Installing berkshelf API server

I’m trying to install the berkshelf API server. I was always under the
impression I could use a chef server for this. I guess that isn’t the case,
although I really don’t understand why.

To get started, do I want this…

or this?

On a fresh Ubuntu 14.04 system, attempting to do a:
/opt/chef/embedded/bin/gem install berkshelf-api

results in:
ERROR: While executing gem … (Gem::DependencyError)
Unable to resolve dependencies: berkshelf-api requires celluloid (~>
0.16.0.pre); reel requires celluloid (>= 0.15.1); ridley requires celluloid
(~> 0.16.0); celluloid-io requires celluloid (>= 0.17.0.pre12)

It looks like I’m not the only person to experience this issue, evidenced

It looks to be unresolved since August 27. Do I have any options except
give up and cry?


can you check /opt/chef/embedded/bin/gem list, and post the output. there must be something in there thats causing version mismatch. instead of installing berkshelf-api there, try installing it in a separate place. and use bundler.
i am running 14.04, and i can install berkshelf-api just fine.
in a separate folder, say ‘foo’, do this:
use a gemfile

source ''
gem 'berkshelf-api'
/opt/chef/embedded/bin/bundle install --path .bundle

@Doug_Garstang you ask messages often… the fact that you ask often proves that we dont leave you crying. i understand the frustration, but stay put. u’ll get through this :0)

We’ve got a Berkshelf API server running for over two years now, and we make use of the cookbook (source code for the current version, but you can just install it using from the Supermarket, it’s called berkshelf-api-server).

Assuming you want a Berkshelf API in order to easily use cookbooks uploaded to a private Chef Server, you’ll want to write a wrapper cookbook, and specify some config. You’ll also need to get your client key onto the Berkshelf API server.

An example:

api_keys = Chef::EncryptedDataBagItem.load(

if api_keys.nil?
  fail "Data bag secrets/api_keys is missing environment #{node.chef_environment}"

node.set['berkshelf_api']['config'] = {
  home_path: node['berkshelf_api']['home'],
  endpoints: [
      type: 'chef_server',
      options: {
        url: '',
        client_name: 'berkshelf',
        client_key: '/etc/berkshelf/api-server/client.pem'

include_recipe 'berkshelf-api-server'

file node['berkshelf_api']['home'] + '/client.pem' do
  content api_keys['chef']['berkshelf']
  mode 0600
  owner node['berkshelf_api']['owner']
  group node['berkshelf_api']['group']
  notifies :restart, 'runit_service[berks-api]'

runit_service 'berks-api' do
  action :start


Thanks. Not really following what the options in the config hash are for.
Do we need an account at opscode or something?! There’s no mention of these
options on the berkshelf-api-server github page. :frowning:


Ok, so after reading around some more, I see that berkshelf-api-server only
holds the locations of the cookbooks, not the cookbooks themselves. It
would be nice if this was documented on the github page somewhere, or at
least a link was provided to the official location of berkshelf-api. This
is also needs to work with Chef 11 in our case, not chef 12. We haven’t
gone to chef 12 yet, a number of blocking issues.


As far as I know the cookbook endpoint between chef11 and chef12 is the same.
You just have to give the correct url to berkshelf-api server (the same as what you have in your knife.rb or client.rb on nodes) and a user with its key to allow it to make requests to the chef-server (again same thing as for knife).

I’m more or less paraphrasing the Readme on github here

Then in your berksfile you set your berkshelf-api server url as source before the supermarket url, berkshelf will stop searching in sources as soon as it find a match.

I’m confused.

I was referring to:


There’s a at
that suggests it’s a different cookbook to what’s at, even though I know see they’re
the same github repo. :frowning:


What’s at the root of the repo is the berkshelf-api server code along with the documentation to the server configuration, within this source code repo there’s a cookbook to install the api server itself :slight_smile:

So, I got this to work on an instance, with the caveat that there seems to
be an issue with runit:


Having the mailing list truncate my messages is getting old, real fast.

Let’s try this again…

So, I got this to work on an instance, with the caveat that there seems to
be an issue with runit:


Well… I don’t know… truncated again. How do I not have messages posted
to the list truncated for unknown reasons?

Assuming this message won’t be truncated…

I finally found where the berkshelf api server log file lives. In that I

"Ridley::Errors::ClientError: SSL_connect returned=1 errno=0 state=SSLv3
read server certificate B: certificate verify failed"

when it tries to connect to our chef server. Help. :frowning:


Does your Chef server use a self-signed certificate or one signed by your
own certificate authority?

It’s a self signed certificate.

You should be using a trusted certificate for your Chef server, even if only to avoid these sort of issues.

Are you disabling peer verification on your chef and knife clients? You could do the same (not recommended) when configuring the chef server in berkshelf (it’s in the docs), get a certificate from a CA that’s trusted by your root store or implement your own authority.