azure feedback phase0= one

Signed-off-by: punitmundra <pmundra@progress.com>

components/docs-chef-io/content/automate/ha.md

@@ -65,6 +65,27 @@ The Chef Automate HA Architecture involves the following clusters as part of the
   - [Chef Automate](https://docs.chef.io/automate/)
   - [Chef Server](https://docs.chef.io/server/)
 
+## Provisioning
+
+Chef Automate High Availability solution can run on systems provisioned by cloud providers and on-premise infrastructure. Appropriately provisioned backend, frontend and bastion systems will help in smooth deployment and installation experience.
+
+  - On-premise provisioning
+  - Cloud provisioning
+
+### On-premise provisioning
+
+  Customer can provision virtual machines or bare metal machines on supported operating system with required system settings to deploy Automate HA solution. 
+
+### Cloud provisioing
+  Systems and services from following cloud providers are supported:
+
+  - [AWS](https://docs.chef.io/automate/ha_aws_deploy_steps/#steps-to-provision)
+  - Azure
+  - Google
+
+Once cloud systems are provisioned, Automate HA solution can be deployed on the cloud infrastructure.
+For AWS we have a simplified provisioning utility, whereas for Azure and Google we expect customers to manually provision the systems.
+
 ## Deployment Methods
 
 Chef Automate High Availability (HA) supports two types of deployment:
@@ -88,6 +109,23 @@ The two-step deployment process is as shown below:
 - Deployment of services on the provisioned infrastructure.
   - Installation of *PostgreSQL*, *OpenSearch*, *Chef Automate*, and *Chef Infra Server* will be done in this step.
 
+### Cloud Deployment using Azure
+
+The two-step deployment process is as shown below:
+
+- Provisioning Infrastructure: Manually provision the infrastructure
+- Deployment of services on the provisioned infrastructure (follow the [On-premise Deployment steps](/automate/ha_onprim_deployment_procedure/)).
+  - Installation of *PostgreSQL*, *OpenSearch*, *Chef Automate*, and *Chef Infra Server* will be done in this step.
+- Only File System Backup and Restore is supported.
+
+### Cloud Deployment using Google Cloud Platform (GCP)
+
+The two-step deployment process is as shown below:
+
+- Provisioning Infrastructure: Manually provision the infrastructure
+- Deployment of services on the provisioned infrastructure (follow the [On-premise Deployment steps](/automate/ha_onprim_deployment_procedure/)).
+  - Installation of *PostgreSQL*, *OpenSearch*, *Chef Automate*, and *Chef Infra Server* will be done in this step.
+
 ## Performance (Benchmarking)
 
 Please refer to the [Performance Benchmarking document](/automate/ha_performance_benchmarks/) for the detailed performance benchmark numbers

components/docs-chef-io/content/automate/ha_add_nodes_to_the_deployment.md

@@ -27,6 +27,7 @@ Chef Automate HA comes with five different types of deployment flows. This page
 {{< note >}}
 
 - The flags like `opensearch-ips` and `postgresql-ips` are only applicable for the Chef Managed Database cluster
+- If `/hab` volume is externally mounted, then trigger the `add node`/`remove node` command from the `/hab` directory.
 
 {{< /note >}}
 

components/docs-chef-io/content/automate/ha_cert_rotation.md

@@ -45,9 +45,7 @@ To understand how to generate certificates, refer to the [Certificate Generation
 
 ### Rotate Cluster Certificates
 
-If you want to rotate certificates of the entire cluster using single command, then you can follow the below commands:
-
-To rotate certificates of entire cluster using single command, we need a certificate template.
+To rotate the certificate for a node (automate,chef-server,postgres,opensearch) in the cluster, please provide the certificate file path in `certificate-config.toml` file.
 
 - To generate certificate template use below command
 
@@ -130,7 +128,7 @@ To rotate the Automate Load balancer root certificate:
     [cs_nginx.v1.sys.ngx.http]
       ssl_verify_depth = 6
     [global.v1.external.automate.ssl]
-      server_name = "https://<automatefqdn.example.com>"
+      server_name = "<automatefqdn.example.com>"
       root_cert = """<Root_CA_Content>"""
     ```
 

components/docs-chef-io/content/automate/ha_cert_selfsign.md

@@ -44,38 +44,38 @@ You can create a self-signed key and certificate pair with the **OpenSSL** utili
     ```bash
     # !/bin/bash
 
-    echo extendedKeyUsage = clientAuth, serverAuth > server_cert_ext.cnf
-    echo subjectAltName = DNS:chefadmin >> server_cert_ext.cnf
-    echo extendedKeyUsage = clientAuth, serverAuth > node_cert_ext.cnf
-    echo subjectAltName = DNS:chefnode >> node_cert_ext.cnf 
-    echo extendedKeyUsage = clientAuth, serverAuth > client_cert_ext.cnf
-    echo subjectAltName = DNS:chefclient >> client_cert_ext.cnf
-        openssl genrsa -out root-ca-key.pem 2048
-        openssl req -new -x509 -sha256 -key root-ca-key.pem -subj "/C=US/ST=Washington/L=Seattle/O=Chef Software Inc/CN=progress" -out root-ca.pem -days 1095 -addext basicConstraints=CA:TRUE
-
-        # Admin cert
-        openssl genrsa -out admin-key-temp.pem 2048
-        openssl pkcs8 -inform PEM -outform PEM -in admin-key-temp.pem -topk8 -nocrypt -v1 PBE-SHA1-3DES -out admin-key.pem
-        openssl req -new -key admin-key.pem -subj "/C=US/ST=Washington/L=Seattle/O=Chef Software Inc/CN=chefadmin" -out admin.csr
-        openssl x509 -req -in admin.csr -CA root-ca.pem -CAkey root-ca-key.pem -CAcreateserial -sha256 -out admin.pem -days 1095 -extfile server_cert_ext.cnf
-
-        # Node cert 1
-        openssl genrsa -out node1-key-temp.pem 2048
-        openssl pkcs8 -inform PEM -outform PEM -in node1-key-temp.pem -topk8 -nocrypt -v1 PBE-SHA1-3DES -out node1-key.pem
-        openssl req -new -key node1-key.pem -subj "/C=US/ST=Washington/L=Seattle/O=Chef Software Inc/CN=chefnode" -out node1.csr
-        openssl x509 -req -in node1.csr -CA root-ca.pem -CAkey root-ca-key.pem -CAcreateserial -sha256 -out node1.pem -days 1095 -extfile node_cert_ext.cnf
-
-        # Node cert 2
-        openssl genrsa -out node2-key-temp.pem 2048
-        openssl pkcs8 -inform PEM -outform PEM -in node2-key-temp.pem -topk8 -nocrypt -v1 PBE-SHA1-3DES -out node2-key.pem
-        openssl req -new -key node2-key.pem -subj "/C=US/ST=Washington/L=Seattle/O=Chef Software Inc/CN=chefnode" -out node2.csr
-        openssl x509 -req -in node2.csr -CA root-ca.pem -CAkey root-ca-key.pem -CAcreateserial -sha256 -out node2.pem -days 1095 -extfile node_cert_ext.cnf
-
-        # Client cert
-        openssl genrsa -out client-key-temp.pem 2048
-        openssl pkcs8 -inform PEM -outform PEM -in client-key-temp.pem -topk8 -nocrypt -v1 PBE-SHA1-3DES -out client-key.pem
-        openssl req -new -key client-key.pem -subj "/C=US/ST=Washington/L=Seattle/O=Chef Software Inc/CN=chefclient" -out client.csr
-        openssl x509 -req -in client.csr -CA root-ca.pem -CAkey root-ca-key.pem -CAcreateserial -sha256 -out client.pem -days 1095 -extfile client_cert_ext.cnf
+echo extendedKeyUsage = clientAuth, serverAuth > server_cert_ext.cnf
+echo subjectAltName = DNS:chefadmin >> server_cert_ext.cnf
+echo extendedKeyUsage = clientAuth, serverAuth > node_cert_ext.cnf
+echo subjectAltName = DNS:chefnode >> node_cert_ext.cnf 
+echo extendedKeyUsage = clientAuth, serverAuth > client_cert_ext.cnf
+echo subjectAltName = DNS:chefclient >> client_cert_ext.cnf
+    openssl genrsa -out root-ca-key.pem 2048
+    openssl req -new -x509 -sha256 -key root-ca-key.pem -subj "/C=US/ST=Washington/L=Seattle/O=Chef Software Inc/CN=progress" -out root-ca.pem -days 1095 -addext basicConstraints=CA:TRUE
+
+    # Admin cert
+    openssl genrsa -out admin-key-temp.pem 2048
+    openssl pkcs8 -inform PEM -outform PEM -in admin-key-temp.pem -topk8 -nocrypt -v1 PBE-SHA1-3DES -out admin-key.pem
+    openssl req -new -key admin-key.pem -subj "/C=US/ST=Washington/L=Seattle/O=Chef Software Inc/CN=chefadmin" -out admin.csr
+    openssl x509 -req -in admin.csr -CA root-ca.pem -CAkey root-ca-key.pem -CAcreateserial -sha256 -out admin.pem -days 1095 -extfile server_cert_ext.cnf
+
+    # Node cert 1
+    openssl genrsa -out node1-key-temp.pem 2048
+    openssl pkcs8 -inform PEM -outform PEM -in node1-key-temp.pem -topk8 -nocrypt -v1 PBE-SHA1-3DES -out node1-key.pem
+    openssl req -new -key node1-key.pem -subj "/C=US/ST=Washington/L=Seattle/O=Chef Software Inc/CN=chefnode" -out node1.csr
+    openssl x509 -req -in node1.csr -CA root-ca.pem -CAkey root-ca-key.pem -CAcreateserial -sha256 -out node1.pem -days 1095 -extfile node_cert_ext.cnf
+
+    # Node cert 2
+    openssl genrsa -out node2-key-temp.pem 2048
+    openssl pkcs8 -inform PEM -outform PEM -in node2-key-temp.pem -topk8 -nocrypt -v1 PBE-SHA1-3DES -out node2-key.pem
+    openssl req -new -key node2-key.pem -subj "/C=US/ST=Washington/L=Seattle/O=Chef Software Inc/CN=chefnode" -out node2.csr
+    openssl x509 -req -in node2.csr -CA root-ca.pem -CAkey root-ca-key.pem -CAcreateserial -sha256 -out node2.pem -days 1095 -extfile node_cert_ext.cnf
+
+    # Client cert
+    openssl genrsa -out client-key-temp.pem 2048
+    openssl pkcs8 -inform PEM -outform PEM -in client-key-temp.pem -topk8 -nocrypt -v1 PBE-SHA1-3DES -out client-key.pem
+    openssl req -new -key client-key.pem -subj "/C=US/ST=Washington/L=Seattle/O=Chef Software Inc/CN=chefclient" -out client.csr
+    openssl x509 -req -in client.csr -CA root-ca.pem -CAkey root-ca-key.pem -CAcreateserial -sha256 -out client.pem -days 1095 -extfile client_cert_ext.cnf
     ```
 
 1. The script generates the certificates at the newly created directory, `rotate-certs` in this case.

components/docs-chef-io/content/automate/ha_chef_backend_to_automate_ha.md

@@ -115,6 +115,7 @@ Before restoring the backup on the Automate HA Chef Server, configure [S3 storag
 
 ## Restore Data to Chef Automate HA
 
+To restore the data, you will need to use the `knife-ec-backup` utility, which can be installed on any of the Automate HA Chef-Infra-Server nodes.
 - Execute the below command to install the habitat package for `knife-ec-backup`
 
     ```sh

components/docs-chef-io/content/automate/ha_disaster_recovery_setup.md

@@ -98,12 +98,6 @@ Configure backups for both clusters using either [file system](/automate/ha_back
 
     - We don't recommend creating backups from the disaster recovery cluster unless it has become the active cluster and receiving traffic from the clients/nodes.
 
-    - Stop all the services on all Automate and Chef Infra frontend nodes using the following command:
-
-    ```sh
-    systemctl stop chef-automate
-    ```
-
     - Make sure both backup and restore cron are aligned.
 
     - Run the following command in one of the Automate nodes to get the IDs of all the backups:
@@ -132,6 +126,12 @@ Configure backups for both clusters using either [file system](/automate/ha_back
             password = "admin"
         ```
 
+        - Stop all the services on all Automate and Chef Infra frontend nodes using the following command:
+
+        ```sh
+            systemctl stop chef-automate
+        ```
+
         - In the disaster recovery cluster, use the following sample command to restore the latest backup from any Chef Automate frontend instance.
 
         For **S3/MinIO** execute the following command from the Bootstrapped Automate node to restore:

components/docs-chef-io/content/automate/ha_on_premises_deployment_prerequisites.md

@@ -92,13 +92,13 @@ Current Automate HA integrates with the following non-Chef tools:
 
 ### Minimum Hardware Requirement
 
-| Instance          | Count | vCPU | RAM | Storage Size(/hab) | AWS Machine Type | GCP Machine Type | Additional Space      |
-| ----------------- | ----- | ---- | --- | ------------------ | ---------------- | ---------------- | -----------------     |
-| Chef Automate     | 2     | 2    | 8   | 200 GB             | m5.large         | n2-standard-2    | /var/tmp=5% /root=20% |
-| Chef Infra Server | 2     | 2    | 8   | 200 GB             | m5.large         | n2-standard-2    | /var/tmp=5% /root=20% |
-| PostgreSQL DB     | 3     | 2    | 8   | 200 GB             | m5.large         | n2-standard-2    | /var/tmp=5% /root=20% |
-| OpenSearch DB     | 3     | 2    | 8   | 200 GB             | m5.large         | n2-standard-2    | /var/tmp=5% /root=20% |
-| Bastion Machine   | 1     | 2    | 8   | 200 GB             | m5.large         | n2-standard-2    | /var/tmp=5% /root=20% |
+| Instance          | Count | vCPU | RAM | Storage Size(/hab) | AWS Machine Type | AZURE Machine Type | GCP Machine Type | Additional Space      |
+| ----------------- | ----- | ---- | --- | ------------------ | ---------------- | ------------------ | ---------------- | -----------------     |
+| Chef Automate     | 2     | 2    | 8   | 200 GB             | m5.large         | Standard_D2as_v4   | n2-standard-2    | /var/tmp=5% /root=20% |
+| Chef Infra Server | 2     | 2    | 8   | 200 GB             | m5.large         | Standard_D2as_v4   | n2-standard-2    | /var/tmp=5% /root=20% |
+| PostgreSQL DB     | 3     | 2    | 8   | 200 GB             | m5.large         | Standard_D2as_v4   | n2-standard-2    | /var/tmp=5% /root=20% |
+| OpenSearch DB     | 3     | 2    | 8   | 200 GB             | m5.large         | Standard_D2as_v4   | n2-standard-2    | /var/tmp=5% /root=20% |
+| Bastion Machine   | 1     | 2    | 8   | 200 GB             | m5.large         | Standard_D2as_v4   | n2-standard-2    | /var/tmp=5% /root=20% |
 
 {{< note >}}
 For production, OpenSearch volume size also depends on the number of nodes and frequency of Chef Infra Client runs and compliance scans.

components/docs-chef-io/content/automate/ha_onprim_deployment_procedure.md

@@ -30,7 +30,20 @@ Please see the [On-Premises Prerequisites](/automate/ha_on_premises_deployment_p
 
 Provision the other nodes in the high availability cluster before deploying the bastion host.
 
-Make sure you have all resources either on existing infrastructure or on existing cloud infrastructure (AWS/Google Cloud Platform).
+Make sure you have all resources either on existing infrastructure or on existing cloud infrastructure (`AWS`/`Azure`/`GoogleCloudPlatform`).
+For Cloud Infrastructure following are supported:
+
+### AWS
+
+  Infrastructure on AWS can either be provisioned manually or using [provision utility](https://docs.chef.io/automate/ha_aws_deploy_steps/#steps-to-provision).
+
+### Azure
+
+  Infrastructure on Azure should be provisioned manually by the user before deploying Automate HA Solution.
+
+### GCP
+
+  Infrastructure on GCP should be provisioned manually by the user before deploying Automate HA Solution.
 
 ## Deploy the bastion host
 
@@ -45,7 +58,12 @@ Make sure you have all resources either on existing infrastructure or on existin
     "
     ```
 
-    To download specific version bundle, replace `latest.aib` with Chef Automate version number. For example, `4.2.59.aib`.
+    {{< note spaces=4 >}}
+
+    In case `/usr/bin` is not there then check for `/bin` directory
+
+    {{< /note >}}
+    To download specific version bundle, replace `latest.aib` with Chef Automate version number. For example, `4.12.144.aib`.
 
     {{< note spaces=4 >}}