Tutorial for Setting Up Chef Compliance Server on Azure
By Annie Hedgpeth · May 5, 2016
Tutorial for Setting Up Chef Compliance Server on Azure

This tutorial for setting up Chef Compliance is for pretty much anyone to use. I break it into extremely simple steps, so that there is no mystery.

The thing about setting up Chef Compliance that was challenging for me is that you can’t see the product until you build a home for it. It was a lot like taking a giant box home from Ikea when you don’t know what you bought, then you have to put it together with random instructions strewn together from blogs.

As a non-technical type who’s been into technology for all of about five minutes, I am teaching myself to not be scared of technology. True, I’m most likely not the next Steve Jobs, but I did prove that I can now set up a virtual machine to use Chef Compliance in the cloud, and you can, too!

Disclaimer: I’m not a prodigy; I just have a totally unfair advantage, and his name is Michael Hedgpeth of hedge-ops.com. I’m married to him, and thus have a totally awesome teacher with benefits. So there’s that.

I will say, however, that I did not move from one step to the next without fully understanding what I was doing and the context with which I was doing it.

What You Will Need

Overview of the steps

  1. Create an Ubuntu virtual machine on Azure
  2. Make your virtual machine accessible over the internet
  3. Rename your virtual machine
  4. Set up Chef Compliance on your virtual machine
  5. Configure Chef Compliance server

Create an Ubuntu virtual machine on Azure

We decided to use Azure because virtual Box just didn’t work for us for whatever reason, and Michael is more familiar with Azure than AWS right now. Plus, they offer a free trial, so it worked out. If you have had better luck with virtual box, I’d love to hear about it!

  1. Go to your Azure account and click NEW.
  2. Under Marketplace click Virtual Machines
  3. Under Featured Apps click Ubuntu Server 14.04 LTS
  4. Leave the default setting for Select a Deployment Model as Resource Manager
  5. Under the 1 – BASICS – Configure Basic Settings tab, fill in the following
  • Username—This is you. You’ll have to enter it several times, so make it simple.
  • Password—Choose a good one because it’s over the internet, but you will have to enter it, and I don’t know that you can copy and paste it.
  • Resource Group—Create a new one and name it.
  • Location—Choose the location of your server that’s closest to your region.
  1. Under the 2 SIZE tab—A1 is what I chose, cheap, and it did the job.
  2. Under the 3 SETTINGS tab—choose all defaults for Storage options.
  3. Under the 4 Summary tab—click ok and your VM will be deployed after a few minutes.

Make Your Virtual Machine Accessible Over the Internet

We’re doing this so that our browser can access Chef Compliance on our server. First, we’ll register a public name for the server, so that we can type that name in a browser. Then we’ll need to change the security settings on the network security group.

  1. So go to All Resources, click on your server, then click on your IP address and note that there is no DNS name label for it.
  2. Click on Configuration and add the name you choose in the box called DNS name label and copy it to notepad or something because you’ll need it later. Then click SAVE at the top of the Configuration tab.
  3. Go to the network security group (the one with the shield icon) that you just created. We need to create a rule so that our compliance website can be accessed.
  • In settings, click on Inbound Security Rules.
  • Click ADD, and name it allow-ssl, and change the Destination Port Range to 443 so that you can talk to the server over https. Then click OK.
  • Make sure your machine is on by going back to All Resources and clicking on your VM (with the monitor icon). If Connect is greyed out, then you’re connected.

Rename Your Virtual Machine

After all of that, your vm still doesn’t really know that its name was changed, so now we have to tell it what its name is.

  1. SSH to your vm
  • Open up your terminal. 
    ssh username@dnsname
    Mine was: 
    ssh annie@cheftutorialcompliance.southcentralus.cloudapp.azure.com
  • Respond yes
  • Enter your password
  1. Install Nano on your VM
sudo apt-get install nano
  1. Open this file so that you can edit it
sudo nano /etc/waagent.conf
  1. Find this in the document:
Provisioning.MonitorHostName=y
  1. The value will be n when you find it, but change it to a y
  2. Save by clicking Ctrl+o, then accept the file name by pressing Enter
  3. Then Exit by clicking Ctrl+x
  4. Once done, run this command
sudo waagent -install
  1. Now change the name to the full domain name that you’ll type in your browser. I used
sudo hostname cheftutorialcompliance.southcentralus.cloudapp.azure.com

When you finish this step you should be able to type the command hostname and something like cheftutorialcompliance.southcentralus.cloudapp.azure.com should come up.

This is the terminal I used.

Set Up Chef Compliance on Your Virtual Machine

Finally. After all of that work, we’re ready to actually put Chef Compliance onto our virtual machine. I used this guide.

  1. To download the package, go to the download site get the download URL for Ubuntu and copy and paste the link on a notepad or something to use in a minute.
  2. cd to the /tmp directory
cd /tmp
  1. wget the download URL
wget [download url that you just copied]
  1. As the directions say, run sudo dpkg
sudo dpkg -i /tmp/chef-compliance-<version>.deb

Hint: Just type up to Chef, then hit tab to autofill. This will take a minute or so.

  1. Run sudo chef-compliance-ctl reconfigure
  2. This takes you to a license agreement. (Edited to add: They may have done away with this requirement.)
  • Hit any key.
  • Read it as you scroll all the way down to the end.
  • Then hit q to get out of the agreement.
  • You then need to agree to it, so type yes, and it will load the compliance server.
  • This will take a few minutes (if you got a slow, cheap machine like I did).

Configure Chef Compliance Server

So now that it’s all installed, it’s time accept the license agreement and set up an administrator user so that you can start using the product.

  1. Navigate to your URL and add /#/setup to the end, make sure it’s https
  2. Your browser doesn’t trust your server, so it’ll warn you not to go there. Just click on Advanced and then accept the risk that it asks you to accept by clicking the link at the bottom.
  3. Click on Setup Chef Compliance
  4. Accept the license agreement…again
  5. Set up an admin user and click Next
  6. Make sure your info is correct and click Configure The first time I went through, it said that the setup failed. But then I went back to the dashboard and logged in, and all was well. Who knows.
  7. Go to the dashboard, and you’re ready to go!
  8. Now go have a glass of wine and a chocolate chip cookie and pat yourself on the back.

Concluding Thoughts

I gotta admit, this whole process was a bit much for me. I couldn’t have done it without Michael. Once I got to the end, I was super surprised to see just how simple and intuitive the program was after such a complicated setup.

I’m really excited to learn more about Chef Compliance, so in another post I’ll get to the fun part where we actually get to play around with it and see just what it can do.

Engineering
Azure
Chef
Tutorial