chef · IanMadd · Jun 20, 2024 · Dec 22, 2023 · Dec 22, 2023 · Jan 7, 2024
@@ -14,7 +14,7 @@
 # github.com/chef/compliance-profiles/docs-chef-io v0.0.0-20240306070238-713aa7a8dd8e
 # github.com/chef/compliance-remediation-2022/docs-chef-io v0.0.0-20240313054833-ebbc45209efa
 # github.com/chef/license-service/docs-chef-io v0.0.0-20231117105514-d3f3d53ba2dd
-# github.com/chef/chef-docs-theme v0.0.0-20240528150035-cb21f24f1e5a
+# github.com/chef/chef-docs-theme v0.0.0-20240620121322-6e139ab547c0
 # github.com/FortAwesome/Font-Awesome v0.0.0-20240108205627-a1232e345536
 # github.com/cowboy/jquery-hashchange v0.0.0-20100902193700-0310f3847f90
 # github.com/twitter/hogan.js v3.0.2+incompatible

@@ -424,7 +424,6 @@ identifier = "server"
 # Chef Infra Menu
 ####
 
-
 [[infra]]
 title = "Chef Infra"
 identifier = "chef_infra"
@@ -644,6 +643,18 @@ identifier = "chef_infra"
 # End Chef Infra Menu
 ####
 
+####
+# Chef SaaS Menu
+####
+
+[[saas]]
+title = "Chef SaaS"
+identifier = "chef_saas"
+
+####
+# End Chef SaaS Menu
+####
+
 ####
 # Chef Workstation Menu
 ####

@@ -1,6 +1,6 @@
 ## The order of the menus (e.g. menu.infra, menu.inspec, etc...) in the left nav menu
 ## is set by the menuOrder parameter below.
-menuOrder = ["overview", "automate",  "desktop", "habitat", "infra", "server", "inspec", "workstation", "effortless", "supermarket", "release_notes", "legacy", "extra"]
+menuOrder = ["overview", "automate",  "desktop", "habitat", "infra", "server", "inspec", "saas", "workstation", "effortless", "supermarket", "release_notes", "legacy", "extra"]
 
 enable_search = true
 robots = ''

@@ -0,0 +1,34 @@
++++
+title = "Chef SaaS Overview"
+draft = false
+
+[cascade]
+  product = ["saas"]
+
+[menu]
+  [menu.saas]
+    title = "Overview"
+    identifier = "chef_infra/Overview"
+    parent = "chef_saas"
+    weight = 10
++++
+
+Chef SaaS offers unmatched secure infrastructure automation and compliance management from the cloud to control all essential resources.
+
+## Chef Infrastructure Management
+
+Ensure configurations are applied consistently in every environment with Infrastructure Management automation.
+
+## Chef Cloud Security
+
+End-to-end security management software that prevents security incidents and maintains compliance across your cloud-native assets.
+
+## Chef Compliance
+
+Maintain compliance and prevent security incidents across heterogeneous estates while improving speed and efficiency.
+
+## Chef Desktop
+
+Empowering IT resource managers through automation to improve efficiency while reducing risk across IT resources.
+
+To find out more about the configuration for Chef SaaS, refer to the [Get Started with Chef SaaS](/saas/get_started/) page.
@@ -0,0 +1,154 @@
++++
+title = "Get Started with Chef SaaS"
+draft = false
+[menu]
+  [menu.saas]
+    title = "Get Started"
+    identifier = "chef_infra/Get Started with Chef SaaS"
+    parent = "chef_saas"
+    weight = 20
++++
+
+This guide explains how to set up and configure Chef SaaS. For details on how to migrate from AWS OpsWorks, refer to the following page: [AWS OpsWorks migration](/saas/opsworks_migration/).
+
+## Prerequisites
+
+Chef SaaS has the following prerequisites:
+
+- You must have a system with [Chef Workstation installed](/workstation/install_workstation/).
+
+- Chef SaaS Starter Kit (provided by Progress Chef):
+  - SaaS Environment URL
+  - SaaS Credentials
+  - Pivotal PEM file for the initial setup of the environment. This PEM file is temporary and is replaced later.
+
+## Add Chef Infra Server in Chef SaaS
+
+Follow these steps in Chef SaaS to add a Chef Infra Server:
+
+1. Select **Infrastructure** in the top navigation.
+1. Select **Chef Infra Servers** in the navigation on the left.
+1. Select **Add Chef Infra Server**.
+1. Fill out the fields as follows:
+    - Provide a unique name for the Chef Infra Server.
+    - Enter the FQDN by copying the same URL used to connect to Chef SaaS, for example: `saas.example.com`.
+
+      {{< figure src="/images/saas/add-chef-server-popup-menu.png" width="500" alt="Enter Chef Infra Server name and FQDN in the Add Chef Infra Server dialog.">}}
+
+1. Select **Add Chef Infra Server**.
+
+## Configure Chef Workstation
+
+For details on configuring Chef Workstation, refer to the following sections.
+
+1. Create a Chef credentials file on your local workstation:
+
+    ```sh
+    knife configure init
+    ```
+
+    This prompts you with several questions:
+
+    - Enter the Chef Infra Server URL provided in the Starter Kit, for example: `saas.example.com`.
+    - For the existing API **username** or **client_name**, enter the superuser account provided in the Chef SaaS Starter Kit.
+
+    This creates a credentials file in the `~/.chef` directory with contents similar to the following:
+
+    ```ruby
+    [default]
+    client_name         - 'pivotal'
+    client_key          = '/home/admin/.chef/pivotal.pem'
+    chef_server_url     - 'https://saas.example.com'
+    ```
+
+1. Copy the `pivotal.pem` file from the Chef SaaS Starter Kit to the `~/.chef` directory.
+
+   This gives you the proper credentials to connect to Chef SaaS in the following steps.
+
+1. Create an organization using the [`knife org create`](/workstation/knife_org/) command. This organization acts as a top-level entity for role-based access control.
+
+    ```sh
+    knife org create <ORGANIZATION_NAME> "<ORGANIZATION_FULL_NAME>"
+    ```
+
+    Replace:
+
+    - `<ORGANIZATION_NAME>` with the user's organization name.
+    - `<ORGANIZATION_FULL_NAME>` with the organization's full name.
+
+    This returns a private key for the organization's validator client.
+
+1. Create a new user associated with the new organization and use the credentials file:
+
+    ```sh
+    knife user create <USERNAME> --email <EMAIL> --password <PASSWORD>
+    ```
+
+    Replace:
+
+    - `<USERNAME>` with the user's username.
+    - `<EMAIL>` with the user's e-mail address.
+    - `<PASSWORD>` with the user's password.
+
+    Copy the new `<FILE_NAME>.pem` file created with this command to the `~/.chef` directory before updating the credentials file later in this document.
+
+1. Add the new user to the organization using the [`knife org user`](/workstation/knife_org/) command:
+
+    ```sh
+    knife org user add <ORGANIZATION_NAME> <USERNAME>
+    ```
+
+    In the above code, replace:
+
+    - `<ORGANIZATION_NAME>` with user's organization name.
+    - `<USERNAME>` with the user's username.
+
+1. Open the credentials file in the `~/.chef` directory and update the following values:
+
+    - `client_name` to the new account created.
+    - `client_key` to the new PEM file that was created.
+    - `chef_server_url` to include the new organization.
+
+    An example of the credentials in the `~/.chef` directory is as follows:
+
+    ```ruby
+    [default]
+    client_name         - 'CLIENT_NAME'
+    client_key          = '/home/admin/.chef/<USER_NAME>.pem'
+    chef_server_url     - 'https://saas-example.com'
+    ```
+
+## Configure Chef Saas
+
+The following steps add the organization to Chef SaaS. Connect to the URL provided by Progress Chef and log in with the admin account credentials:
+
+1. Select **Infrastructure** in the top navigation.
+1. Select **Chef Infra Servers** in the navigation on the left.
+1. Select the **Chef Infra Server** created previously.
+1. Select **Add Chef Organization** and:
+    - Provide the **Name** of the organization created using knife.
+    - For **Admin User**, enter the new account created using knife.
+    - For **Admin Key**, paste the contents of the new PEM file created with the user account.
+    - Select **Add Chef Organization**.
+
+    {{< figure src="/images/automate/add-chef-organization-popup-menu.png" width="350" alt="Add Chef Organization Form">}}
+
+### Verify the SSL configuration
+
+Chef SaaS uses public certificates to ensure a secure connection to the service. To eliminate connection issues, verify the SSL connection and the certificate.
+
+- Verify the connection with the new organization:
+
+    ```cd
+    knife ssl check
+    ```
+
+### Verify the client connection
+
+- Finally, verify a successful connection to the new organization:
+
+  ```sh
+  knife client list
+  ```
+
+  This returns a list of Infra Client nodes and workstations that are registered with a Chef Infra Server.
@@ -0,0 +1,98 @@
++++
+title = "Migrate from AWS OpsWorks to Chef SaaS"
+draft = false
+[menu]
+  [menu.saas]
+    title = " AWS OpsWorks Migration"
+    identifier = "chef_infra/OpsWorks Migration"
+    parent = "chef_saas"
+    weight = 30
++++
+
+This guide describes the migration scenarios from AWS OpsWorks to Chef SaaS.
+
+## Prerequisites
+
+The following prerequisites must be in place before migrating from AWS OpsWorks to Chef SaaS:
+
+- AWS OpsWorks must be running Chef Automate 2.0.
+- A Chef SaaS environment must be configured. Refer to the [Getting Started with Chef SaaS](/saas/get_started/) page.
+- An S3 bucket must be provided from Progress Chef.
+
+## Backup AWS OpsWorks
+
+AWS OpsWorks for Chef Automate can have two configuration setups:
+
+- cluster with SSH access
+- cluster without SSH access
+
+Both types of clusters have SSM access. You should be able to log in to the AWS OpsWorks Chef Automate instance and follow the steps to create a backup. By default, AWS OpsWorks has the manual backup feature, which creates a backup in S3. You can use the S3 backup if you can't log in to an instance using SSH/SSM.
+
+### Back up AWS OpsWorks using SSH/SSM
+
+If you have SSH/SSM access, follow these steps to create a backup:
+
+1. Log in to the AWS OpsWorks EC2 instance using SSH/SSM from the EC2 console.
+1. Create a `patch.toml` as shown in the following code snippet:
+
+    ```sh
+    [global.v1.backups]
+    location = "filesystem"
+
+    [global.v1.backups.filesystem]
+    path = "/var/opt/chef-automate/backups/"
+    ```
+
+1. Apply the patch:
+
+    ```sh
+    chef-automate config patch patch.toml
+    ```
+
+    Check the Chef Automate status and wait for all services to turn healthy.
+
+1. Back up your Chef Automate data:
+
+    ```sh
+    sudo chef-automate backup create
+    sudo chef-automate bootstrap bundle create bootstrap.abb
+    ```
+
+    Once the backup process is complete, Chef Automate returns a **Success** message. The backup data is available in `/var/opt/chef-automate/backups/`.
+
+1. Zip the backup and share it with the Chef team. Include the `timestamp-based directory`, `automate-elasticsearch-data`, `.tmp` directory, and `bootstrap.abb`.
+
+    ```sh
+    [root@ip-10-200-140-7 backups]# ls -a /var/opt/chef-automate/backups/
+    20230605230117  automate-elasticsearch-data .tmp bootstrap.abb
+
+    [root@ip-10-200-140-7 backups]# zip -r backup.zip automate-elasticsearch-data 20230605230117 .tmp bootstrap.abb
+    [root@ip-10-200-140-7 backups]# ls -a
+    20230605230117  automate-elasticsearch-data .tmp bootstrap.abb  backup.zip
+    ```
+
+    You can share the backup using pre-signed URLs. The SOP provides steps for sharing the backup with the Chef team.
+
+### Back up AWS OpsWorks using the AWS Management Console
+
+If you don't have SSH/SSM access, follow these steps to create a backup:
+
+1. Go to the **AWS OpsWorks** console.
+1. Choose the server to back up on the **Chef Automate servers** page.
+1. On the properties page for the Chef Infra Server, in the left navigation pane, select **Backups**.
+1. Select **Create backup**.
+1. The manual backup is finished when the page shows a green checkmark in the backup's **Status** column.
+
+    {{< figure src="/images/saas/saas-status-column.png" alt="Chef Automate showing list of backups on AWS OpsWorks.">}}
+
+1. In the AWS S3 console, find the AWS OpsWorks bucket where the backups are stored.
+
+    {{< figure src="/images/saas/saas-aws-console.png" alt="AWS S3 console showing list of Automate server backups.">}}
+
+1. Zip the latest `timestamp-based` directory and `automate-elasticsearch-data` directory and share it with the Chef team.
+
+Progress Chef engineers handle the restoration process. Your account manager will notify you when the restoration is complete.
+
+## Verify the restore
+
+When the restore is complete, log into Chef SaaS. You will see data in the environment up to the day of the backup including users, cookbooks, Infra Client runs.