Improve doc for Various Deployment styles and Add/Remove nodes and Ba…

…ckup for each type (#8126) * added new pages for the add/remome/replace nodes Signed-off-by: dishanktiwari2501 <dtiwari@progress.com> * uodated the remove and replace page Signed-off-by: dishanktiwari2501 <dtiwari@progress.com> * added contents to the deployment pages Signed-off-by: dishanktiwari2501 <dtiwari@progress.com> * fixes Signed-off-by: dishanktiwari2501 <dtiwari@progress.com> * added setions to Automate HA Config Generation page Signed-off-by: dishanktiwari2501 <dtiwari@progress.com> * adding changes to the pages Signed-off-by: dishanktiwari2501 <dtiwari@progress.com> * added init config to the doc Signed-off-by: dishanktiwari2501 <dtiwari@progress.com> * added init config to the doc Signed-off-by: dishanktiwari2501 <dtiwari@progress.com> * added init config to the doc Signed-off-by: dishanktiwari2501 <dtiwari@progress.com> * fixed the init config note Signed-off-by: dishanktiwari2501 <dtiwari@progress.com> * added manage ha cluster section and removed replace node page Signed-off-by: dishanktiwari2501 <dtiwari@progress.com> * shifted loadbalancer page to reference section Signed-off-by: dishanktiwari2501 <dtiwari@progress.com> * updating docs change relevant to current changes (#8166) * updating docs changes draft1 Signed-off-by: Tejaswi Bondila <bondila.venkatatejaswi@progress.com> * updating docs changes draft2 Signed-off-by: Tejaswi Bondila <bondila.venkatatejaswi@progress.com> * removing , Signed-off-by: Tejaswi Bondila <bondila.venkatatejaswi@progress.com> --------- Signed-off-by: Tejaswi Bondila <bondila.venkatatejaswi@progress.com> * [Doc]Migrating Bastion from one OS to another (#8162) * adding the performance details to ha overview doc (#8158) Signed-off-by: Durga Sarat Chandra Maddu <dmaddu@progress.com> * Bump version to 4.9.63 by Chef Expeditor Obvious fix; these changes are the result of automation not creative thinking. * Bump version to 4.9.64 by Chef Expeditor Obvious fix; these changes are the result of automation not creative thinking. * Migrating Bastion from one OS to another Signed-off-by: Arvinth C <arvinth.chandrasekaran@progress.com> * Migrating Bastion from one OS to another Signed-off-by: Arvinth C <arvinth.chandrasekaran@progress.com> * Adding link Signed-off-by: Arvinth C <arvinth.chandrasekaran@progress.com> * reviewed the doc Signed-off-by: dishanktiwari2501 <dtiwari@progress.com> * reviewed the doc Signed-off-by: dishanktiwari2501 <dtiwari@progress.com> --------- Signed-off-by: Durga Sarat Chandra Maddu <dmaddu@progress.com> Signed-off-by: Arvinth C <arvinth.chandrasekaran@progress.com> Signed-off-by: dishanktiwari2501 <dtiwari@progress.com> Co-authored-by: Durga Sarat Chandra Maddu <44021874+Dmaddu@users.noreply.github.com> Co-authored-by: Chef Expeditor <chef-ci@chef.io> Co-authored-by: dishanktiwari2501 <dtiwari@progress.com> * redirected the prerequisites section Signed-off-by: dishanktiwari2501 <dtiwari@progress.com> * added sections to the onprem first page Signed-off-by: dishanktiwari2501 <dtiwari@progress.com> * added sections to the onprem second page Signed-off-by: dishanktiwari2501 <dtiwari@progress.com> * added sections to the onprem third page Signed-off-by: dishanktiwari2501 <dtiwari@progress.com> --------- Signed-off-by: dishanktiwari2501 <dtiwari@progress.com> Signed-off-by: Tejaswi Bondila <bondila.venkatatejaswi@progress.com> Signed-off-by: Durga Sarat Chandra Maddu <dmaddu@progress.com> Signed-off-by: Arvinth C <arvinth.chandrasekaran@progress.com> Co-authored-by: Tejaswi Bondila <100406225+bvtejaswi@users.noreply.github.com> Co-authored-by: Arvinth C <54614142+ArvinthC3000@users.noreply.github.com> Co-authored-by: Durga Sarat Chandra Maddu <44021874+Dmaddu@users.noreply.github.com> Co-authored-by: Chef Expeditor <chef-ci@chef.io>
chef · Aug 31, 2023 · 166ddbb · 166ddbb
1 parent 79c5a11
commit 166ddbb
Show file tree

Hide file tree

Showing 22 changed files with 1,024 additions and 873 deletions.
diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-4.9.90
+4.9.64
diff --git a/components/docs-chef-io/content/automate/ha.md b/components/docs-chef-io/content/automate/ha.md
@@ -16,7 +16,7 @@ gh_repo = "automate"
 {{% automate/ha-warn %}}
 {{< /warning >}}
 
-**High availability (HA)** refers to a system or application that offers a high level of operational availability. This means that the entire site or application will not be down if one server goes down due to traffic overload or other issues. HA represents the application remains available with no interruption. We achieve high availability when an application continues to operate even when one or more underlying components fail.
+**High availability (HA)** refers to a system or application that offers high operational availability. This means the entire site or application will not be down if one server goes down due to traffic overload or other issues. HA represents the application remains available with no interruption. We achieve high availability when an application continues to operate even when one or more underlying components fail.
 
 Thus, HA is designed to avoid loss of service by reducing or managing failures and minimizing unscheduled downtime (when your system or network is not available for use or is unresponsive) that happens due to power outages or failure of a component.
 
@@ -37,8 +37,9 @@ HA architecture includes the cluster of the *Chef Automate*, *Chef Server*, *Pos
 ![High Availability Architecture](/images/automate/ha_arch_aws_managedservices.png)
 
 {{< note >}}
-Chef Automate HA for Managed Services has default port 7392 for Managed Postgresql and 9200 for Managed Opensearch. You can also change to your custom port.
+Chef Automate HA for Managed Services has default port 7392 for Managed PostgreSQL and 9200 for Managed OpenSearch. You can also change to your custom port.
 {{< /note >}}
+
 ### Chef Automate HA Architecture for OnPremise Non-Managed Minimum Node Cluster
 
 ![High Availability Architecture](/images/automate/ha_arch_minnode_cluster.png)
@@ -69,6 +70,8 @@ In this, we expect VM (Virtual machine) or Bare Metal machines (Physical machine
 
 After this, installation steps will Deploy Chef Automate, Chef Infra Server, Postgresql DB, and OpenSearch DB to the relevant VMs or Physical Machines as provided in Config.
 
+Please refer [Performance Bench marking](https://docs.chef.io/automate/ha_performance_benchmarks/#performance-benchmarks) for more info.
+
 ### Cloud Deployment using Amazon Web Services (AWS)
 
 The two-step deployment process is as shown below:

diff --git a/components/docs-chef-io/content/automate/ha_add_nodes_to_the_deployment.md b/components/docs-chef-io/content/automate/ha_add_nodes_to_the_deployment.md
@@ -0,0 +1,152 @@
++++
+title = "Add Nodes to the Deployment"
+draft = false
+gh_repo = "automate"
+
+[menu]
+  [menu.automate]
+    title = "Add Nodes to the Deployment"
+    parent = "automate/deploy_high_availability/manage_ha_cluster"
+    identifier = "automate/deploy_high_availability/manage_ha_cluster/ha_add_nodes_to_the_deployment.md Add Nodes to the Deployment"
+    weight = 200
++++
+
+Chef Automate HA comes with five different types of deployment flows. This page tells you how to add more nodes to your deployment processes.
+
+## Add more Nodes to the OnPremises Deployments
+
+In this section, we will see how to add more nodes to the on-premises deployment for all the databases, i.e., Chef Managed, AWS Managed and Customer Managed Database.
+
+The commands require some arguments so that it can determine which types of nodes you want to add to your HA setup from your bastion host. It needs the IP addresses of the nodes you want to add as comma-separate values with no spaces in between.
+
+For example,
+
+- To add nodes with IP 10.1.2.23 to automate, run the following command:
+
+    ```sh
+    chef-automate node add --automate-ips 10.1.2.23
+    ```
+
+- To add nodes with IP 10.1.2.23 and 10.0.1.42 to the chef-server, run the following command:
+
+    ```sh
+    chef-automate node add --chef-server-ips 10.1.2.23,10.0.1.42
+    ```
+
+- To add nodes with IP 10.1.2.23 and 10.0.1.42 to OpenSearch, run the following command:
+
+    ```sh
+    chef-automate node add --opensearch-ips 10.1.2.23,10.0.1.42
+    ```
+
+- To add nodes with IP 10.1.2.23, 10.0.1.54 and 10.0.1.42 to PostgreSQL, run the following command:
+
+    ```sh
+    chef-automate node add --postgresql-ips 10.1.2.23,10.0.1.42,10.0.1.54
+    ```
+
+You can mix and match different services to add nodes across various services.
+
+- To add nodes with IP 10.1.2.23 to automate and nodes with IP 10.0.1.54 and 10.0.1.42 to PostgreSQL, run the following command:
+
+    ```sh
+    chef-automate node add --automate-ips 10.1.2.23 --postgresql-ips 10.0.1.42,10.0.1.54
+    ```
+
+- To add nodes with IP 10.1.2.23 to automate, nodes with IP 10.1.0.36 and 10.0.1.233 to chef-server, and nodes with IP 10.0.1.54 and 10.0.1.42 to PostgreSQL, run the following command:
+
+    ```sh
+    chef-automate node add --automate-ips 10.1.2.23 --chef-server-ips 10.1.0.36,10.0.1.233  --postgresql-ips 10.0.1.42,10.0.1.54
+    ```
+
+Once the command executes, it will add the supplied nodes to your automate setup. The changes might take a while.
+
+- Make sure to update your loadbalancer configuration with the IP address of the new node. For reference, check [Load Balancer Configuration page](/automate/loadbalancer_configuration/)
+
+{{< note >}}
+
+- If you have patched some external config to any existing services, then apply the same on the new nodes.
+For example, if you have patched any external configurations like SAML or LDAP or any other done manually post-deployment in automate nodes, make sure to patch those configurations on the new automate nodes. The same must be followed for services like Chef-Server, Postgresql, and OpenSearch.
+- The new node will be configured with the certificates already configured in your HA setup.
+- If you had applied unique certificates per node, then the certificates of one of the nodes have been applied by default on the new nodes.
+- If you want to change the certificates for the new nodes, you can manually run the `chef-automate cert-rotate [options]` command.
+
+{{< /note >}}
+
+{{< warning >}}
+It's essential to ensure that the IP address of the nodes you are trying to add has sufficient resources and is reachable from the bastion host.
+{{< /warning >}}
+
+## Add more Nodes In AWS Deployment with AWS Managed Database
+
+In this section, we will see how to add more nodes to the AWS deployment for AWS managed database.
+
+The commands require some arguments so that it can determine which types of nodes you want to add to your HA setup from your bastion host. When you run the command, it needs the count of the nodes you want to add as an argument. For example,
+
+- To add two nodes to automate, run the following command:
+
+    ```sh
+    chef-automate node add --automate-count 2
+    ```
+
+- To add three nodes to the chef-server, run the following command:
+
+    ```sh
+    chef-automate node add --chef-server-count 3
+    ```
+
+- To add one node to OpenSearch, run the following command:
+
+    ```sh
+    chef-automate node add --opensearch-count 1
+    ```
+
+- To add two nodes to PostgreSQL, run the following command:
+
+    ```sh
+    chef-automate node add --postgresql-count 2
+    ```
+
+You can mix and match different services to add nodes across various services.
+
+- To add one node to automate and two nodes to PostgreSQL, run the following command:
+
+    ```sh
+    chef-automate node add --automate-count 1 --postgresql-count 2
+    ```
+
+- To add one node to automate, two nodes to chef-server, and two nodes to PostgreSQL, run the following command:
+
+    ```sh
+    chef-automate node add --automate-count 1 --chef-server-count 2 --postgresql-count 2
+    ```
+
+Once the command executes, it will add the supplied nodes to your automated setup. The changes might take a while.
+
+{{< note >}}
+
+- If you have patched some external config to any existing services, apply the same on the new nodes. For example, if you have patched any external configurations like SAML or LDAP or any other done manually post-deployment in automate nodes, make sure to patch those configurations on the new automate nodes. The same must be followed for services like Chef-Server, Postgresql, and OpenSearch.
+- The new node will be configured with the certificates already configured in your HA setup.
+{{< /note >}}
+
+{{< warning >}}
+Downgrading the number of instance_count for the backend nodes will result in data loss. We do not recommend downgrading the backend nodes.
+{{< /warning >}}
+
+## Add more nodes In AWS Deployment with Chef Managed Database
+
+In this section, we will see how to add more nodes to the AWS deployment for Chef managed database.
+
+The commands require some arguments so that it can determine which types of nodes you want to add to your HA setup from your bastion host. When you run the command, it needs the count of the nodes you want to add as an argument. For example,
+
+- To add two nodes to automate, run the following command:
+
+    ```sh
+    chef-automate node add --automate-count 2
+    ```
+
+- To add three nodes to the chef-server, run the following command:
+
+    ```sh
+        chef-automate node add --chef-server-count 3
+    ```
diff --git a/components/docs-chef-io/content/automate/ha_automate_to_automate_ha.md b/components/docs-chef-io/content/automate/ha_automate_to_automate_ha.md
@@ -22,7 +22,7 @@ gh_repo = "automate"
 
 ## Migration with FileSystem Backup Locally
 
-Follow the steps below when migrating to On-Premises or AWS HA deployment (but not for AWS with managed services).
+Follow the steps below when migrating to On-Premises or AWS HA deployment **(but not for AWS with managed services)**.
 
 1. Create a Backup of Chef Automate Standalone using the following command:
 
@@ -40,33 +40,31 @@ Follow the steps below when migrating to On-Premises or AWS HA deployment (but n
         chef-automate bootstrap bundle create bootstrap.abb
         ```
 
-1. Go to the backup location mentioned in Automate config, but if you haven't specified the location go to the `/var/opt/chef-automate/backups` location and create **Bundle** using the following command:
 
-    ```bash
-    tar -cvf backup.tar.gz <backup_id>/ automate-elasticsearch-data/ .tmp/
-    ```
-
-1. Transfer the `tar` bundle to one of the Chef Automate nodes of Automate HA using the following command:
+1. Copy the backup folder to boostrapped Automate node of Automate HA using the following command:
 
     ```bash
-    scp -i </path/to/key> </path/to/backup-file> <user>@<host>:/home/<user>
+    scp -i </path/to/key> -r </path/to/backup-file> <user>@<host>:/home/<user>
     ```
 
-1. Transfer the `bootstrap.abb` file to all the Chef Automate HA FrontEnd Nodes (both Chef Automate and Chef Infra Server) using the following command:
+1. Copy the `bootstrap.abb` file to all the Chef Automate HA FrontEnd Nodes (both Chef Automate and Chef Infra Server) using the following command:
 
     ```bash
     scp -i </path/to/key> </path/to/bootstrap.abb> <user>@<host>:/home/<user>
     ```
 
-1. Go to Bastion and:
+1. If your Chef Automate HA does not have file system backup configured already then try this step:
+
+    Go to Bastion and:
+
     - Create a `.toml` (say os_config.toml) file in the Bastion host. Once done, copy the following contents to the `.toml` file and patch the file in all the OpenSearch nodes.
 
     ```bash
     [path]
-      repo = "/mnt/automate_backups"
+      repo = "</path/to/automate_backups>/opensearch"
     ```
 
-    The following command will patch the configuration in all the OpenSearch nodes.
+    The following command will patch the configuration in all the OpenSearch nodes, run this command from bastion.
 
     ```bash
     chef-automate config patch --opensearch <path to os_config.toml>
@@ -79,24 +77,18 @@ Follow the steps below when migrating to On-Premises or AWS HA deployment (but n
         enable = true
         location = "fs"
     [global.v1.external.opensearch.backup.fs]
-        path = "/mnt/automate_backups"
+        path = "</path/to/automate_backups>/opensearch"
     [global.v1.backups.filesystem]
-        path = "/mnt/automate_backups"
+        path = "</path/to/automate_backups>/backups"
     ```
 
-    The following command will patch the configuration in all the Frontend nodes:
+    The following command will patch the configuration in all the Frontend nodes, run this command on bastion:
 
     ```bash
     chef-automate config patch --fe <Path to automate.toml>
     ```
 
-1. Go to the Chef Automate node of Automate HA cluster, where we copied the `tar` file. Unzip the bundle using the following:
-
-    ```bash
-    tar -xf backup.tar.gz -C /mnt/automate_backups
-    ```
-
-1. Run the following command on the Chef Automate node of Automate HA cluster to get the current config:
+1. Run the following command on the boostrapped Automate node of Automate HA cluster to get the current config:
 
     ```bash
     sudo chef-automate config show > current_config.toml
@@ -120,13 +112,13 @@ Follow the steps below when migrating to On-Premises or AWS HA deployment (but n
     chef-automate bootstrap bundle unpack bootstrap.abb
     ```
 
-1. Stop all the instances except where you saved the `.tar` file on frontend nodes in Automate HA Cluster. Run the following command to all the Automate and Chef Infra Server nodes:
+1. Stop all the frontend nodes except boostraped automate node in Automate HA Cluster. Run the following command to all the Automate and Chef Infra Server nodes:
 
     ``` bash
     sudo chef-automate stop
     ```
 
-1. Restore in Chef-Automate HA using the following command:
+1. Restore in Chef-Automate HA using the following command in boostraped automate node :
 
     ```bash
     chef-automate backup restore /mnt/automate_backups/<backup_id>/ --patch-config current_config.toml --airgap-bundle /var/tmp/frontend-${automate_version_number}.aib --skip-preflight
@@ -141,24 +133,26 @@ Follow the steps below when migrating to On-Premises or AWS HA deployment (but n
 
 ## Migration with FileSystem Backup via Volume Mount
 
-Follow the steps below when migrating to On-Premises or AWS HA deployment (but not for AWS with managed services).
+Follow the steps below when migrating to On-Premises or AWS HA deployment **(but not for AWS with managed services)**.
 
 1. Make EFS volume and attach that volume to the existing automate and Automate HA nodes.
 1. Mount EFS Volume:
     - In Automate, we are mounting that EFS volume at the `/var/opt/chef-automate/backups` location unless you specify the location in the `config.toml` file.
-    - In HA, we are mounting that EFS volume at `/mnt/automate_backups`. (You need to mount this volume in all the HA nodes).
+    - In HA, we are mounting that EFS volume at `</path/to/automate_backups>` for example `/mnt/automate_backups`. (You need to mount this volume in all the HA nodes).
 
     Make sure that the location has permission for the hab user.
 
-1. Go to Bastion and:
+1. If your Chef Automate HA does not have file system backup configured already then try this step:
+
+    Go to Bastion and:
     - Create a `.toml` (say os_config.toml) file in the Bastion host. Once done, copy the following contents to the `.toml` file and patch the file in all the OpenSearch nodes.
 
     ```bash
     [path]
-      repo = "/mnt/automate_backups"
+      repo = "/path/to/automate_backups/opensearch"
     ```
 
-    The following command will patch the configuration in all the OpenSearch nodes.
+    The following command will patch the configuration in all the OpenSearch nodes, run this command from bastion.
 
     ```bash
     chef-automate config patch --opensearch <Path to os_config.toml>
@@ -171,12 +165,12 @@ Follow the steps below when migrating to On-Premises or AWS HA deployment (but n
         enable = true
         location = "fs"
     [global.v1.external.opensearch.backup.fs]
-        path = "/mnt/automate_backups"
+        path = "/path/to/automate_backups/opensearch"
     [global.v1.backups.filesystem]
-        path = "/mnt/automate_backups"
+        path = "/path/to/automate_backups/backups"
     ```
 
-    The following command will patch the configuration in all the Frontend nodes:
+    The following command will patch the configuration in all the Frontend nodes, run this command on bastion:
 
     ```bash
     chef-automate config patch --fe <Path to automate.toml>
@@ -198,7 +192,7 @@ Follow the steps below when migrating to On-Premises or AWS HA deployment (but n
         chef-automate bootstrap bundle create bootstrap.abb
         ```
 
-1. Run the following command on the Chef Automate node of Automate HA cluster to get the current config:
+1. Run the following command on the boostrapped Automate node of Automate HA cluster to get the current config:
 
     ```bash
     sudo chef-automate config show > current_config.toml
@@ -253,7 +247,7 @@ Follow the steps below when migrating to On-Premises or AWS HA deployment (but n
 
 For AWS managed services, map the snapshot role to the OpenSearch dashboard. It is necessary to [enable backup and restore in OpenSearch](automate/managed_services/#enabling-opensearch-backup-restore).
 
-1. Patch the following configuration in Standalone Chef Automate for creating the backup in the S3.
+1. If the standalone Automate is not configured with S3 backup configurations then patch the following configuration in Standalone Chef Automate for creating the backup in the S3.
 
     ```bash
     [global.v1.backups]
@@ -300,7 +294,7 @@ For AWS managed services, map the snapshot role to the OpenSearch dashboard. It
         chef-automate bootstrap bundle create bootstrap.abb
         ```
 
-1. Transfer the `bootstrap.abb` file to all the Chef Automate HA FrontEnd Nodes (both Chef Automate and Chef Infra Server) using the following command:
+1. Copy the `bootstrap.abb` file to all the Chef Automate HA FrontEnd Nodes (both Chef Automate and Chef Infra Server) using the following command:
 
     ```bash
     scp -i </path/to/key> </path/to/bootstrap.abb> <user>@<host>:/home/<user>
@@ -310,7 +304,7 @@ For AWS managed services, map the snapshot role to the OpenSearch dashboard. It
 
     {{< note >}} Use the same bucket for restore, which was used in the standalone automate while creating the backup. Configure the same basepath in Automate HA you gave in Standalone Automate. {{< /note >}}
 
-    - Create a `.toml` (say os_config.toml) file in the Bastion host. Once done, copy the following contents to the `.toml` file and patch the file in all the OpenSearch nodes.
+    - Patch the below S3 backup configuration, ignore this step if Automate HA already has S3 backup configuration. Create a `.toml` (say os_config.toml) file in the Bastion host. Once done, copy the following contents to the `.toml` file and patch the file in all the OpenSearch nodes.
 
     ```bash
     [global.v1]
@@ -363,13 +357,13 @@ For AWS managed services, map the snapshot role to the OpenSearch dashboard. It
             secret_key = "<Your Secret Key>"
     ```
 
-    The following command will patch the configuration in all the Frontend nodes:
+    The following command will patch the configuration in all the Frontend nodes, run this command on bastion:
 
     ```bash
     chef-automate config patch --frontend automate.toml
     ```
 
-1. Run the following command on the Chef Automate node of Automate HA cluster to get the current config:
+1. Run the following command on the boostrapped Automate node of Automate HA cluster to get the current config:
 
     ```bash
     sudo chef-automate config show > current_config.toml
@@ -393,7 +387,7 @@ For AWS managed services, map the snapshot role to the OpenSearch dashboard. It
     chef-automate bootstrap bundle unpack bootstrap.abb
     ```
 
-1. Stop all the frontend instances except where you saved the `current_config.toml` file on Chef Automate node in Automate HA Cluster. Run the following command to all the Automate and Chef Infra Server nodes:
+1. Stop all the frontend nodes except where you saved the `current_config.toml` file on Chef Automate node in Automate HA Cluster. Run the following command to all the Automate and Chef Infra Server nodes:
 
     ``` bash
     sudo chef-automate stop