A workstation is a computer that is configured to run knife, to synchronize with the chef-repo, and interact with a single Chef server. The workstation is the location from which most users will do most of their work.
We need ti install on our workstation:
#rpm -Uhv chefdk-0.7.0-1.el6.x86_64.rpm
After the installation, you can verify that all of the components are available in their expected location through the new
# chef verify
Running verification for component 'berkshelf'
Running verification for component 'test-kitchen'
Running verification for component 'chef-client'
Running verification for component 'chef-dk'
Running verification for component 'chef-provisioning'
Running verification for component 'chefspec'
Running verification for component 'rubocop'
Running verification for component 'fauxhai'
Running verification for component 'knife-spork'
Running verification for component 'kitchen-vagrant'
Running verification for component 'package installation'
Running verification for component 'openssl'
Verification of component 'rubocop' succeeded.
Verification of component 'knife-spork' succeeded.
Verification of component 'openssl' succeeded.
Verification of component 'berkshelf' succeeded.
Verification of component 'chef-dk' succeeded.
Verification of component 'fauxhai' succeeded.
Verification of component 'test-kitchen' succeeded.
Verification of component 'chef-provisioning' succeeded.
Verification of component 'kitchen-vagrant' succeeded.
Verification of component 'chefspec' succeeded.
Verification of component 'chef-client' succeeded.
Verification of component 'package installation' succeeded.
Install ruby if you have no it. Then:
#echo 'eval "$(chef shell-init bash)"' >> ~/.bash_profile
#chef generate app chef-repo
Generate chef repo:
#chef generate app chef-repo
Create .chef Directory
The .chef directory is used to store three files:
Download files listed above into .chef directory, after that try to connect with knife to Chef server.
[root@.chef]# knife cookbook list
ERROR: SSL Validation failure connecting to host: chef – SSL_connect returned=1 errno=0 state=error: certificate verify failed
ERROR: Could not establish a secure connection to the server.
Use `knife ssl check` to troubleshoot your SSL configuration.
If your Chef Server uses a self-signed certificate, you can use
`knife ssl fetch` to make knife trust the server's certificates.
Original Exception: OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=error: certificate verify failed
Get SSL Certificates
Chef server 12 enables SSL verification by default for all requests made to the server, such as those made by knife and the chef-client. The certificate that is generated during the installation of the Chef server is self-signed, which means there isn’t a signing certificate authority (CA) to verify. In addition, this certificate must be downloaded to any machine from which knife and/or the chef-client will make requests to the Chef server.
Use the knife ssl fetch command to pull the SSL certificate down from the Chef server:
[root@.chef]# knife ssl fetch
WARNING: Certificates from chef will be fetched and placed in your trusted_cert
Knife has no means to verify these are the correct certificates. You should
verify the authenticity of these certificates after downloading.
[root@.chef]# knife user list
Is it working? Good.
That's all for today.