Chef Ideas

Consolidate initial installation configuration
My setup:
a> uses internal block storage (internal s3) for backup
b> uses DNS names for automate FQDN
c> not very simple policy files (require bigger default_max_session value)
d> uses local generated SSL certs
Currently, at least to mine setup, here are the steps I have to go through to get the Automate HA cluster setup. These steps should be consolidated into lesser ones:
Step 1: uses "init-config-ha existing_infra" template to setup basic sckeleton Automate HA cluster, on bastion host
Step 2: apply license key, on one automate frontend host
Step 3: apply internal SSL certs, on bastion host
Step 4: on every chef infra server, restart chef-automate service after
- update chef/automate-cs-oc-erchef system conf file to set bigger default_max_session value
- patch data collector to use automate FQDN, see support case 01199728
Step 5: config generic S3 backup, on bastion host
Step 6: config S3 backup, on each OpenSearch host

Hopefully in the future:
All extra configurations for inital setup would be consolidated into the "init-config-ha" generated template, where it can:
a> covers most of the configurations
b> points out to extra configuration files, if they can not be consolidated into the main one

Post installation patching
Things will always change. So patching is unavoidable. But it should be made easier in one single step, on a single node, either from bastion host, or one member of the same cluster layer. For example, Step 4 in above should be able to be accomplished from any one of the chef infra server, instead of every one of them.