Folks,
I’m creating binary packages to install chef-client on machines in my
organization. I want chef-client installation to be completely isolated
from other components, chef-client update should be done only via binary
packages. Currently I’m doing this in the following way (without couple
of minor details):
- Create chroot environment.
- Install all dependencies to build ruby and chef
- Build ruby using ruby-build
- Install chef
- Clone chef-client and logrotate cookbooks into chef installation for
setup during installation - Create binary package
Postinst script does the following:
- Creates minimal /etc/chef/client.rb with correct chef_server_url and
node_name - Creates /etc/chef/validation.pem
- Runs chef-client to register with server
- Creates config file for chef-solo with cookbook_path pointing to
local directory with chef-client and logrotate cookbooks - Creates json file for chef-solo with run list containing
"recipe[chef-client::delete_validation]",
“recipe[chef-client::config]”, “recipe[chef-client::service]” - Runs chef-solo
After completion I get registered and properly configured chef-client
with empty run list.
I wonder if sequence above is correct way of doing this or something can
be done better. I also wonder why do we have chef-client cookbook and
set of files in lib/ruby/gems/1.9.1/gems/chef-10.16.2/distro, it seems
there is duplication here.
Thanks,
Kirill.