I’m trying to install the berkshelf API server. I was always under the
impression I could use a chef server for this. I guess that isn’t the case,
although I really don’t understand why.
can you check /opt/chef/embedded/bin/gem list, and post the output. there must be something in there thats causing version mismatch. instead of installing berkshelf-api there, try installing it in a separate place. and use bundler.
i am running 14.04, and i can install berkshelf-api just fine.
in a separate folder, say ‘foo’, do this:
use a gemfile
@Doug_Garstang you ask messages often… the fact that you ask often proves that we dont leave you crying. i understand the frustration, but stay put. u’ll get through this :0)
We’ve got a Berkshelf API server running for over two years now, and we make use of the cookbook (source code for the current version, but you can just install it using from the Supermarket, it’s called berkshelf-api-server).
Assuming you want a Berkshelf API in order to easily use cookbooks uploaded to a private Chef Server, you’ll want to write a wrapper cookbook, and specify some config. You’ll also need to get your client key onto the Berkshelf API server.
An example:
api_keys = Chef::EncryptedDataBagItem.load(
'secrets',
'api_keys'
)[node.chef_environment]
if api_keys.nil?
fail "Data bag secrets/api_keys is missing environment #{node.chef_environment}"
end
node.set['berkshelf_api']['config'] = {
home_path: node['berkshelf_api']['home'],
endpoints: [
{
type: 'chef_server',
options: {
url: 'https://api.opscode.com/organizations/xyz',
client_name: 'berkshelf',
client_key: '/etc/berkshelf/api-server/client.pem'
}
}
]
}
include_recipe 'berkshelf-api-server'
file node['berkshelf_api']['home'] + '/client.pem' do
content api_keys['chef']['berkshelf']
mode 0600
owner node['berkshelf_api']['owner']
group node['berkshelf_api']['group']
notifies :restart, 'runit_service[berks-api]'
end
runit_service 'berks-api' do
action :start
end
Thanks. Not really following what the options in the config hash are for.
Do we need an account at opscode or something?! There’s no mention of these
options on the berkshelf-api-server github page.
Ok, so after reading around some more, I see that berkshelf-api-server only
holds the locations of the cookbooks, not the cookbooks themselves. It
would be nice if this was documented on the github page somewhere, or at
least a link was provided to the official location of berkshelf-api. This
is also needs to work with Chef 11 in our case, not chef 12. We haven’t
gone to chef 12 yet, a number of blocking issues.
As far as I know the cookbook endpoint between chef11 and chef12 is the same.
You just have to give the correct url to berkshelf-api server (the same as what you have in your knife.rb or client.rb on nodes) and a user with its key to allow it to make requests to the chef-server (again same thing as for knife).
I’m more or less paraphrasing the Readme on github here
Then in your berksfile you set your berkshelf-api server url as source before the supermarket url, berkshelf will stop searching in sources as soon as it find a match.
What’s at the root of the repo is the berkshelf-api server code along with the documentation to the server configuration, within this source code repo there’s a cookbook to install the api server itself
You should be using a trusted certificate for your Chef server, even if only to avoid these sort of issues.
Are you disabling peer verification on your chef and knife clients? You could do the same (not recommended) when configuring the chef server in berkshelf (it’s in the docs), get a certificate from a CA that’s trusted by your root store or implement your own authority.