58 lines
1.7 KiB
Markdown
58 lines
1.7 KiB
Markdown
### Install Chef Workstation
|
|
|
|
* macOS, Windows, RHEL, Ubuntu: https://docs.chef.io/workstation/install_workstation/
|
|
* Arch Linux: https://aur.archlinux.org/packages/chef-workstation
|
|
|
|
#### rbenv
|
|
|
|
If you use rbenv to manage Ruby versions on your system, install the
|
|
(rbenv-chef-workstation)[https://github.com/docwhat/rbenv-chef-workstation]
|
|
plugin.
|
|
|
|
### Install gem dependencies
|
|
|
|
bundle install
|
|
|
|
### Bootstrap a new server
|
|
|
|
knife zero bootstrap root@dev.kosmos.org --run-list "recipe[kosmos-base],..." -j '{"example_cookbook":{"memory_max":"256M"}}' --secret-file .chef/encrypted_data_bag_secret
|
|
|
|
### Bootstrap a new VM
|
|
|
|
knife zero bootstrap ubuntu@zerotier-ip-address -x ubuntu --sudo --run-list "recipe[kosmos-base]" --secret-file .chef/encrypted_data_bag_secret
|
|
|
|
### Run Chef Zero
|
|
|
|
knife zero converge name:dev.kosmos.org
|
|
|
|
### Run Chef Zero on a VM
|
|
|
|
knife zero converge -a knife_zero.host name:vm-name-23
|
|
|
|
### Update Chef Client on a server:
|
|
|
|
knife zero converge name:dev.kosmos.org --client-version 15.3.14
|
|
|
|
### Managing cookbooks
|
|
|
|
Cookbooks are managed via Berkshelf. Run `berks --help` for command help.
|
|
|
|
Install cookbooks listed in Berksfile:
|
|
|
|
berks install
|
|
|
|
Vendor installed cookbooks to the `cookbooks/` dir:
|
|
|
|
berks vendor cookbooks/ --delete
|
|
|
|
### "Expired" TLS certificates
|
|
|
|
If you encounter expired TLS certificates during a Chef run (e.g. for remote
|
|
files), the issue is likely that the certificate has been issued by Let's
|
|
Encrypt and Chef is still using its own, outdated CA cert store (see
|
|
[here](https://github.com/chef/chef/issues/12126#issuecomment-932067530) for
|
|
example).
|
|
|
|
As a hotfix, you can manually remove the "DST Root CA X3" cert from
|
|
`/opt/chef/embedded/ssl/cert.pem` on the machine you're trying to converge.
|