terraform-chef-immersion

Terraform module for creating Chef training environment
Deploying this stack will create the following:

• 1 chef server bootstrapped
• 1 chef organization called hizzleinc
• 1 chef user called chefadmin and user keys
• n number of chef nodes
• knife.rb file

Requirements

• Terraform CLI version >= 0.13

brew install hashicorp/tap/terraform

Or check the installation documentation

Or use tfenv

• AWS Account
• Chef workstation

How to use

Pre-configurations

Create a chef-repo: chef generate repo hizzleinc

1. Configure AWS account credentials to be used with this module.
   

.aws/config

[profile hazel-lab]
region = us-east-1
output = table

.aws/credentials

[hazel-lab]
aws_access_key_id = ****
aws_secret_access_key = ****

2. Generate SSH keys within the terraform-chef-immersion/chef-files/ directory

ssh-keygen -t rsa -f chef-immersion -C "youremail@example.com"
chmod 400 ./chef-immersion

⚠️   If you call the SSH keys something other than chef-immersion you must change it in the terraform module as well.

Variables

1. Copy terraform.tfvars.example to terraform.tfvars

cp terraform.tfvars.example terraform.tfvars

2. Modify the values for at least all the required variables and save

Deploy

1. Initialize Terraform

terraform init

2. Validate Terraform configuration

terraform validate

3. Apply Terraform configuration

terraform apply

4. Grab a cup of ☕   while the chef server bootstraps. It will take ~6 minutes
5. The terraform run will perform scp to download the chef user's key file to the chef-files folder. Watch for the prompt and type yes into the command line when prompted for SSH connectivity

null_resource.example_provisioner (get_chefuser_key): Executing: ["/bin/sh" "-c" "scp -i ./chef-files/chef-immersion ubuntu@1.2.3.4:/drop/chefadmin.pem ./chef-files/"]
The authenticity of host '1.2.3.4 (1.2.3.4)' can't be established.
ECDSA key fingerprint is SHA256:blahblahblah.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes

Outcome

Chef interaction requirements will be generated in the chef-files directory

• knife.rb config (generated by Terraform)
• chefadmin.pem (downloaded from the chef server)
• chef-immersion (private and public key should have been created by user previously)

There is also a Berksfile that contains the chef-client cookbook requirement.

Move these files into chef-repo/.chef to interact with the new chef server. Do Berks install and Berks upload to install the chef-client cookbook and required dependencies. This is required for the recurring chef-client runs part of the lab.