wwest-chef-repo

This is a personal Chef repo for managing home odds and ends (gaming PCs, Minecraft servers, etc).

Workflow

• chef exec knife cookbook site install [name] to get supermarket cookbooks
• chef exec knife cookbook upload [name] --include-dependencies to add them
• chef generate cookbook cookbook/[name] to build new cookbooks
• use berks and berks upload from your cookbooks to push deps to chef
• use foodcritic
• keep everything up to date & pushed in git
• knife cookbook upload --all

Knife & Certs

The chef-repo contains a .chef directory (which is a hidden directory by default) in which the Knife configuration file (knife.rb) is located. This file contains configuration settings for the chef-repo.

Also located inside the .chef directory are .pem files, which contain private keys used to authenticate requests made to the Chef server. The USERNAME.pem file contains a private key unique to the user (and should never be shared with anyone). The ORGANIZATION-validator.pem file contains a private key that is global to the entire organization (and is used by all nodes and workstations that send requests to the Chef server).

All of the secrets can be regenerated via the management UI (for which there is a master credential in an unspecified location) and then re-distributed.

More information about knife.rb configuration options can be found in the documentation for knife.

Bootstrapping History

• set up a hosted Chef org at https://manage.chef.io
• in the Chef management console, generate & download knife config from the starter kit
• clean up kit, tweak knife.rb
• do a git init, then make initial commit
• connect the git repo to an upstream provider (github, bitbucket, etc)

I've encountered some sporadic problems using chefdk for all cookbook development needs... augment tools and cookbook scaffolding as needed.