Reputation: 35
We got our entire infrastructure configured on AWS which consists of bunch of windows servers for Web front end, AD, DC, ADFS Proxy etc. provisioned in a Public subnet and Few DB servers configured as Private Subnet. private subnet can access the Internet by using a NAT server. Reference architecture is very similar to this:
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Scenario2.html#Configuration-2
Now what would be best approach/strategy to install Chef Clients on all these windows machines and to manage these servers on the hosted Chef?
I understand "WinRC" can be used on all the servers on Public Subnet to communicate with the Chef hosted Server. But for the Servers on Private Subnet what is the best strategy automate to rollout Chef clients and maintain them?
Upvotes: 0
Views: 115
Reputation: 751
All communication between a Chef client and a Chef server, hosted or private, is a pull by the client from the server via ports 80 and 443. The client uses outbound traffic to poll every few minutes; you can change the polling interval.
In a default AWS NAT subnet, there is an outbound rule to allow all traffic for all ports to any destination on the Internet, e.g., 0.0.0.0/0. If you have that locked down you can open up ports 80 and 443.
Chef Documents - Firewalls and Ports...
The following sections describe the ports that are required by the Chef server in a standalone configuration: ...
80, 443, ... nginx
The nginx service is used to manage traffic to the Chef server, including virtual hosts for internal and external API request/response routing, external add-on request routing, and routing between front- and back-end components.
One other thing -- if you are bootstrapping nodes in this subnet, e.g., doing "bare metal" builds from clean AWS AMI's, the normal way to do this is via the knife command, which is not run from the Chef server. It is run manually by a sysop from a workstation that has inbound access to the new node. To automate that for scenarios such as autoscaling, the approach is to use your own custom AWS AMI to have the Chef client onto the node when it is launched.
Upvotes: 1