Skip to content

Instantly share code, notes, and snippets.

@anthonygrees

anthonygrees/aib.md

Created November 5, 2020 08:24
Show Gist options
  • Save anthonygrees/798402d9fe8869739221f74c791673c8 to your computer and use it in GitHub Desktop.
Save anthonygrees/798402d9fe8869739221f74c791673c8 to your computer and use it in GitHub Desktop.
Download ZIP
Removing Ruby 2.5 (core/ruby) AND Chef Infra Server and Workflow from the AIB
Raw
aib.md

Removing Ruby 2.5 (core/ruby) AND Chef Infra Server and Workflow from the AIB

Creating the AIB

  1. Clone the Automate source with git
git clone https://github.com/chef/automate.git
cd automate
  1. Checkout the branch that updates InSpec to a version that uses Ruby 2.6
git checkout ssd/upgrade-inspec
  1. Remove these rows from products.meta:
  • chef/automate-cs-bookshelf
  • chef/automate-cs-oc-bifrost
  • chef/automate-cs-oc-erchef
  • chef/automate-cs-nginx
  • chef/automate-workflow-server
  • chef/automate-workflow-nginx
  1. Download the chef-automate installer:
curl https://packages.chef.io/files/current/latest/chef-automate-cli/chef-automate_linux_amd64.zip | gunzip - > chef-automate && chmod +x chef-automate
  1. Locally build a chef/compliance-service package

Create a temporary 'chef' origin key for building a local chef/compliance-service package

hab origin key generate chef

Enter the habitat studio, build the compliance-service package, and install it locally

HAB_ORIGIN=chef hab studio enter
build components/compliance-service # in the studio
exit # leave the studio
sudo hab pkg install results/chef-compliance-service-1.11.1-20201105010614-x86_64-linux.hart # the filename will be slightly different

Copy the fully qualified package name for the chef/compliance-service package that was just built from the output, e.g. chef/compliance-service/1.11.1/20201105010614

  1. Create a reduced manifest.json by running the create-manifest.rb script, using the package that was build locally:

EXPEDITOR_NAME can be anything here, no need to change it
You must replace chef/compliance-service/1.11.1/20201105010614 with the fully qualified package from the last step

EXPEDITOR_NAME=foo EXPEDITOR_PKG_IDENTS_COMPLIANCESERVICEX86_64LINUX="chef/compliance-service/1.11.1/20201105010614" .expeditor/create-manifest.rb
  1. Create an Airgap Installation Bundle (AIB) based on the new manifest.json:

This runs as root to avoid potential issues accessing /hab/cache/keys

sudo ./chef-automate airgap bundle create -m manifest.json --hartifacts results/ --override-origin chef
  1. Copy the resulting automate-*.aib file to the server

Installing Automate using the AIB

  1. Download the chef-automate installer:
curl https://packages.chef.io/files/current/latest/chef-automate-cli/chef-automate_linux_amd64.zip | gunzip - > chef-automate && chmod +x chef-automate
  1. Create a default Automate configuration, which by default does not include the Infra Server or Workflow
sudo ./chef-automate init-config

  1. Modify config.toml as needed, e.g. settings the fqdn

  2. Install Automate using the AIB:

sudo ./chef-automate deploy config.toml --airgap-bundle automate-*.aib
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment