You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
|
3 weeks ago | |
---|---|---|
.chef | 2 years ago | |
clients | 2 months ago | |
cookbooks | 7 months ago | |
data_bags | 1 month ago | |
doc | 7 months ago | |
environments | 1 month ago | |
nodes | 1 month ago | |
roles | 1 month ago | |
scripts | 1 year ago | |
site-cookbooks | 3 weeks ago | |
.gitignore | 1 year ago | |
.gitmodules | 2 years ago | |
.ruby-version | 1 year ago | |
Berksfile | 7 months ago | |
Berksfile.lock | 7 months ago | |
Gemfile | 5 months ago | |
Gemfile.lock | 5 months ago | |
README.md | 7 months ago | |
Vagrantfile | 1 month ago |
README.md
Install Chef Workstation
- macOS, Windows, RHEL, Ubuntu: https://docs.chef.io/workstation/install_workstation/
- Arch Linux: https://aur.archlinux.org/packages/chef-workstation
rbenv
If you use rbenv to manage Ruby versions on your system, install the (rbenv-chef-workstation)[https://github.com/docwhat/rbenv-chef-workstation] plugin.
Install gem dependencies
bundle install
Bootstrap a new server
knife zero bootstrap root@dev.kosmos.org --run-list "recipe[kosmos-base],..." -j '{"example_cookbook":{"memory_max":"256M"}}' --secret-file .chef/encrypted_data_bag_secret
Bootstrap a new VM
knife zero bootstrap ubuntu@zerotier-ip-address -x ubuntu --sudo --run-list "recipe[kosmos-base]" --secret-file .chef/encrypted_data_bag_secret
Run Chef Zero
knife zero converge name:dev.kosmos.org
Run Chef Zero on a VM
knife zero converge -a knife_zero.host name:vm-name-23
Update Chef Client on a server:
knife zero converge name:dev.kosmos.org --client-version 15.3.14
Managing cookbooks
Cookbooks are managed via Berkshelf. Run berks --help
for command help.
Install cookbooks listed in Berksfile:
berks install
Vendor installed cookbooks to the cookbooks/
dir:
berks vendor cookbooks/ --delete
"Expired" TLS certificates
If you encounter expired TLS certificates during a Chef run (e.g. for remote files), the issue is likely that the certificate has been issued by Let's Encrypt and Chef is still using its own, outdated CA cert store (see here for example).
As a hotfix, you can manually remove the "DST Root CA X3" cert from
/opt/chef/embedded/ssl/cert.pem
on the machine you're trying to converge.