-
Notifications
You must be signed in to change notification settings - Fork 438
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* Get SaaS docs started Signed-off-by: Ian Maddaus <ian.maddaus@progress.com> * Add SaaS to search Signed-off-by: Ian Maddaus <ian.maddaus@progress.com> * changes made Signed-off-by: dishanktiwari2501 <dtiwari@progress.com> * minor changes Signed-off-by: dishanktiwari2501 <dtiwari@progress.com> * updated the SSO doc Signed-off-by: dishanktiwari2501 <dtiwari@progress.com> * updated the SSO doc Signed-off-by: dishanktiwari2501 <dtiwari@progress.com> * updated the SaaS pages Signed-off-by: dishanktiwari2501 <dtiwari@progress.com> * updated image lines in content Signed-off-by: dishanktiwari2501 <dtiwari@progress.com> * Move content from sass to saas Signed-off-by: Ian Maddaus <ian.maddaus@progress.com> * updated migration page Signed-off-by: dishanktiwari2501 <dtiwari@progress.com> * fixed the links Signed-off-by: dishanktiwari2501 <dtiwari@progress.com> * new page register nodes added to the sass folder Signed-off-by: dishanktiwari2501 <dtiwari@progress.com> * fixed the sso lint errors Signed-off-by: dishanktiwari2501 <dtiwari@progress.com> * fixed the sso lint errors Signed-off-by: dishanktiwari2501 <dtiwari@progress.com> * updated the docs Signed-off-by: dishanktiwari2501 <dtiwari@progress.com> * removed the page Signed-off-by: dishanktiwari2501 <dtiwari@progress.com> * added the page again Signed-off-by: dishanktiwari2501 <dtiwari@progress.com> * content removed Signed-off-by: dishanktiwari2501 <dtiwari@progress.com> * content removed Signed-off-by: dishanktiwari2501 <dtiwari@progress.com> * added code instead of images Signed-off-by: dishanktiwari2501 <dtiwari@progress.com> * added images Signed-off-by: dishanktiwari2501 <dtiwari@progress.com> * images added for attributes folder Signed-off-by: dishanktiwari2501 <dtiwari@progress.com> * images fixed Signed-off-by: dishanktiwari2501 <dtiwari@progress.com> * added images Signed-off-by: dishanktiwari2501 <dtiwari@progress.com> * added a section Signed-off-by: dishanktiwari2501 <dtiwari@progress.com> * added more changes to the sso doc Signed-off-by: dishanktiwari2501 <dtiwari@progress.com> * added more changes to the sso doc Signed-off-by: dishanktiwari2501 <dtiwari@progress.com> * changes updated Signed-off-by: dishanktiwari2501 <dtiwari@progress.com> * added notes Signed-off-by: dishanktiwari2501 <dtiwari@progress.com> * changes updated Signed-off-by: dishanktiwari2501 <dtiwari@progress.com> * list fixed Signed-off-by: dishanktiwari2501 <dtiwari@progress.com> * updated changes Signed-off-by: dishanktiwari2501 <dtiwari@progress.com> * changes updated Signed-off-by: dishanktiwari2501 <dtiwari@progress.com> * updated the content of SSO Signed-off-by: dishanktiwari2501 <dtiwari@progress.com> * cspell reverted back Signed-off-by: dishanktiwari2501 <dtiwari@progress.com> * fix the feedbacks Signed-off-by: dishanktiwari2501 <dtiwari@progress.com> * reviewed and fixed the getting started section Signed-off-by: dishanktiwari2501 <dtiwari@progress.com> * fuxed the buildkite Signed-off-by: dishanktiwari2501 <dtiwari@progress.com> * fixed cspell Signed-off-by: dishanktiwari2501 <dtiwari@progress.com> * feedback updated Signed-off-by: dishanktiwari2501 <dtiwari@progress.com> * feedback updated Signed-off-by: dishanktiwari2501 <dtiwari@progress.com> * updated the image to add chef infra server Signed-off-by: dishanktiwari2501 <dtiwari@progress.com> * Redirect nodes Signed-off-by: Ian Maddaus <ian.maddaus@progress.com> * Feedback from @lbarry316 Signed-off-by: Ian Maddaus <ian.maddaus@progress.com> * Fix images Signed-off-by: Ian Maddaus <ian.maddaus@progress.com> * More edits Signed-off-by: Ian Maddaus <ian.maddaus@progress.com> * Fix alt text, remove unused images Signed-off-by: Ian Maddaus <ian.maddaus@progress.com> * Update theme module Signed-off-by: Ian Maddaus <ian.maddaus@progress.com> --------- Signed-off-by: Ian Maddaus <ian.maddaus@progress.com> Signed-off-by: dishanktiwari2501 <dtiwari@progress.com> Co-authored-by: dishanktiwari2501 <dtiwari@progress.com>
- Loading branch information
1 parent
878cfa4
commit 5393299
Showing
14 changed files
with
463 additions
and
6 deletions.
There are no files selected for viewing
4 changes: 4 additions & 0 deletions
4
_vendor/github.com/chef/chef-docs-theme/layouts/partials/swiftype_search_modal.html
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
+++ | ||
title = "Chef SaaS Overview" | ||
draft = false | ||
|
||
[cascade] | ||
product = ["saas"] | ||
|
||
[menu] | ||
[menu.saas] | ||
title = "Overview" | ||
identifier = "chef_infra/Overview" | ||
parent = "chef_saas" | ||
weight = 10 | ||
+++ | ||
|
||
Chef SaaS offers unmatched secure infrastructure automation and compliance management from the cloud to control all essential resources. | ||
|
||
## Chef Infrastructure Management | ||
|
||
Ensure configurations are applied consistently in every environment with Infrastructure Management automation. | ||
|
||
## Chef Cloud Security | ||
|
||
End-to-end security management software that prevents security incidents and maintains compliance across your cloud-native assets. | ||
|
||
## Chef Compliance | ||
|
||
Maintain compliance and prevent security incidents across heterogeneous estates while improving speed and efficiency. | ||
|
||
## Chef Desktop | ||
|
||
Empowering IT resource managers through automation to improve efficiency while reducing risk across IT resources. | ||
|
||
To find out more about the configuration for Chef SaaS, refer to the [Get Started with Chef SaaS](/saas/get_started/) page. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,154 @@ | ||
+++ | ||
title = "Get Started with Chef SaaS" | ||
draft = false | ||
[menu] | ||
[menu.saas] | ||
title = "Get Started" | ||
identifier = "chef_infra/Get Started with Chef SaaS" | ||
parent = "chef_saas" | ||
weight = 20 | ||
+++ | ||
|
||
This guide explains how to set up and configure Chef SaaS. For details on how to migrate from AWS OpsWorks, refer to the following page: [AWS OpsWorks migration](/saas/opsworks_migration/). | ||
|
||
## Prerequisites | ||
|
||
Chef SaaS has the following prerequisites: | ||
|
||
- You must have a system with [Chef Workstation installed](/workstation/install_workstation/). | ||
|
||
- Chef SaaS Starter Kit (provided by Progress Chef): | ||
- SaaS Environment URL | ||
- SaaS Credentials | ||
- Pivotal PEM file for the initial setup of the environment. This PEM file is temporary and is replaced later. | ||
|
||
## Add Chef Infra Server in Chef SaaS | ||
|
||
Follow these steps in Chef SaaS to add a Chef Infra Server: | ||
|
||
1. Select **Infrastructure** in the top navigation. | ||
1. Select **Chef Infra Servers** in the navigation on the left. | ||
1. Select **Add Chef Infra Server**. | ||
1. Fill out the fields as follows: | ||
- Provide a unique name for the Chef Infra Server. | ||
- Enter the FQDN by copying the same URL used to connect to Chef SaaS, for example: `saas.example.com`. | ||
|
||
{{< figure src="/images/saas/add-chef-server-popup-menu.png" width="500" alt="Enter Chef Infra Server name and FQDN in the Add Chef Infra Server dialog.">}} | ||
|
||
1. Select **Add Chef Infra Server**. | ||
|
||
## Configure Chef Workstation | ||
|
||
For details on configuring Chef Workstation, refer to the following sections. | ||
|
||
1. Create a Chef credentials file on your local workstation: | ||
|
||
```sh | ||
knife configure init | ||
``` | ||
|
||
This prompts you with several questions: | ||
|
||
- Enter the Chef Infra Server URL provided in the Starter Kit, for example: `saas.example.com`. | ||
- For the existing API **username** or **client_name**, enter the superuser account provided in the Chef SaaS Starter Kit. | ||
|
||
This creates a credentials file in the `~/.chef` directory with contents similar to the following: | ||
|
||
```ruby | ||
[default] | ||
client_name - 'pivotal' | ||
client_key = '/home/admin/.chef/pivotal.pem' | ||
chef_server_url - 'https://saas.example.com' | ||
``` | ||
|
||
1. Copy the `pivotal.pem` file from the Chef SaaS Starter Kit to the `~/.chef` directory. | ||
|
||
This gives you the proper credentials to connect to Chef SaaS in the following steps. | ||
|
||
1. Create an organization using the [`knife org create`](/workstation/knife_org/) command. This organization acts as a top-level entity for role-based access control. | ||
|
||
```sh | ||
knife org create <ORGANIZATION_NAME> "<ORGANIZATION_FULL_NAME>" | ||
``` | ||
|
||
Replace: | ||
|
||
- `<ORGANIZATION_NAME>` with the user's organization name. | ||
- `<ORGANIZATION_FULL_NAME>` with the organization's full name. | ||
|
||
This returns a private key for the organization's validator client. | ||
1. Create a new user associated with the new organization and use the credentials file: | ||
```sh | ||
knife user create <USERNAME> --email <EMAIL> --password <PASSWORD> | ||
``` | ||
Replace: | ||
- `<USERNAME>` with the user's username. | ||
- `<EMAIL>` with the user's e-mail address. | ||
- `<PASSWORD>` with the user's password. | ||
|
||
Copy the new `<FILE_NAME>.pem` file created with this command to the `~/.chef` directory before updating the credentials file later in this document. | ||
|
||
1. Add the new user to the organization using the [`knife org user`](/workstation/knife_org/) command: | ||
|
||
```sh | ||
knife org user add <ORGANIZATION_NAME> <USERNAME> | ||
``` | ||
|
||
In the above code, replace: | ||
|
||
- `<ORGANIZATION_NAME>` with user's organization name. | ||
- `<USERNAME>` with the user's username. | ||
|
||
1. Open the credentials file in the `~/.chef` directory and update the following values: | ||
|
||
- `client_name` to the new account created. | ||
- `client_key` to the new PEM file that was created. | ||
- `chef_server_url` to include the new organization. | ||
|
||
An example of the credentials in the `~/.chef` directory is as follows: | ||
|
||
```ruby | ||
[default] | ||
client_name - 'CLIENT_NAME' | ||
client_key = '/home/admin/.chef/<USER_NAME>.pem' | ||
chef_server_url - 'https://saas-example.com' | ||
``` | ||
|
||
## Configure Chef Saas | ||
|
||
The following steps add the organization to Chef SaaS. Connect to the URL provided by Progress Chef and log in with the admin account credentials: | ||
|
||
1. Select **Infrastructure** in the top navigation. | ||
1. Select **Chef Infra Servers** in the navigation on the left. | ||
1. Select the **Chef Infra Server** created previously. | ||
1. Select **Add Chef Organization** and: | ||
- Provide the **Name** of the organization created using knife. | ||
- For **Admin User**, enter the new account created using knife. | ||
- For **Admin Key**, paste the contents of the new PEM file created with the user account. | ||
- Select **Add Chef Organization**. | ||
|
||
{{< figure src="/images/automate/add-chef-organization-popup-menu.png" width="350" alt="Add Chef Organization Form">}} | ||
|
||
### Verify the SSL configuration | ||
|
||
Chef SaaS uses public certificates to ensure a secure connection to the service. To eliminate connection issues, verify the SSL connection and the certificate. | ||
|
||
- Verify the connection with the new organization: | ||
|
||
```cd | ||
knife ssl check | ||
``` | ||
|
||
### Verify the client connection | ||
|
||
- Finally, verify a successful connection to the new organization: | ||
|
||
```sh | ||
knife client list | ||
``` | ||
|
||
This returns a list of Infra Client nodes and workstations that are registered with a Chef Infra Server. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,98 @@ | ||
+++ | ||
title = "Migrate from AWS OpsWorks to Chef SaaS" | ||
draft = false | ||
[menu] | ||
[menu.saas] | ||
title = " AWS OpsWorks Migration" | ||
identifier = "chef_infra/OpsWorks Migration" | ||
parent = "chef_saas" | ||
weight = 30 | ||
+++ | ||
|
||
This guide describes the migration scenarios from AWS OpsWorks to Chef SaaS. | ||
|
||
## Prerequisites | ||
|
||
The following prerequisites must be in place before migrating from AWS OpsWorks to Chef SaaS: | ||
|
||
- AWS OpsWorks must be running Chef Automate 2.0. | ||
- A Chef SaaS environment must be configured. Refer to the [Getting Started with Chef SaaS](/saas/get_started/) page. | ||
- An S3 bucket must be provided from Progress Chef. | ||
|
||
## Backup AWS OpsWorks | ||
|
||
AWS OpsWorks for Chef Automate can have two configuration setups: | ||
|
||
- cluster with SSH access | ||
- cluster without SSH access | ||
|
||
Both types of clusters have SSM access. You should be able to log in to the AWS OpsWorks Chef Automate instance and follow the steps to create a backup. By default, AWS OpsWorks has the manual backup feature, which creates a backup in S3. You can use the S3 backup if you can't log in to an instance using SSH/SSM. | ||
|
||
### Back up AWS OpsWorks using SSH/SSM | ||
|
||
If you have SSH/SSM access, follow these steps to create a backup: | ||
|
||
1. Log in to the AWS OpsWorks EC2 instance using SSH/SSM from the EC2 console. | ||
1. Create a `patch.toml` as shown in the following code snippet: | ||
|
||
```sh | ||
[global.v1.backups] | ||
location = "filesystem" | ||
|
||
[global.v1.backups.filesystem] | ||
path = "/var/opt/chef-automate/backups/" | ||
``` | ||
|
||
1. Apply the patch: | ||
|
||
```sh | ||
chef-automate config patch patch.toml | ||
``` | ||
|
||
Check the Chef Automate status and wait for all services to turn healthy. | ||
|
||
1. Back up your Chef Automate data: | ||
|
||
```sh | ||
sudo chef-automate backup create | ||
sudo chef-automate bootstrap bundle create bootstrap.abb | ||
``` | ||
|
||
Once the backup process is complete, Chef Automate returns a **Success** message. The backup data is available in `/var/opt/chef-automate/backups/`. | ||
|
||
1. Zip the backup and share it with the Chef team. Include the `timestamp-based directory`, `automate-elasticsearch-data`, `.tmp` directory, and `bootstrap.abb`. | ||
|
||
```sh | ||
[root@ip-10-200-140-7 backups]# ls -a /var/opt/chef-automate/backups/ | ||
20230605230117 automate-elasticsearch-data .tmp bootstrap.abb | ||
[root@ip-10-200-140-7 backups]# zip -r backup.zip automate-elasticsearch-data 20230605230117 .tmp bootstrap.abb | ||
[root@ip-10-200-140-7 backups]# ls -a | ||
20230605230117 automate-elasticsearch-data .tmp bootstrap.abb backup.zip | ||
``` | ||
|
||
You can share the backup using pre-signed URLs. The SOP provides steps for sharing the backup with the Chef team. | ||
|
||
### Back up AWS OpsWorks using the AWS Management Console | ||
|
||
If you don't have SSH/SSM access, follow these steps to create a backup: | ||
1. Go to the **AWS OpsWorks** console. | ||
1. Choose the server to back up on the **Chef Automate servers** page. | ||
1. On the properties page for the Chef Infra Server, in the left navigation pane, select **Backups**. | ||
1. Select **Create backup**. | ||
1. The manual backup is finished when the page shows a green checkmark in the backup's **Status** column. | ||
|
||
{{< figure src="/images/saas/saas-status-column.png" alt="Chef Automate showing list of backups on AWS OpsWorks.">}} | ||
|
||
1. In the AWS S3 console, find the AWS OpsWorks bucket where the backups are stored. | ||
|
||
{{< figure src="/images/saas/saas-aws-console.png" alt="AWS S3 console showing list of Automate server backups.">}} | ||
|
||
1. Zip the latest `timestamp-based` directory and `automate-elasticsearch-data` directory and share it with the Chef team. | ||
|
||
Progress Chef engineers handle the restoration process. Your account manager will notify you when the restoration is complete. | ||
|
||
## Verify the restore | ||
|
||
When the restore is complete, log into Chef SaaS. You will see data in the environment up to the day of the backup including users, cookbooks, Infra Client runs. |
Oops, something went wrong.