After reading this article, not all the steps applied in my case. I’ve pasted the steps I had to take on my system, to get chef-dk 0.11.0-1_amd64.deb to work on the listed CentOs.
Steps to configure chef-server locally
- use this kitchen file:
---
driver:
name: vagrant
provisioner:
name: chef_zero
# Uncomment the following verifier to leverage Inspec instead of Busser (the
# default verifier)
# verifier:
# name: inspec
platforms:
- name: centos65
driver:
network:
- ["private_network", {ip: "192.168.33.7"}]
box: learningchef/centos65
box_url: learningchef/centos65
suites:
- name: default
run_list:
- recipe[chef-server::default]
attributes:
- with this recipe:
#
# Cookbook Name:: chef-server
# Recipe:: default
#
# Copyright (c) 2016 The Authors, All Rights Reserved.
default['chef-server']['url'] = 'https://opscode-omnibus-packages.s3.amazonaws.com/el/6/x86_64/chef-server-11.1.4-1.el6.x86_64.rpm'
package_url = node['chef-server']['url']
package_name = ::File.basename(package_url)
package_local_path = "#{Chef::Config[:file_cache_path]}/#{package_name}"
# omnibus_package is remote (i.e., a URL) let's download it
rpm_package package_name do
source package_local_path
end
package package_local_path
# reconfigure the installation
execute 'chef-server-ctl reconfigure'
- do a kitchen converge
- open https://192.168.33.7 in your browser
- login as admin/p@assw0rd1
- change password
- create user geo with whatever password, make him an admin
- on the screen there will be a private key shown, copy that and save it locally to a file named geo.pem
- in chef-repo create a .chef folder
- copy geo.pem there
- we need to copy the chef-validator from the host scp root@192.168.33.7:/etc/chef-server/chef-validator.pem .
- add a new entry to /etc/hosts with the following content:
192.168.33.7 default-centos65
- in .chef, create a file called knife.rb with the following content:
current_dir = File.dirname(__FILE__)
log_level :info
log_location STDOUT
node_name "geo"
client_key "#{current_dir}/geo.pem"
validation_client_name "chef-validator"
validation_key "#{current_dir}/chef-validator.pem"
chef_server_url "https://default-centos65:443"
cache_type "BasicFile"
cache_options( :path => "#{ENV['HOME']}/.chef/checksums" )
cookbook_path ["#{current_dir}/../cookbooks"]
- the content of .chef should be:
.chef/ geo.pem knife.rb chef-validator.pem
- test that server is accessible:
$ knife client list chef-validator chef-webui
Potential problems you may encounter
- I encountered this initially, when running knife client list
➜ chef-repo git:(master) ✗ knife client list ERROR: SSL Validation failure connecting to host: default-centos65.vagrantup.com - hostname "default-centos65.vagrantup.com" does not match the server certificate ERROR: SSL Error connecting to https://default-centos65.vagrantup.com/clients, retry 1/5 ERROR: SSL Validation failure connecting to host: default-centos65.vagrantup.com - hostname "default-centos65.vagrantup.com" does not match the server certificate
- fix for it was to run knife ssl check, where I saw the following:
➜ chef-repo git:(master) ✗ knife ssl check Connecting to host default-centos65.vagrantup.com:443 ERROR: The SSL cert is signed by a trusted authority but is not valid for the given hostname ERROR: You are attempting to connect to: 'default-centos65.vagrantup.com' ERROR: The server's certificate belongs to 'default-centos65'
- then, I just changed the entry from default-centos65.vagrantup.com to default-centos65 in /etc/hosts
- also, I went in knife.rb and I changed chef_server_url from:
chef_server_url "https://default-centos65.vagrantup.com:443"
to
chef_server_url "https://default-centos65:443"
- next, run another knife ssl check, and you should see this output:
➜ chef-repo git:(master) ✗ knife ssl check Connecting to host default-centos65:443 Successfully verified certificates from `default-centos65'