kosmos/chef: Infrastructure configs and automation for Kosmos servers - chef

Infrastructure configs and automation for Kosmos servers

Go to file

Râu Cao 1e9878d17e Remove obsolete clients		2023-11-28 22:43:21 +01:00
.chef	Use the new way of setting attribute whitelists	2023-07-17 18:06:23 +02:00
clients	Remove obsolete clients	2023-11-28 22:43:21 +01:00
cookbooks	Add jemalloc and yum cookbooks	2023-07-08 15:12:30 +02:00
data_bags	Migrate ejabberd uploads to mod_s3_upload and Garage	2023-10-10 17:55:55 +02:00
doc	Add basic Garage doc	2022-11-25 10:56:22 +00:00
environments	Migrate ejabberd uploads to mod_s3_upload and Garage	2023-10-10 17:55:55 +02:00
nodes	Remove rsk-testnet-3	2023-11-28 22:43:21 +01:00
roles	Upgrade RSKj to 5.3.0, deploy new nodes	2023-11-04 15:06:31 +01:00
scripts	Improve script for switching postgres primary	2023-07-21 14:55:43 +02:00
site-cookbooks	Merge pull request 'Set max size for external S3 upload requests' (#525 ) from bugfix/s3_nginx_max_upload_size into master	2023-11-15 13:04:34 +00:00
.gitignore	WIP RSK cookbook	2021-06-13 16:58:53 +02:00
.gitmodules	Add openresty cookbook fork as a submodule	2023-07-05 15:50:46 +02:00
.ruby-version	Use chef-workstation Ruby with rbenv	2021-05-28 14:40:02 +02:00
Berksfile	Add cookbook dependencies for openresty	2023-07-06 10:14:23 +02:00
Berksfile.lock	Add cookbook dependencies for openresty	2023-07-06 10:14:23 +02:00
Gemfile	Upgrade knife-zero for Ruby 3.0	2022-02-02 17:31:13 -06:00
Gemfile.lock	Add new architecture to Gemfile.lock	2023-07-17 18:09:55 +02:00
README.md	Update README	2023-01-05 17:14:46 +08:00
Vagrantfile	Add openresty Vagrant box	2023-07-15 17:20:06 +02:00

README.md

This repository contains all infrastructure automation code that we use to set up and configure servers, virtual machines, and applications for Kosmos hosted services.

Chef cookbooks are written in Ruby, and based on Chef Infra resources. Some cookbooks contain integration test suites based on Test Kitchen.

Note: Manual configuration of servers and applications is highly discouraged, and can be overwritten or lost without notice!

Setup

Install Chef Workstation

macOS, Windows, RHEL, Ubuntu: https://docs.chef.io/workstation/install_workstation/
Arch Linux: https://aur.archlinux.org/packages/chef-workstation

rbenv

If you use rbenv to manage Ruby versions on your system, install the rbenv-chef-workstation plugin.

Install gem dependencies

Clone this repository, cd into it, and run:

bundle install

Common tasks

Bootstrap a new host server

knife zero bootstrap root@server-name.kosmos.org --run-list "role[base],role[kvm_host]" --secret-file .chef/encrypted_data_bag_secret

Bootstrap a new VM

knife zero bootstrap ubuntu@zerotier-ip-address -x ubuntu --sudo --run-list "role[base],role[kvm_guest]" --secret-file .chef/encrypted_data_bag_secret

Run Chef Zero on a host server

knife zero converge -p2222 name:server-name.kosmos.org

Run Chef Zero on a VM

knife zero converge -a knife_zero.host name:vm-name-23

Update Chef Client on a server:

knife zero converge name:dev.kosmos.org --client-version 15.3.14

Managing cookbooks

Cookbooks are managed via Berkshelf. Run berks --help for command help.

Install cookbooks listed in Berksfile:

berks install

Vendor installed cookbooks to the cookbooks/ dir:

berks vendor cookbooks/ --delete

"Expired" TLS certificates

If you encounter expired TLS certificates during a Chef run (e.g. for remote files), the issue is likely that the certificate has been issued by Let's Encrypt and Chef is still using its own, outdated CA cert store (see here for example).

As a hotfix, you can manually remove the "DST Root CA X3" cert from /opt/chef/embedded/ssl/cert.pem on the machine you're trying to converge.