Automating your CI/CD with Chef Automate & Habitat - Part 1

Ramit Surana · January 14, 2018

Hallo Freunde (German)(Hello Friends),As Martin Fowler correctly explains continous delivery:

Continuous Delivery is a software development discipline where you build software in such a way that the software can be released to production at any time.The primary goal of the process is to be production ready anytime and anywhere.

In this simple and amazing piece of article we are going to discuss and explore some new amazing and rather interesting pieces technology.One i.e. Habitat,an Automation tool that Automates your process to build and publish Docker Images and Second i.e. Automate, which is a new chef CI/CD tool with a cool new dashboard & better features.As an added bonus I am also going to share some nice tips that I use to make my life easier while handling the CI/CD pipelines.So let’s get started,


Introduction to Habitat

Habitat is a new amazing tool introduced by Chef.It basically tries to serve one motive i.e. to automate the process of making a container image as easily as possible.You can think of it as Dockerfile for the docker except that it has some new features for building images and process to publish it in CI/CD perspective. The tool has been introduced in 2016 & is still into development phase. It is written in rust and reactive by nature. Now let’s do some installation:

First, visit :

$ curl | sudo bash

After the installation, try running it on the command line using the below command:

$ hab
hab 0.51.0/20171219021329

Authors: The Habitat Maintainers <>
"A Habitat is the natural environment for your services" - Alan Turing

    hab [SUBCOMMAND]

    -h, --help       Prints help information
    -V, --version    Prints version information

    bldr      Commands relating to Habitat Builder
    cli       Commands relating to Habitat runtime config
    config    Commands relating to Habitat runtime config
    file      Commands relating to Habitat files
    help      Prints this message or the help of the given subcommand(s)
    origin    Commands relating to Habitat origin keys
    pkg       Commands relating to Habitat packages
    plan      Commands relating to plans and other app-specific configuration.
    ring      Commands relating to Habitat rings
    studio    Commands relating to Habitat Studios
    sup       Commands relating to the Habitat Supervisor
    svc       Commands relating to Habitat services
    user      Commands relating to Habitat users

    apply      Alias for: 'config apply'
    install    Alias for: 'pkg install'
    run        Alias for: 'sup run'
    setup      Alias for: 'cli setup'
    start      Alias for: 'svc start'
    stop       Alias for: 'svc stop'
    term       Alias for: 'sup term'

If you receive the above output, then you have successfully installed habitat.

Habitat Architecture


Now upon closely looking at its architecture and how to write it. You can clearly observe the various files one has to write in order to bring up the container/image. The main file in this section is the file which is responsible for the deployment strategy/dependencies/package name of the habitat image. It is mandatory to make this file and configure it properly in order to achieve the best results.

Next, is the default.toml file. This file contains the information about the ports and external configurations of your application that you have. It is similar to having nginx.conf for nginx or apache2conf for apache, which I believe is an interesting and good idea.

For the hooks part, I observed its usage while exploring some of the samples provided by habitat team in there docs.In simple terms, it is basically breaking down your requirements as per your application into multiple stages each having its priority in different order while running your application. Like we have Entrypoint in Dockerfile. For example, Here the file Init in scripts contains your initialization commands.

Some sample examples:

Habitat Builder

The Habitat Builder is a place similar to Docker Hub/ It is a place where you can automatically check in you code with habitat and build a variety of different container images. It also enables you to publish your docker images on docker hub by connecting your docker hub account.To get started sign up at Habitat Builder.


The term origin here can be defined as a namespace which is created by the user/organization to build one’s own packages. It is similar to defining your name in the dockerhub account.


As you can observe from above Habitat asks you to connect your GitHub account and specify the path to which your file is placed. It has a by default path under the habitat folder in which it searches your file. You can specify your path and use the dockerhub integration if you wish to publish your images to dockerhub.

Similar to DockerHub, you can also connect your ECR Registry on your AWS account by visiting the Integrations section.


After creating a package/build you can observe the dependencies by scrolling down the page:


Here you can observe that it consists of 2 sections, labelled as Transitive dependencies and Dependencies.In simple terms, the transitive dependencies can be labelled as a basic set of packages that are required by every application that you wish to build using docker. These are provisioned and managed by the Habitat Team. You can also treat it similar to the FROM Section when writing a Dockerfile.

On the other hand, Dependencies label is used to signify the extra packages you are using/mentioned in your file being used by your application.

Habitat Studio

Habitat Studio is a another important feature of Habitat that allows you to test and run you application in simulation to like a real enviornment before you publish it. If you are familiar with python, you can think it as similar as virtualenv. So let’s try out hab studio.

$ hab studio setup


In the setup default origin, choose your name for origin. In my case I am taking it as ramitsurana.



In order to achieve our objective we are going to use this github feature


In case you are wondering how to create a new access Github token, please open the following url


Copy the generated token in the cli tool for hab & you are good to go.

Do make sure to save this token. We will use it in the next part of the article.

Docker Vs Habitat

Chef Automate

Introduction to Chef Automate

Chef automate is a CI/CD Based solution provided by Chef to complete your end to end delivery requirements. It provides you with necessary tools to make your life easier and simple. It has by default integration for features & tools like Inspec for Compliance, LDAP/SAML Support, Slack Integration for Notifications etc.


Trying Out on Local System:

Chef Automate can be easily tried on your local system by downloading Chef Automate from here

For the cli, Download the package from here .

In order to check, try running:

ramit@ramit-Inspiron-3542:~$ automate-ctl
I don't know that command.
omnibus-ctl: command (subcommand)
  Create a new enterprise
  Create a new user
  Create new users from a tsv file
  Deletes an existing enterprise
  Deletes an existing project

Check if everything is good or not:

ramit@ramit-Inspiron-3542:~$ sudo automate-ctl preflight-check
[sudo] password for ramit: 

Running Preflight Checks:
  Checking for required resources...
    ✔ [passed]  CPU at least 4 cores
    ✖ [failed]  memory at least 16GB
  Checking for required directories...
    ✔ [passed]  /var
    ✔ [passed]  /var has at least 80GB free
    ✔ [passed]  /etc
  Checking for required umask...
    ✔ [passed]  0022

For Authenticating License:

(Grab your free License from here)

// Setup License & organization
$ automate-ctl setup --license /$PATH/automate.license --server-url https://localhost/organizations/$org_name --enterprise default --configure --no-build-node

$ automate-ctl reconfigure

//Create a default user and password
$ automate-ctl create-user default $user --password admin --roles "admin"

Try opening to interact with the Web UI.

Chef Automate Setup on AWS EC2


In order for the Chef Automate Setup to work, we will use a minimal setup in order to proceed. Here are the configuration details:

Category Inbound Security Ports Access Operating System & Instance Size
Chef Server 22 (SSH), 80 (HTTP), 443 (HTTPS), 10000-10003 (push jobs) Ubuntu 16.04(ami-21766642) & t2.micro
Chef Automate Server 22 (SSH), 80 (HTTP), 443 (HTTPS), 8989 (Git) Ubuntu 16.04(ami-21766642) & t2.large

Do make sure to install the License file required for running Chef Automate from here.Its a 30 day free trial. As per its current pricing page the fee for Chef Automate on AWS is $0.0155 node/hour.

Also, we will be using fully-qualified domain names (FQDNs) as recommended by Chef.

Please make sure to note the FQDN for both your Chef server and Chef Automate server.

$CHEF_SERVER_FQDN="Public DNS NAME of Chef Server EC2 Instance"
$CHEF_AUTOMATE_FQDN="Public DNS NAME of Chef Automate EC2 Instance"


Let’s get started:

Using the aws console,we can start 2 EC2 instances with ( t2.large ) instance type. Make sure to configre your security groups like shown below:


Make sure to add Port 8989 for Git with Chef-Automate Server.

After bringing up the chef-server machine, please log into the machine and use git to clone the following repo:

$ git clone

Run scripts/ :

// Make sure to set the variable with proper DNS Name
$ CHEF_AUTOMATE_FQDN="Public DNS NAME of Chef Automate EC2 Instance"

// Add permissions to execute
$ chmod +x $HOME/chef-automate-habitat/scripts/

// Run the script to install chef
$ sudo $HOME/chef-automate-habitat/scripts/ $CHEF_AUTOMATE_FQDN ramit

Successfully Copy Files to Chef Server from local machine using scp:

// License File
$ scp -i ~/.ssh/private_key -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null ~/Downloads/automate.license

Successfully Copy Files to Chef Automate from Chef Server using scp:

//Copy New PEM File from Chef Server to your local machine
$ scp -i <YOUR-EC2>.pem -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null ubuntu@<YOUR-CHEF-SERVER-DNS>:/drop/delivery.pem /tmp

//Upload the delivery.pem file to Chef Automate instance 
$ scp -i <YOUR-CHEF-AUTOMATE>.pem -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null /tmp/delivery.pem ubuntu@<YOUR-CHEF-AUTOMATE-DNS>:/home/ubuntu

//Upload the your license file to Chef Automate instance 
$ scp -i <YOUR-CHEF-AUTOMATE>.pem -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null /<PATH-TO-AUTOMATE-LICENSE>.license ubuntu@<YOUR-CHEF-AUTOMATE-DNS>:/home/ubuntu

Now your Chef Server is fully up and ready. We now move onto Chef-Automate Sever, after getting into it using ssh. Follow these below steps:

Use git to clone the following repo:

$ git clone
// Make sure to set the variable with proper DNS Name
$CHEF_SERVER_FQDN="Public DNS NAME of Chef Server EC2 Instance"

// Add permissions to execute
$ chmod +x $HOME/chef-automate-habitat/scripts/

// Run the script to install chef
$ sudo $HOME/chef-automate-habitat/scripts/ $CHEF_SERVER_FQDN ramit

After completing the above steps, you can proceed to open the DNS/IP for Chef Automate Server


Hoorah ! You have successfully configures chef automate and now you are ready to login.

Let’s start exploring some new features of the Chef Automate Dashboard:

With your user name and password admin, try to login. You will observe the following screen:


For shutting down chef automate:

$ sudo automate-ctl stop


Chef Automate Internals

Some of the chef automate internals that I observed while exploring this tool are as follows:


We will be discussing more on this in the next article :)

Tips & Tricks on CI/CD

As a bonus, sharing some tips on building & managing CI/CD in a better way:

  • Automate Liveness Agent

You can also use chef automate liveness agent for sending keepalive messages to Chef Automate, which prevents nodes that are up but not frequently running Chef Client from appearing as “missing” in the Automate UI. At the time of writing, it is currently in development.

  • Using Syntax Checker

One of the most primary starting point in CI/CD is to write a file using which we describe how our jobs are handled in the pipeline. For various tools, there are many syntax validators. I found them really useful. Some of there tools are:

  1. Jenkins
  2. Gitlab
  3. Travis
  • Use CI Web Pages for better output in Web Development Related Projects

You can use this script in Gitlab (.gitlab-ci.yml) to obtain the output at http://<-USERNAME-OF-GITLAB-><-PROJECT-NAME->/

  stage: deploy
  - mkdir .public
  - cp -r * .public
  - mv .public public
    - public
  - master

For GitHub use the below script in (_config.yml) to obtain the output at http://<-USERNAME-OF-GITHUB-><-PROJECT-NAME->/

theme: jekyll-theme-cayman
  • Avoid using Polling using GitHub Hooks

As correctly said by Koshuke, it is important that we adopt new methods to trigger the pipelines.

  • Use proper checkout strategy

One of the mistakes that one can do while checking out multiple repositories in a pipeline is the fact that unintended commit on other repo might be triggering the pipeline. The best command to checkout the repo is this :

poll: false,
scm: [
  $class: 'GitSCM', branches: [[name: '*/master']],
  userRemoteConfigs: [[
    url: MY_URL.git,
    credentialsId: CREDENTIALS_ID]],
  extensions: [
    [$class: 'DisableRemotePoll'],
    [$class: 'PathRestriction', excludedRegions: '', includedRegions: '*']]

  • Try Using Python for writing automation scripts

Python is a super amazing and fun language to work with. One of the cool reasons why I recommend it is because of the awesome libraries it has support to like dictionary, json, csv etc.


Exploring Chef Automate & Habitat has been a heck of a fun task for me. It enabled me to learn more about the upcoming new technologies and its usage in the DevOps world. In the end, I Hope you enjoyed this post,do share this post & tell me your fun experiences with chef in the below comments section.

Twitter, Facebook