- Install Chef client: https://downloads.chef.io/chef-client/
- Install
chef-vault:sudo gem install chef-vault - Retrieve the server certificate from flanders. Store the files in the folder
/etc/chef-server- Organization 'madalynn': /home/madalynn/private_keys/madalynn.pem -> equivalent of the chef-validator.pem file
- Admin user 'blinkseb': /home/madalynn/private_keys/blinkseb.pem -> equivalent of the admin.pem file
scp flanders:/home/madalynn/private_keys/madalynn.pem /etc/chef-server/chef-validator.pem
scp flanders:/home/madalynn/private_keys/blinkseb.pem /home/sbrochet/.chef/blinkseb.pem- Configure knife:
knife configure
- URL is https://flanders.madalynn.eu/organizations/madalynn
- Admin user name is 'blinkseb'
- Organization name is 'madalynn'
- Flanders use a self-signed certificate. You need to copy the certificate locally. Certificate file is by default only accessible to root user, so you need to connect to the server and manually copy the file
/var/opt/opscode/nginx/ca/*.crtto/home/sbrochet/.chef/trusted_certs/
- First, bootstrap the new host with the
knife bootstrapcommand:
knife bootstrap -G <SSH gateway> <IP> -x <SSH username> --sudo -A -N <Node name> -u blinkseb
The new node should appears when doing knife node list
- Update the passwords vault to add the new node:
./update_passwords_access_list.sh
- Upload the updated password vault
knife upload data_bags
- Update the run list of the new node. The run list define which actions are run automatically on each node (see the
rolesfolder for a list of possible values)
knife node run_list add <Node name> 'role[<role name>]'
- Run
sudo chef-clienton the new host
Cookbooks are managed with Berkshelf. Install ChefDK to have it
- To list all cookbooks:
berks list- To list outdated cookbooks:
berks outdated- To update all cookbooks to latest version:
berks update- To upload all cookbooks to the chef-server
berks upload --no-ssl-verify