# Create a Self-Registering Relay with Chef While our [Nodes Guide](/admin/networking/gateways-and-relays.md) walks you through setting up an individual relay, you might want to have a self-managed set of relays/gateways that will spin up and down without you needing to generate a token for each one. This Chef recipe will walk you through generating a reusable [admin token](/admin/principals/admin-tokens.md), which you can reuse, that brings up its own relay or gateway token to register itself to your StrongDM organization. ### Generating the Token You can generate an admin token that has only one function: creating relay/gateway tokens. Do this in the Admin UI under *Settings / Admin Tokens*. Select **Create** under **Relays** then click the **Create** button. Copy the token that is printed to screen as you will need it later, and you cannot get it back. {% hint style="info" %} For more detailed information on creating admin tokens, check out the [admin token guide](/admin/principals/admin-tokens.md). {% endhint %} ### Create the Recipe The recipe requires a folder structure like this: ```ascii strong-dm ├── recipes │ └── default.rb └── templates └── default └── init.sh.erb ``` There are two files in there, which we'll look at in turn. #### default.rb ```rb template '/usr/local/bin/sdm-init.sh' do source 'init.sh.erb' variables( myip: node['ec2']['local_ipv4'], admin_token: Chef::EncryptedDataBagItem.load('strongdm', 'admin-token')['content'] ) mode '0500' owner 'ubuntu' notifies :run, 'execute[sdm-init]', :immediately action :create_if_missing end execute 'sdm-init' do command '/usr/local/bin/sdm-init.sh' action :nothing end ``` Note here that you'll need to have the admin token generated above located in a Chef encrypted data bag. #### init.sh.erb ```bash #!/bin/sh sudo -i cd /tmp mkdir sdm cd sdm curl -J -O -L https://app.strongdm.com/releases/cli/linux unzip *.zip export SDM_ADMIN_TOKEN=<%= @admin_token %> export SDM_RELAY_TOKEN=`./sdm relay create-gateway <%= @myip %>:5000 0.0.0.0:5000` rm /root/.sdm/* unset SDM_ADMIN_TOKEN export SUDO_USER=ubuntu export SUDO_UID=1000 export USERNAME=root export USER=root export HOME=/root export LOGNAME=root export SUDO_GID=1000 ./sdm install --node ``` {% hint style="info" %} This script creates a gateway. To make a relay instead, change the `SDM_RELAY_TOKEN` line to `./sdm relay create`. {% endhint %} Of note here: * Set the correct unprivileged user under `SUDO_USER` and `SUDO_UID` * Set the correct port for the gateway to listen on under `SDM_RELAY_TOKEN`. * You can optionally name the relay/gateway by adding the `--name ` flag to the `sdm relay` command. * If your organization uses a control plane located in a region other than the default, add a `--region yourdomain` flag to the install commands, such as: ```sh ./sdm install --region app.uk.strongdm.com --node --token=$SDM_RELAY_TOKEN --user $TARGET_USER ``` ### Verify Your New Node Log into the Admin UI. In that section, the relay or gateway you created should appear with the **online** status and a heartbeat. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.strongdm.com/admin/deployment/scenarios/chef.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.