to change C:\hab- to whatever version you need

$URL = "https://api.bintray.com/content/habitat/stable/windows/x86_64/hab-%24latest-x86_64-windows.zip?bt_package=hab-x86_64-windows"
Invoke-Webrequest -uri $URL -OutFile habitat.zip
Expand-Archive habitat.zip -DestinationPath C:\
Rename-Item C:\hab-0.78.0-20190313120028-x86_64-windows\ -NewName "habitat"

ericcalabretta

Habitat On-Prem-Builder Depot authentication setup with Chef Automate

Step 1: create a new OAuth Application in Chef Automate

Login into your Automate server and create a file called oauth.toml

bldr_signin_url Is your builder FQDN. The URL should be http if you have SSL disabled which may be the case for an evaluation.

IMPORTANT: don't forget the / at the end of the URL you set for bldr_signin_url

ericcalabretta

driver:
  name: vagrant
  # box: windows-box-name
  # box_url: http://FQDN_to-windows-virtual-box.box
  # box_download_insecure: True
  boot_timeout: 1200
  gui: false

provisioner:
  name: chef_zero

ericcalabretta

driver:
  name: vagrant
  # Air-gap settings to pull box from internal repo
  box: linux-box-name
  box_url: http://URL_to-linux-virtual-box.box
  box_download_insecure: True

provisioner:
  name: chef_zero
  # Air-gap settings to pull chef-client from internal repo

ericcalabretta

Step 1: Set up Chef Automate & Chef Server

Downloads the automate deployment cli curl https://packages.chef.io/files/current/latest/chef-automate-cli/chef-automate_linux_amd64.zip | gunzip - > chef-automate && chmod +x chef-automate

Generate a config file:

sudo ./chef-automate init-config

Make sure fqdn = "yourFQDN" It'll pull this from the system hostname by default

ericcalabretta

include_recipe 'audit::default'

node.default['audit']['reporter'] = 'chef-server-automate'
node.default['audit']['fetcher'] = 'chef-server'

case node['platform']
when 'centos'
  node.default['audit']['profiles']['cis-centos7-level1-server'] = {
    'compliance': 'admin/cis-centos7-level1-server',
    'version': '2.2.0-14'

ericcalabretta

driver:
  name: vagrant
  # Air-gap settings to pull box from internal repo
  box: centoss-7-v202002.04.0
  box_url: http://34.223.67.135:8081/artifactory/example-repo-local/centoss-7-v202002.04.0.box
  box_download_insecure: True

provisioner:
  name: chef_zero
  # Air-gap settings to pull chef-client from internal repo

ericcalabretta

wget http://34.221.48.134:8081/artifactory/example-repo-local/chef-15.8.23-1.el7.x86_64.rpm -O /tmp/chef-15.8.23-1.el7.x86_64.rpm
sudo rpm -ivh /tmp/chef-15.8.23-1.el7.x86_64.rpm

ericcalabretta

Step 1: Configure your workstation to talk to chef-server

First you'll need to install Chef-Workstation on your laptop. This includes all the tools you need to use Chef.

https://downloads.chef.io/chef-workstation/0.17.5

Test your chef-workstation install with chef --version command.

Chef Workstation version: 0.7.4

ericcalabretta

Bootstrap chef client with Validator Bootstrap Option

To bootstrap a node we need to install install Chef-Client and configure Chef-Client to talk to Chef-Server.

The validator bootstrap option has the client bootstrap itself, and is commonly used with another tool like vRA, Terraform or SCCM to perform the initial fleet bootstrap.

Steps:

1. Download appropriate chef-client from https://downloads.chef.io/