Skip to content

Instantly share code, notes, and snippets.

@ericcalabretta

ericcalabretta/chef-client-validator-bootstrap.md

Last active August 20, 2020 13:38
Show Gist options
  • Save ericcalabretta/9da3d818edc967670b9dfec71043fe77 to your computer and use it in GitHub Desktop.
Save ericcalabretta/9da3d818edc967670b9dfec71043fe77 to your computer and use it in GitHub Desktop.
Download ZIP
chef-client validator bootstrap
Raw
chef-client-validator-bootstrap.md

Bootstrap chef client with Validator Bootstrap Option

To bootstrap a node we need to install install Chef-Client and configure Chef-Client to talk to Chef-Server.

The validator bootstrap option has the client bootstrap itself, and is commonly used with another tool like vRA, Terraform or SCCM to perform the initial fleet bootstrap.

Steps:

1. Download appropriate chef-client from https://downloads.chef.io/

2. Run the appropriate installer for your operating system.

3. Make sure chef-client is on your path

You can check it's installed & on your path & installed correctly with:

chef-client --version 
Chef Infra Client: 15.5.17

One Windows you need the following two entries added to PATH environmental variable.

C:\opscode\chef\bin
C:\opscode\chef\embedded\bin

4. Copy your organization validator key to your node:

The client needs to authenticate to Chef-Server. We'll use the validator key that was created when you made your organization validator.pem to authenticate us during the bootstrap process.

For Linux copy the key over to /etc/chef/ create the chef directory if needed.

For Windows copy the key over to C:\chef\ create the chef directory if needed.

5. Create your chef-client config file client.rb

Linux example:

For linux create your config file at /etc/chef/client.rb

Example /etc/chef/client.rb

chef_server_url  'https://FQDN/organizations/demo-org'
validation_key '/etc/chef/validator.pem'
chef_license 'accept'
ssl_verify_mode :verify_none
policy_name 'base-policy'
policy_group 'demo'

windows example:

For Windows create your config file at C:\chef\client.rb

Windows Example C:\chef\client.rb

chef_server_url 'https://FQDN/organizations/demo-org'
validation_key 'C:\\chef\\validator.pem'
chef_license 'accept'
ssl_verify_mode :verify_none
policy_name 'base-policy'
policy_group 'demo'

client.rb notes:

chef_server_url is the FQDN to your chef server. /organizations/orgname is required you may have multiple orgnanizations so you need to be specific. Mine was demo-org

validation_key is the full path to your validator.pem

chef_license & ssl_verify_mode, accept the chef license, then disable SSL verification since we used a self-signed cert when we configured Chef Automate.

Windows requires an extra \ since \ is a special character in ruby & we need to escape it C:\\Users\\

6. Run chef-client

We have chef-client installed, we've created our chef-client config file, and copied our validator key over.

We can simply run the chef-client now, and it'll bootstrap itself to the chef-server. You'll need to run as sudo or administrator so Chef-Client can create/read it's secret key.

chef-client

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment