kosmos/chef
kosmos/chef
8
3
Fork 0
Code Issues 30 Pull Requests 3 Projects 2 Activity
1,984 Commits 7 Branches 0 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Râu Cao 63d0b68c36
Upgrade Deno
2025-06-02 10:53:38 +04:00
.chef
Use the new way of setting attribute whitelists
2023-07-17 18:06:23 +02:00
clients
Deploy new postgres primary
2024-12-12 18:31:54 +04:00
cookbooks
Set up SpamAssassin
2023-12-06 12:22:24 +01:00
data_bags
Configure LDAP for akkounts, add more Rails credentials
2025-05-06 19:41:54 +04:00
doc
Add basic Garage doc
2022-11-25 10:56:22 +00:00
environments
Adapt strfry config to cookbook changes, increase allowed event size
2025-06-01 20:06:47 +04:00
nodes
Update node info
2025-06-01 20:06:32 +04:00
roles
Use Gitea from source
2025-05-31 15:28:33 +04:00
scripts
Add info about required, unautomated step to script
2024-03-11 15:57:46 +01:00
site-cookbooks
Upgrade Deno
2025-06-02 10:53:38 +04:00
.gitignore
WIP RSK cookbook
2021-06-13 16:58:53 +02:00
.gitmodules
Update strfry cookbook
2024-06-11 23:09:48 +02:00
.ruby-version
Use chef-workstation Ruby with rbenv
2021-05-28 14:40:02 +02:00
Berksfile
Set up SpamAssassin
2023-12-06 12:22:24 +01:00
Berksfile.lock
Set up SpamAssassin
2023-12-06 12:22:24 +01:00
Gemfile
Upgrade knife-zero for Ruby 3.0
2022-02-02 17:31:13 -06:00
Gemfile.lock
Add new architecture to Gemfile.lock
2023-07-17 18:09:55 +02:00
README.md
Add postgres replica bootstrap example
2024-12-12 18:29:16 +04:00
Vagrantfile
Add openresty Vagrant box
2023-07-15 17:20:06 +02:00

README.md

This repository contains all infrastructure automation code that we use to set up and configure servers, virtual machines, and applications for Kosmos hosted services.

Chef cookbooks are written in Ruby, and based on Chef Infra resources. Some cookbooks contain integration test suites based on Test Kitchen.

Note: Manual configuration of servers and applications is highly discouraged, and can be overwritten or lost without notice!

Setup

Install Chef Workstation

rbenv

If you use rbenv to manage Ruby versions on your system, install the rbenv-chef-workstation plugin.

Install gem dependencies

Clone this repository, cd into it, and run:

bundle install

Common tasks

Bootstrap a new host server

knife zero bootstrap root@server-name.kosmos.org --run-list "role[base],role[kvm_host]" --secret-file .chef/encrypted_data_bag_secret

Bootstrap a new VM

knife zero bootstrap ubuntu@zerotier-ip-address -x ubuntu --sudo --run-list "role[base],role[kvm_guest]" --secret-file .chef/encrypted_data_bag_secret

Bootstrap a new VM with environment and role/app (postgres replica as example)

knife zero bootstrap ubuntu@10.1.1.134 -x ubuntu --sudo --environment production --run-list "role[base],role[kvm_guest],role[postgresql_replica]" --secret-file .chef/encrypted_data_bag_secret

Run Chef Zero on a host server

knife zero converge -p2222 name:server-name.kosmos.org

Run Chef Zero on a VM

knife zero converge -a knife_zero.host name:vm-name-23

Update Chef Client on a server:

knife zero converge name:dev.kosmos.org --client-version 15.3.14

Managing cookbooks

Cookbooks are managed via Berkshelf. Run berks --help for command help.

Install cookbooks listed in Berksfile:

berks install

Vendor installed cookbooks to the cookbooks/ dir:

berks vendor cookbooks/ --delete

"Expired" TLS certificates

If you encounter expired TLS certificates during a Chef run (e.g. for remote files), the issue is likely that the certificate has been issued by Let's Encrypt and Chef is still using its own, outdated CA cert store (see here for example).

As a hotfix, you can manually remove the "DST Root CA X3" cert from /opt/chef/embedded/ssl/cert.pem on the machine you're trying to converge.

Description
Infrastructure configs and automation for Kosmos servers
chefdevopslinuxopsrubyubuntu
Readme 15 MiB
Languages
Ruby 60.5%
HTML 35.5%
C 2%
PowerShell 1%
Shell 0.9%