Berkshelf sources from chef server

In our Berksfile’s, we’ve been specifying the location of dependent
cookbooks as paths to local files. It would seem that a better approach
would be to retrieve them from our own chef server. I can’t get this to
work however.

My Berksfile now has the following:

source "https://api.berkshelf.com"
source "https://chef-004.dev.slicetest.com"
metadata

After setting the path to the certificate for our chef server with:
export
SSL_CERT_FILE=/Users/doug/.chefvm/configurations/dev/trusted_certs/chef-004_dev_slicetest_com.crt

When I run ‘berks install’, this is what I get:

Fetching cookbook index from https://api.berkshelf.com
Fetching cookbook index from https://chef-004.dev.slicetest.com
Error retrieving universe from source: https://chef-004.dev.slicetest.com

  • [Berkshelf::APIClient::ServiceNotFound] service not found at:
    https://chef-004.dev.slicetest.com
    /opt/chefdk/embedded/lib/ruby/2.1.0/net/http.rb:920:in `connect’:
    SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B:
    certificate verify failed (Faraday::SSLError)

What am I doing wrong?

Thanks,
Doug

You need to install a berkshelf API server as the API presented by Chef
server itself is not what berkshelf itself uses to create the dependency
tree. This will read the cookbooks from your chef server using a chef
client and present them (under that universe path) as available objects
when using berks commands.

There's a cookbook to configure this here:

It doesn't configure https by default but it just runs via nginx so it's
easy enough to configure yourself.

On 6 October 2015 at 13:35, Douglas Garstang doug.garstang@gmail.com
wrote:

In our Berksfile's, we've been specifying the location of dependent
cookbooks as paths to local files. It would seem that a better approach
would be to retrieve them from our own chef server. I can't get this to
work however.

My Berksfile now has the following:

source "https://api.berkshelf.com"
source "https://chef-004.dev.slicetest.com"
metadata

After setting the path to the certificate for our chef server with:
export
SSL_CERT_FILE=/Users/doug/.chefvm/configurations/dev/trusted_certs/chef-004_dev_slicetest_com.crt

When I run 'berks install', this is what I get:

Fetching cookbook index from https://api.berkshelf.com...
Fetching cookbook index from https://chef-004.dev.slicetest.com...
Error retrieving universe from source: https://chef-004.dev.slicetest.com

  • [Berkshelf::APIClient::ServiceNotFound] service not found at:
    https://chef-004.dev.slicetest.com
    /opt/chefdk/embedded/lib/ruby/2.1.0/net/http.rb:920:in `connect':
    SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B:
    certificate verify failed (Faraday::SSLError)

What am I doing wrong?

Thanks,
Doug

Thanks.

The docs at http://berkshelf.com yesterday said you could use your chef
server as an artifact server with berkshelf. That's no longer there. Looks
like someone updated it.

Doug

On Tue, Oct 6, 2015 at 3:59 PM, Yoshi Spendiff yoshi@spendiff.net wrote:

You need to install a berkshelf API server as the API presented by Chef
server itself is not what berkshelf itself uses to create the dependency
tree. This will read the cookbooks from your chef server using a chef
client and present them (under that universe path) as available objects
when using berks commands.

There's a cookbook to configure this here:
berkshelf-api-server Cookbook - Chef Supermarket

It doesn't configure https by default but it just runs via nginx so it's
easy enough to configure yourself.

On 6 October 2015 at 13:35, Douglas Garstang doug.garstang@gmail.com
wrote:

In our Berksfile's, we've been specifying the location of dependent
cookbooks as paths to local files. It would seem that a better approach
would be to retrieve them from our own chef server. I can't get this to
work however.

My Berksfile now has the following:

source "https://api.berkshelf.com"
source "https://chef-004.dev.slicetest.com"
metadata

After setting the path to the certificate for our chef server with:
export
SSL_CERT_FILE=/Users/doug/.chefvm/configurations/dev/trusted_certs/chef-004_dev_slicetest_com.crt

When I run 'berks install', this is what I get:

Fetching cookbook index from https://api.berkshelf.com...
Fetching cookbook index from https://chef-004.dev.slicetest.com...
Error retrieving universe from source: https://chef-004.dev.slicetest.com

  • [Berkshelf::APIClient::ServiceNotFound] service not found at:
    https://chef-004.dev.slicetest.com
    /opt/chefdk/embedded/lib/ruby/2.1.0/net/http.rb:920:in `connect':
    SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B:
    certificate verify failed (Faraday::SSLError)

What am I doing wrong?

Thanks,
Doug

I must be unlucky. Tried to use the berkshelf-api-server in vagrant, and it
fails.

https://github.com/berkshelf/berkshelf-api/issues/198

Doug.

On Wed, Oct 7, 2015 at 9:12 AM, Doug Garstang doug@slice.com wrote:

Thanks.

The docs at http://berkshelf.com yesterday said you could use your chef
server as an artifact server with berkshelf. That's no longer there. Looks
like someone updated it.

Doug

On Tue, Oct 6, 2015 at 3:59 PM, Yoshi Spendiff yoshi@spendiff.net wrote:

You need to install a berkshelf API server as the API presented by Chef
server itself is not what berkshelf itself uses to create the dependency
tree. This will read the cookbooks from your chef server using a chef
client and present them (under that universe path) as available objects
when using berks commands.

There's a cookbook to configure this here:
berkshelf-api-server Cookbook - Chef Supermarket

It doesn't configure https by default but it just runs via nginx so it's
easy enough to configure yourself.

On 6 October 2015 at 13:35, Douglas Garstang doug.garstang@gmail.com
wrote:

In our Berksfile's, we've been specifying the location of dependent
cookbooks as paths to local files. It would seem that a better approach
would be to retrieve them from our own chef server. I can't get this to
work however.

My Berksfile now has the following:

source "https://api.berkshelf.com"
source "https://chef-004.dev.slicetest.com"
metadata

After setting the path to the certificate for our chef server with:
export
SSL_CERT_FILE=/Users/doug/.chefvm/configurations/dev/trusted_certs/chef-004_dev_slicetest_com.crt

When I run 'berks install', this is what I get:

Fetching cookbook index from https://api.berkshelf.com...
Fetching cookbook index from https://chef-004.dev.slicetest.com...
Error retrieving universe from source:
https://chef-004.dev.slicetest.com

  • [Berkshelf::APIClient::ServiceNotFound] service not found at:
    https://chef-004.dev.slicetest.com
    /opt/chefdk/embedded/lib/ruby/2.1.0/net/http.rb:920:in `connect':
    SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B:
    certificate verify failed (Faraday::SSLError)

What am I doing wrong?

Thanks,
Doug

You could use your Chef server for version 2 of berkshelf, but it proved to
be unreliable or something like that so they used a separate API.

On 7 October 2015 at 09:31, Doug Garstang doug@slice.com wrote:

I must be unlucky. Tried to use the berkshelf-api-server in vagrant, and
it fails.

https://github.com/berkshelf/berkshelf-api/issues/198

Doug.

On Wed, Oct 7, 2015 at 9:12 AM, Doug Garstang doug@slice.com wrote:

Thanks.

The docs at http://berkshelf.com yesterday said you could use your chef
server as an artifact server with berkshelf. That's no longer there. Looks
like someone updated it.

Doug

On Tue, Oct 6, 2015 at 3:59 PM, Yoshi Spendiff yoshi@spendiff.net
wrote:

You need to install a berkshelf API server as the API presented by Chef
server itself is not what berkshelf itself uses to create the dependency
tree. This will read the cookbooks from your chef server using a chef
client and present them (under that universe path) as available objects
when using berks commands.

There's a cookbook to configure this here:
berkshelf-api-server Cookbook - Chef Supermarket

It doesn't configure https by default but it just runs via nginx so it's
easy enough to configure yourself.

On 6 October 2015 at 13:35, Douglas Garstang doug.garstang@gmail.com
wrote:

In our Berksfile's, we've been specifying the location of dependent
cookbooks as paths to local files. It would seem that a better approach
would be to retrieve them from our own chef server. I can't get this to
work however.

My Berksfile now has the following:

source "https://api.berkshelf.com"
source "https://chef-004.dev.slicetest.com"
metadata

After setting the path to the certificate for our chef server with:
export
SSL_CERT_FILE=/Users/doug/.chefvm/configurations/dev/trusted_certs/chef-004_dev_slicetest_com.crt

When I run 'berks install', this is what I get:

Fetching cookbook index from https://api.berkshelf.com...
Fetching cookbook index from https://chef-004.dev.slicetest.com...
Error retrieving universe from source:
https://chef-004.dev.slicetest.com

  • [Berkshelf::APIClient::ServiceNotFound] service not found at:
    https://chef-004.dev.slicetest.com
    /opt/chefdk/embedded/lib/ruby/2.1.0/net/http.rb:920:in `connect':
    SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B:
    certificate verify failed (Faraday::SSLError)

What am I doing wrong?

Thanks,
Doug

If you have Chef Server 12.4.0 or higher you may be able to do this in your Berksfile now.

source :chef_server
source "https://supermarket.chef.io"

See https://stackoverflow.com/questions/38343533/how-to-have-precedence-in-bershelf-to-take-cookbooks-from-chef-server-before-sea