Infrastructure automation code for Kosmos servers
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
raucao 727210aa74 Merge pull request 'Add new ejabberd node, remove old ones' (#377) from chore/ejabberd_cluster_nodes into master 4 days ago
.chef Whitelist ejabberd custom node attributes 1 year ago
clients Add new ejabberd node 4 days ago
cookbooks Update golang cookbook 2 months ago
data_bags Connect to IRC bouncer instead of directly 3 weeks ago
doc Use pbkdf2 for backup key derivation 2 months ago
environments WIP 1 year ago
nodes Add new ejabberd node 4 days ago
roles Merge branch 'master' into feature/rskj_public_endpoint 2 months ago
scripts Merge pull request 'Add script for notifying Kosmos channels from Ruby' (#279) from feature/notify_xmpp_from_ruby into master 1 year ago
site-cookbooks Use private IP for ejabberd TURN 1 week ago
.gitignore WIP RSK cookbook 8 months ago
.gitmodules Use our own fork of the postgresql cookbook 2 years ago
.ruby-version Use chef-workstation Ruby with rbenv 8 months ago
Berksfile Update golang cookbook 2 months ago
Berksfile.lock Update golang cookbook 2 months ago
Gemfile Only keep the knife-zero gem in the Gemfile 8 months ago
Gemfile.lock Update Gemfile.lock 5 months ago Update README 2 months ago
Vagrantfile Suggest bitcoin source recipe for dev 1 year ago

Install Chef Workstation


If you use rbenv to manage Ruby versions on your system, install the (rbenv-chef-workstation)[] plugin.

Install gem dependencies

bundle install

Bootstrap a new server

knife zero bootstrap --run-list "recipe[kosmos-base],..." -j '{"example_cookbook":{"memory_max":"256M"}}' --secret-file .chef/encrypted_data_bag_secret

Bootstrap a new VM

knife zero bootstrap ubuntu@zerotier-ip-address -x ubuntu --sudo --run-list "recipe[kosmos-base]" --secret-file .chef/encrypted_data_bag_secret

Run Chef Zero

knife zero converge

Run Chef Zero on a VM

knife zero converge -a name:vm-name-23

Update Chef Client on a server:

knife zero converge --client-version 15.3.14

Managing cookbooks

Cookbooks are managed via Berkshelf. Run berks --help for command help.

Install cookbooks listed in Berksfile:

berks install

Vendor installed cookbooks to the cookbooks/ dir:

berks vendor cookbooks/ --delete

"Expired" TLS certificates

If you encounter expired TLS certificates during a Chef run (e.g. for remote files), the issue is likely that the certificate has been issued by Let's Encrypt and Chef is still using its own, outdated CA cert store (see here for example).

As a hotfix, you can manually remove the "DST Root CA X3" cert from /opt/chef/embedded/ssl/cert.pem on the machine you're trying to converge.