Knife-windows 0.8.4 release

After a few release candidates and appreciated testing, we’ve released
knife-windows 0.8.4. This release adds the flags and support necessary
to configure your chef-client ssl settings when bootstrapping a new
Windows node, including copying the contents of your
trusted_certs_dir. Some of these flags can be set on the command line
as well as in your knife configuration file. For example:

knife bootstrap windows winrm 192.168.0.10 -x Administrator -P
’P@ssw0rd’ --node-verify-api-cert --node-ssl-verify-mode peer

For more information on configuring SSL for your chef-client
communications, see these resources:

• http://docs.chef.io/chef_client_security.html#ssl-certificates
• https://www.chef.io/blog/2014/12/12/chef-12-fix-untrusted-self-signed-certificates/
• https://github.com/chef/knife-windows/issues/133

–
Bryan McLellan | chef | engineering lead
© 206.607.7108 | (t) @btmspox | (www) http://chef.io

Does this mean knife bootstrap windows will copy trusted_certs to c:\chef?

Does this version also fix copying the encrypted_data_bag_secret to c:\chef, if I have the following line in my knife.rb?

knife[:secret_file] = “#{current_dir}/encrypted_data_bag_secret”

Chris

-----Original Message-----
From: Bryan McLellan [mailto:btm@chef.io]
Sent: Tuesday, February 17, 2015 6:27 PM
To: chef@lists.opscode.com
Subject: [chef] knife-windows 0.8.4 release

After a few release candidates and appreciated testing, we’ve released knife-windows 0.8.4. This release adds the flags and support necessary to configure your chef-client ssl settings when bootstrapping a new Windows node, including copying the contents of your trusted_certs_dir. Some of these flags can be set on the command line as well as in your knife configuration file. For example:

knife bootstrap windows winrm 192.168.0.10 -x Administrator -P ‘P@ssw0rd’ --node-verify-api-cert --node-ssl-verify-mode peer

For more information on configuring SSL for your chef-client communications, see these resources:

• http://docs.chef.io/chef_client_security.html#ssl-certificates
• https://www.chef.io/blog/2014/12/12/chef-12-fix-untrusted-self-signed-certificates/
• https://github.com/chef/knife-windows/issues/133

–
Bryan McLellan | chef | engineering lead
© 206.607.7108 | (t) @btmspox | (www) http://chef.io

On Wednesday, February 18, 2015 at 10:29 AM, Fouts, Chris wrote:

Does this mean knife bootstrap windows will copy trusted_certs to c:\chef?

Yes, that’s knife-windows #133 as linked in the OP.

Does this version also fix copying the encrypted_data_bag_secret to c:\chef, if I have the following line in my knife.rb?

knife[:secret_file] = "#{current_dir}/encrypted_data_bag_secret"
I’m not sure about this one.

Chris

--
Daniel DeLeo

Thanks Daniel.

I just now tried 0.8.4 and it did copy my trusted_certs dir to c:\chef

Chris

-----Original Message-----
From: Daniel DeLeo [mailto:ddeleo@kallistec.com] On Behalf Of Daniel DeLeo
Sent: Wednesday, February 18, 2015 2:27 PM
To: chef@lists.opscode.com
Subject: [chef] Re: RE: knife-windows 0.8.4 release

On Wednesday, February 18, 2015 at 10:29 AM, Fouts, Chris wrote:

Does this mean knife bootstrap windows will copy trusted_certs to c:\chef?

Yes, that’s knife-windows #133 as linked in the OP.

Does this version also fix copying the encrypted_data_bag_secret to c:\chef, if I have the following line in my knife.rb?

knife[:secret_file] = "#{current_dir}/encrypted_data_bag_secret"
I’m not sure about this one.

Chris

--
Daniel DeLeo

Hi guys,
Is there a way to bootstrap windows node and initially set up chef-client to be run as a service? Without running “chef-service-manager -a install” and “chef-service-manager -a start” on node side afterwards.
Thank you in advance for your responses.
Regards, Taras.

— Оригінальне повідомлення —
Від кого: “Bryan McLellan” btm@chef.io
Дата: 18 лютого 2015, 01:27:41

After a few release candidates and appreciated testing, we’ve released
knife-windows 0.8.4. This release adds the flags and support necessary
to configure your chef-client ssl settings when bootstrapping a new
Windows node, including copying the contents of your
trusted_certs_dir. Some of these flags can be set on the command line
as well as in your knife configuration file. For example:

knife bootstrap windows winrm 192.168.0.10 -x Administrator -P
’P@ssw0rd’ --node-verify-api-cert --node-ssl-verify-mode peer

For more information on configuring SSL for your chef-client
communications, see these resources:

• http://docs.chef.io/chef_client_security.html#ssl-certificates
• https://www.chef.io/blog/2014/12/12/chef-12-fix-untrusted-self-signed-certificates/
• https://github.com/chef/knife-windows/issues/133

–
Bryan McLellan | chef | engineering lead
© 206.607.7108 | (t) @btmspox | (www) http://chef.io

On Thu, Feb 19, 2015 at 7:49 AM, klum_tz@ukr.net wrote:

Is there a way to bootstrap windows node and initially set up chef-client
to be run as a service?
Without running "chef-service-manager -a install" and
"chef-service-manager -a start" on node side afterwards.

No there is not. In the past we've recommended doing that with a cookbook
on the initial run, because there are so many ways to do it on other
platforms it doesn't make sense to add them all to the core client.
However, that logic is built into the MSI, and Windows really only has one
common way to do it. I've created an issue for that consideration:

Of course, you can use the chef-client::windows_service recipe [1] to
enable the service for you on the first run currently.

Bryan

[1]