When you bootstrap a node using knife bootstrap
Chef assumes that you’ll have access to the internet. It uses this to download the client package and some metadata, but you don’t have to be connected to the internet to bootstrap a node.
This is especially handy in cases where you have a firewalled setup that won’t let you get packages from the internet.
There’s two ways to solve this. The first is to take advantage of the --bootstrap-install-command
flag.
For distro’s that use apt
$ knife bootstrap chefnode -N MyNewNode --bootstrap-install-command "curl http://your-internal-server/chef.deb -o /tmp/chef.deb && dpkg -i /tmp/chef.deb
For distro’s that use yum
$ knife bootstrap chefnode -N MyNewNode --bootstrap-install-command "yum install -y http://your-internal-server/chef.rpm"
This method is a good choice for one-offs, or a very small number of machines, but if you have anymore than that then the better option is to make a bootstrap template.
Making your own bootstrap template
Bootstrap templates are simply erb
files that Chef uses to determine how to bootstrap a node. You can override the default one with the knife
flag --bootstrap-template
You can make your own template and place it in ~/chef-repo/.chef/bootstrap
(you may have to make the bootstrap
directory).
The easiest way to do make your own template, is to start with the default Chef template and modify it to contain the bootstrap commands you need, similar to the above.
Once you’ve created and saved your own template, you can now change your command to (assuming you made a debian.erb
):
$ knife bootstrap chefnode -N MyNewNode --bootstrap-template debian
You may have noticed that these two methods are functionally the same, pass the command in and it gets interpolated into the template, make a template and put your command in, same result. The reason I recommend you use templates for more than a few nodes is because you can keep your bootstrap files in version control, though it takes a few more steps.
Version controlling your bootstrap files
Since knife
will look in a few places for a .chef/bootstrap
directory, we have to keep our bootstrap files there somehow. The problem is we shouldn’t commit .chef
directories to version control since the directory contains keys. Instead what you can do is make a ~/chef-repo/bootstrap
folder that contains your files and instead of creating the directory as we did above, instead we’d symlink it.
From your ~/chef-repo
:
$ ln -s ../bootstrap .chef/bootstrap
Now you can add your ~/chef-repo/bootstrap
directory to your next commit without exposing keys or having to keep track of a bunch of bootstrap commands.
What do you think? Leave a comment. Click here if you would like to see more like this: https://ThaiWood.IO/DevTo
Top comments (0)