Infrastructure automation code for Kosmos servers
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
greg 7de33b4e94 Merge pull request 'Fix VM base images being overwritten' (#417) from bugfix/vm_base_images into master 3 weeks ago
.chef Whitelist ejabberd custom node attributes 2 years ago
clients Add ejabberd-8 node config 2 months ago
cookbooks Update golang cookbook 7 months ago
data_bags Upgrade ejabberd to 22.05 1 month ago
doc Use pbkdf2 for backup key derivation 7 months ago
environments Support multiple VMs in Vagrant config 1 month ago
nodes Update ejabberd node info 1 month ago
roles Add nginx proxy for akkounts/kredits API 1 month ago
scripts Merge pull request 'Add script for notifying Kosmos channels from Ruby' (#279) from feature/notify_xmpp_from_ruby into master 1 year ago
site-cookbooks Merge branch 'master' into bugfix/vm_base_images 3 weeks ago
.gitignore WIP RSK cookbook 1 year ago
.gitmodules Use our own fork of the postgresql cookbook 2 years ago
.ruby-version Use chef-workstation Ruby with rbenv 1 year ago
Berksfile Update golang cookbook 7 months ago
Berksfile.lock Update golang cookbook 7 months ago
Gemfile Upgrade knife-zero for Ruby 3.0 5 months ago
Gemfile.lock Upgrade knife-zero for Ruby 3.0 5 months ago Update README 7 months ago
Vagrantfile Finish multi-VM config 1 month ago

Install Chef Workstation


If you use rbenv to manage Ruby versions on your system, install the (rbenv-chef-workstation)[] plugin.

Install gem dependencies

bundle install

Bootstrap a new server

knife zero bootstrap --run-list "recipe[kosmos-base],..." -j '{"example_cookbook":{"memory_max":"256M"}}' --secret-file .chef/encrypted_data_bag_secret

Bootstrap a new VM

knife zero bootstrap ubuntu@zerotier-ip-address -x ubuntu --sudo --run-list "recipe[kosmos-base]" --secret-file .chef/encrypted_data_bag_secret

Run Chef Zero

knife zero converge

Run Chef Zero on a VM

knife zero converge -a name:vm-name-23

Update Chef Client on a server:

knife zero converge --client-version 15.3.14

Managing cookbooks

Cookbooks are managed via Berkshelf. Run berks --help for command help.

Install cookbooks listed in Berksfile:

berks install

Vendor installed cookbooks to the cookbooks/ dir:

berks vendor cookbooks/ --delete

"Expired" TLS certificates

If you encounter expired TLS certificates during a Chef run (e.g. for remote files), the issue is likely that the certificate has been issued by Let's Encrypt and Chef is still using its own, outdated CA cert store (see here for example).

As a hotfix, you can manually remove the "DST Root CA X3" cert from /opt/chef/embedded/ssl/cert.pem on the machine you're trying to converge.