Hello guys,
I am looking for documentation on custom bootstrap templates for a while now.
In an environment where the machines have no internet access, I have a chef server where i can store a rpm and an msi chef client. I have to build a script to bootstrap 2 CentOS machines and 2 Windows 2k12 machines, which are on a csv list.
The thing I don’t get is how to build up the bootstrap template for the CentOS machines, telling them to get the chef-client rpm from chef-server (in which I’ve created a VS on nginx rpovided with chef).
All I could find is a chef-full.erb which gets the install.sh from https://omnitruck-direct.chef.io/chef/install.sh
.
One other thing I found was: https://github.com/juliandunn/chef-bootstrap-templates/blob/master/chef-full-nointernet.erb
And this is exactly what i need, but I couldn’t make it work.
The templates looks like this:
bash -c '
<%= "export https_proxy=\"#{knife_config[:bootstrap_proxy]}\"" if knife_config[:bootstrap_proxy] -%>
distro=`uname -s`
if test "x$distro" = "xSunOS"; then
if test -d "/usr/sfw/bin"; then
PATH=/usr/sfw/bin:$PATH
export PATH
fi
fi
exists() {
if command -v $1 &>/dev/null
then
return 0
else
return 1
fi
}
# Fill in appropriately
yum install -y http://chef01:8081/kit/packages/centos/chef-12.16.42-1.el6.x86_64.rpm
mkdir -p /etc/chef
cat > /etc/chef/validation.pem <<'EOP'
<%= validation_key %>
EOP
chmod 0600 /etc/chef/validation.pem
<% if encrypted_data_bag_secret -%>
cat > /etc/chef/encrypted_data_bag_secret <<'EOP'
<%= encrypted_data_bag_secret %>
EOP
chmod 0600 /etc/chef/encrypted_data_bag_secret
<% end -%>
<%# Generate Ohai Hints -%>
<% unless @chef_config[:knife][:hints].nil? || @chef_config[:knife][:hints].empty? -%>
mkdir -p /etc/chef/ohai/hints
<% @chef_config[:knife][:hints].each do |name, hash| -%>
cat > /etc/chef/ohai/hints/<%= name %>.json <<'EOP'
<%= hash.to_json %>
EOP
<% end -%>
<% end -%>
cat > /etc/chef/client.rb <<'EOP'
<%= config_content %>
EOP
cat > /etc/chef/first-boot.json <<'EOP'
<%= first_boot.to_json %>
EOP
echo "Starting first Chef Client run..."
<%= start_chef %>'
And the output I get is this:
PS C:\project> .\scripts\script.ps1 -user admin -pass pass123
Creating new client for centos01
Creating new node for centos01
Connecting to centos01
centos01 knife sudo password:
centos01
centos01 Loaded plugins: fastestmirror
centos01 Setting up Install Process
chef-12.16.42-1.el6.x86_64.rpm | 35 MB 00:00
centos01 Examining /var/tmp/yum-root-QQjRa7/chef-12.16.42-1.el6.x86_64.rpm: chef-12.16.42-1.el6.x86_64
centos01 /var/tmp/yum-root-QQjRa7/chef-12.16.42-1.el6.x86_64.rpm: does not update installed package.
centos01 Error: Nothing to do
centos01 Starting first Chef Client run...
centos01 Starting Chef Client, version 12.16.42
centos01 Creating a new client identity for centos01 using the validator key.
centos01
centos01 ================================================================================
centos01 Chef encountered an error attempting to create the client "centos01"
centos01 ================================================================================
centos01
centos01 Platform:
centos01 ---------
centos01 x86_64-linux
centos01
centos01
centos01 Running handlers:
centos01 [2016-11-28T23:53:04+02:00] ERROR: Running exception handlers
centos01 Running handlers complete
centos01 [2016-11-28T23:53:04+02:00] ERROR: Exception handlers complete
centos01 Chef Client failed. 0 resources updated in 03 seconds
centos01 [2016-11-28T23:53:04+02:00] FATAL: Stacktrace dumped to /var/chef/cache/chef-stacktrace.out
centos01 [2016-11-28T23:53:04+02:00] FATAL: Please provide the contents of the stacktrace.out file if you file a bug report
centos01 [2016-11-28T23:53:04+02:00] ERROR: The file /etc/chef/validation.pem or :raw_key option does not contain a correctly formatted private key.
centos01 The key file should begin with '-----BEGIN RSA PRIVATE KEY-----' and end with '-----END RSA PRIVATE KEY-----'
centos01 [2016-11-28T23:53:04+02:00] FATAL: Chef::Exceptions::ChildConvergeError: Chef run process exited unsuccessfully (exit code 1)
What I get in the /etc/chef/validation.pem
is this:
[root@centos01 ~]# cat /etc/chef/validation.pem
false
Could anyone enlighten me on this topic, please?
Thank you,
Gabriel