Infrastructure automation code for Kosmos servers
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
greg 7adee84adf Merge pull request 'Upgrade Mastodon to 3.4.4' (#368) from chore/upgrade_mastodon into master 8 months ago
.chef Whitelist ejabberd custom node attributes 2 years ago
clients Add missing files 8 months ago
cookbooks Update golang cookbook 8 months ago
data_bags Upgrade botka, deploy for Libera.Chat to nodejs-2 11 months ago
doc Use pbkdf2 for backup key derivation 8 months ago
environments WIP 2 years ago
nodes Upgrade Mastodon to latest version 8 months ago
roles Merge branch 'master' into feature/rskj_public_endpoint 8 months ago
scripts Merge pull request 'Add script for notifying Kosmos channels from Ruby' (#279) from feature/notify_xmpp_from_ruby into master 2 years ago
site-cookbooks Add single sidekiq process for new scheduler queue 8 months ago
.gitignore WIP RSK cookbook 1 year ago
.gitmodules Use our own fork of the postgresql cookbook 2 years ago
.ruby-version Use chef-workstation Ruby with rbenv 1 year ago
Berksfile Update golang cookbook 8 months ago
Berksfile.lock Update golang cookbook 8 months ago
Gemfile Only keep the knife-zero gem in the Gemfile 1 year ago
Gemfile.lock Update Gemfile.lock 11 months ago Update README 9 months ago
Vagrantfile Suggest bitcoin source recipe for dev 2 years ago

Install Chef Workstation


If you use rbenv to manage Ruby versions on your system, install the (rbenv-chef-workstation)[] plugin.

Install gem dependencies

bundle install

Bootstrap a new server

knife zero bootstrap --run-list "recipe[kosmos-base],..." -j '{"example_cookbook":{"memory_max":"256M"}}' --secret-file .chef/encrypted_data_bag_secret

Bootstrap a new VM

knife zero bootstrap ubuntu@zerotier-ip-address -x ubuntu --sudo --run-list "recipe[kosmos-base]" --secret-file .chef/encrypted_data_bag_secret

Run Chef Zero

knife zero converge

Run Chef Zero on a VM

knife zero converge -a name:vm-name-23

Update Chef Client on a server:

knife zero converge --client-version 15.3.14

Managing cookbooks

Cookbooks are managed via Berkshelf. Run berks --help for command help.

Install cookbooks listed in Berksfile:

berks install

Vendor installed cookbooks to the cookbooks/ dir:

berks vendor cookbooks/ --delete

"Expired" TLS certificates

If you encounter expired TLS certificates during a Chef run (e.g. for remote files), the issue is likely that the certificate has been issued by Let's Encrypt and Chef is still using its own, outdated CA cert store (see here for example).

As a hotfix, you can manually remove the "DST Root CA X3" cert from /opt/chef/embedded/ssl/cert.pem on the machine you're trying to converge.