Chef Ideas

We believe that the best way to build software is to do it in close collaboration with the people who use it. We invite you to submit your ideas using the form below. Please be sure to include the problem for which you are solving and the benefits of implementing the idea.

We do our best to implement as many Ideas as we can. Our Product team will evaluate all submitted ideas in a timely manner and will disposition each into one of the following categories: will integrate into the product roadmap, further research is needed, unlikely to implement.

Thanks for collaborating with us!

Consolidate initial installation configuration as well as post install patching

  1. Consolidate initial installation configuration
    My setup:
    a> uses internal block storage (internal s3) for backup
    b> uses DNS names for automate FQDN
    c> not very simple policy files (require bigger default_max_session value)
    d> uses local generated SSL certs
    Currently, at least to mine setup, here are the steps I have to go through to get the Automate HA cluster setup. These steps should be consolidated into lesser ones:
    Step 1: uses "init-config-ha existing_infra" template to setup basic sckeleton Automate HA cluster, on bastion host
    Step 2: apply license key, on one automate frontend host
    Step 3: apply internal SSL certs, on bastion host
    Step 4: on every chef infra server, restart chef-automate service after
    - update chef/automate-cs-oc-erchef system conf file to set bigger default_max_session value
    - patch data collector to use automate FQDN, see support case 01199728
    Step 5: config generic S3 backup, on bastion host
    Step 6: config S3 backup, on each OpenSearch host

    Hopefully in the future:
    All extra configurations for inital setup would be consolidated into the "init-config-ha" generated template, where it can:
    a> covers most of the configurations
    b> points out to extra configuration files, if they can not be consolidated into the main one

  2. Post installation patching
    Things will always change. So patching is unavoidable. But it should be made easier in one single step, on a single node, either from bastion host, or one member of the same cluster layer. For example, Step 4 in above should be able to be accomplished from any one of the chef infra server, instead of every one of them.

  • Guest
  • Sep 21 2022
  • Planned
  • Attach files
  • Ankur Mundhra commented
    9 Jan 07:37am

    Patching is possible from Automate 4.4.10

  • +1