Skip to main content

Bulk node enrollment

With bulk node enrollment, you define the nodes, credentials, and enrollment settings in a CSV file that’s uploaded to Chef 360 Platform. Once uploaded, Chef 360 Platform handles the process of connecting to and enrolling each node defined in the file with a node cohort.

Bulk enrollment fully enrolls nodes.

Role requirements

To enroll nodes, use a profile with the node-manager role.

Connection requirements

  • Nodes must be accessible with SSH or WinRM.
  • Nodes must have a public DNS name or public IP address.
  • A node’s IP address can’t be 127.0.0.1 (localhost).
  • A node’s CIDR address must not overlap with the Chef 360 Platform services’ CIDR range. The default CIDR ranges for Chef 360 Platform services are 10.244.0.0/16 and 10.96.0.0/12.
  • The node’s ports for RabbitMQ and the nginx API gateway must be open to Chef 360 Platform. Additionally, Chef 360 Platform must allow inbound connections to these ports from the node.
  • For nodes running Windows Server 2012 or 2016, download and manually install curl. After installation, ensure the curl executable is added to the system’s PATH environment variable.

SSH connection requirements

  • Port 22 must be open.
  • The user must have sudo privileges.
  • The user must authenticate using an ed25519 or RSA (2048-bit) key without a passphrase.

WinRM connection requirements

  • Ports 5985 (HTTP) and 5986 (HTTPS) must be open.

  • Configure WinRM by running the following commands:

    winrm quickconfig   # Select 'Yes' when prompted
winrm set winrm/config/service/Auth '@{Basic="true"}'
winrm set winrm/config/service '@{AllowUnencrypted="true"}'
netsh advfirewall firewall add rule name="WinRM-HTTP" dir=in localport=5985 protocol=TCP action=allow
netsh advfirewall firewall add rule name="WinRM-HTTPS" dir=in localport=5986 protocol=TCP action=allow

Enroll nodes

To bulk enroll nodes, follow these steps:

  1. Create a CSV file with the following columns and fill in the ones that are relevant for each node, leaving the others blank:

    nodeId
    A node ID. If empty, a UUID is generated and assigned to each node at the time of enrollment.

    Optional

    cohortId
    The ID of the node cohort that the node is assigned to.

    Required

    url
    The public domain or IP address used to connect to the node.

    Required

    sshCredentials.username
    The username to connect to the node with SSH.

    Required if using SSH as the connection protocol.

    sshCredentials.password
    The password to connect to the node with SSH.

    Use sshCredentials.key or sshCredentials.password if using SSH as the connection protocol.

    sshCredentials.key
    The SSH key to connect to the node.

    Prepend the key with a single quote (') so that Excel can process the key and save the file.

    Use sshCredentials.key or sshCredentials.password if using SSH as the connection protocol.

    sshCredentials.port
    The port number used to connect to the node.

    Required if using SSH as the connection protocol.

    winRMCredentials.username
    The username to connect to the node with WinRM.

    Required if using WinRM as the connection protocol.

    winRMCredentials.password
    The password to connect to the node with WinRM.

    Required if using WinRM as the connection protocol.

    protocol
    The connection protocol. Allowed values are: ssh or winrm.

    Optional

    credentialId
    A credential ID. If you don’t want to use SSH or WinRM credentials, then you can give a credential ID.

    Optional

  2. Enroll the nodes using the enrollment bulk-enroll subcommand:

    chef-node-management-cli enrollment bulk-enroll --file <CSV_FILENAME> --profile <NODE_MANAGER_PROFILE_NAME>

    The response includes an enrollment ID similar to:

    {
    "item": {
        "id": "ebff692a-ca22-4841-afc9-b334b9e2256a"
    }
}

Get node enrollment status

Nodes have the following enrollment levels:

admitted
A node’s credentials and IP address are provided for enrollment and a node ID is assigned.
enrolled
The node is successfully enrolled with Chef 360 Platform.

Get the enrollment status of a single node

You can check if a node is enrolled by getting its current enrollment status or by getting the status of each step in the node’s enrollment process.

To get the enrollment level of a node, use the node ID and the management node find-one-node subcommand:

  • chef-node-management-cli management node find-one-node --nodeId <NODE_ID> --profile <NODE_MANAGER_PROFILE_NAME>

    An enrolled node has an enrollment level of enrolled, otherwise it has a status of admitted. For example:

    "enrollmentLevel": "enrolled"

To get the status of each step in the node’s enrollment process, use the get-status subcommand:

  • chef-node-management-cli status get-status --nodeId <NODE_ID> --profile <NODE_MANAGER_PROFILE_NAME>

    An enrolled node has "status": "Success" at each step.

Get the enrollment status using the enrollment ID

You can get the node enrollment status and node IDs using an enrollment ID and the status get-enrollmentId-status subcommand:

chef-node-management-cli status get-enrollmentId-status --enrollmentId <ENROLLMENT_ID> --profile <NODE_MANAGER_PROFILE_NAME>

The response is similar to:

{
  "item":{
    "id":"ebff692a-ca22-4841-afc9-b334b9e2256a",
    "items":[
      {
        "nodeId":"4a85f9bc-db17-4cc9-a253-f6e1fb57f000",
        "status":"Enrollment"
      },
      {
        "nodeId":"bc7976cb-70b3-41bb-b82f-c7209a8e3364",
        "status":"Enrollment"
      }
    ]
  }
}

Thank you for your feedback!

×