Chef Client on first-boot tries to access www.rubygems.org on a box with no internet access


#1

Hi All,

I'm new to Chef, and just trying to get my cookbook up and running, I've referenced the 'aws' cookbook from the supermarket and because of that it reaches out to rubygems. Unfortunately the server on which I'm deploying the Chef-Client for windows will never have internet access, hence the problem...

I've worked out exactly which gems it needs to download, and have installed these on the client box using the 'gem' embedded command that comes when you install the windows Chef client. they end up installed in:

'C:/opscode/chef/embedded/lib/ruby/gems/2.5.0/gems/'

However, on running the first-boot sequence command it still attempts to connect out to rubygems.

I've read through the stacktrace it's not of much help, the only thing of note is this

Retrying fetcher due to error (2/4): Bundler::HTTPError Could not fetch specs from https://www.rubygems.org/

So something called 'fetcher' is the culprit, but I'm not sure how to stop it / work around it...

If I give the box temporary access to the internet then everything else runs as expected.

Any help would be most appreciated.

Cheers

Chris.


#2

Since you are in an air gaped environment you would need to "vendor" that aws cookbook.

Install a copy of it locally and modify it to remove parts incompatible with your environment and then upload it to your own internal supermarket/chef server.


#3

Hi Larry,

Thanks for the quick response, most appreciated. The problem I have is I'm not sure what it's trying to reference when it runs (other than the gem files). I assumed that once I'd installed the gem binaries locally to the client server, chef would realise they already exist and wouldn't need to go out to the internet for anything.

Is there any way of debugging what the 'fetcher' is trying to get? all it talks about are 'specs' and I'm not sure what they are or where I can get them from.

Thanks again for your time.

Chris.


#4

Looking at the source for it you can see here in the gemfile is the gem source

Then in the metadata.rb is the list of gems that are being called

if you have a local artifact repository you can host those gems in house and use that as your gem source so other servers using this cookbook can grab what they need without having to manually install gems.


#5

Thanks for the replies Larry, really appreciate it. I've been asked to push this to one side for now in order to spin stuff up for other teams. Will update when I get back to it.

Chris.