From d9f1cd5a9ff9ec2546bad4646d78b08dcd2a027c Mon Sep 17 00:00:00 2001 From: Dishank Tiwari Date: Thu, 12 Dec 2024 21:23:46 +0530 Subject: [PATCH] Remove references to packages.chef.io (#4316) * updated the chef package link Signed-off-by: Dishank Tiwari * Fix images Signed-off-by: Ian Maddaus * Undo file changes Signed-off-by: Ian Maddaus * Corrections and edits Signed-off-by: Ian Maddaus * Editing Signed-off-by: Ian Maddaus * Lints Signed-off-by: Ian Maddaus * Bring in updates from workstation docs Signed-off-by: Ian Maddaus --------- Signed-off-by: Dishank Tiwari Signed-off-by: Ian Maddaus Co-authored-by: Ian Maddaus --- .../workstation/install_workstation.md | 79 +++++----- .../content/workstation/knife_ssh.md | 20 ++- _vendor/modules.txt | 2 +- content/azure_chef_cli.md | 20 +-- content/install_bootstrap.md | 58 ++++---- content/install_chef_air_gap.md | 139 +++++++++--------- go.mod | 2 +- go.sum | 4 +- 8 files changed, 163 insertions(+), 161 deletions(-) diff --git a/_vendor/github.com/chef/chef-workstation/docs-chef-io/content/workstation/install_workstation.md b/_vendor/github.com/chef/chef-workstation/docs-chef-io/content/workstation/install_workstation.md index 42e88b9ea6..72ead9093f 100644 --- a/_vendor/github.com/chef/chef-workstation/docs-chef-io/content/workstation/install_workstation.md +++ b/_vendor/github.com/chef/chef-workstation/docs-chef-io/content/workstation/install_workstation.md @@ -19,6 +19,8 @@ aliases = ["/install_workstation.html", "/install_dk.html", "/workstation_window For general information about downloading Chef products, see the [Chef download documentation](/download/). +For supported Chef Workstation versions, see the [Chef Workstation release notes](/release_notes_workstation/) or use the [Chef download APIs](/download). + ## Supported Platforms The following table lists the commercially supported platforms and versions for Chef Workstation: @@ -49,10 +51,8 @@ Additional Chef Workstation App Requirements: The Chef Workstation installer must run as a privileged user. -Chef Workstation installs to `/opt/chef-workstation/` on macOS / Linux -and `C:\opscode\chef-workstation\` on Windows. These file locations -help avoid interference between these components and other -applications that may be running on the target machine. +Chef Workstation installs to `/opt/chef-workstation/` on macOS and Linux, and `C:\opscode\chef-workstation\` on Windows. +These file locations help avoid interference between these components and other applications that may be running on the target machine. ### macOS Install @@ -93,60 +93,59 @@ msiexec /q /i MsiPath ADDLOCAL=ALL REMOVE=ChefWSApp ### Linux -1. Visit the [Chef Downloads page](https://www.chef.io/downloads) or download the appropriate package for your distribution: - - - Red Hat Enterprise Linux +You can use [Chef's download APIs](/download) or a package manager to install Chef Workstation on Linux. - ```bash - wget https://packages.chef.io/files/stable/chef-workstation//el//chef-workstation--1.el.x86_64.rpm - ``` +#### Download API - For example: +- To use the [Chef download APIs](/download) to download Chef Workstation: - ```sh - wget https://packages.chef.io/files/stable/chef-workstation/24.4.1064/el/8/chef-workstation-24.4.1064-1.el8.x86_64.rpm - ``` + ```bash + wget https://chefdownload-commercial.chef.io/stable/chef-workstation/download?p=&pv=&m=&v=&license_id= + ``` + Replace: - - Debian/Ubuntu + - `` with the platform you want to run Chef Workstation on. For example, `ubuntu` or `el`. + - `` with the version of the platform you want to run Chef Workstation on. + - `` with the architecture that Chef Workstation on. For example, `x86_64`. + - `` with the version of Chef Workstation you want to download. + - `` with your [Chef license ID](/licensing). - ``` bash - wget https://packages.chef.io/files/stable/chef-workstation//ubuntu//chef-workstation_-1_amd64.deb - ``` + For example, run the following to download Chef Workstation 24.8.1068 on Red Hat Enterprise Linux 9 running on x86-64 architecture: - For example: + ```sh + wget https://chefdownload-commercial.chef.io/stable/chef-workstation/download?p=el&pv=9&m=x86_64&v=24.4.1068&license_id= + ``` - ```sh - wget https://packages.chef.io/files/stable/chef-workstation/24.4.1064/ubuntu/20.04/chef-workstation_24.4.1064-1_amd64.deb - ``` +See the [Chef download API documentation](/download) and [Chef licensing documentation](/licensing) for more information. -1. Use your distribution's package manager to install Chef Workstation: +#### Package manager - - Red Hat Enterprise Linux: +You can use Yum or Dpkg package managers to install Chef Workstation. - ``` bash - yum localinstall chef-workstation--1.el.x86_64.rpm - ``` +- To download Chef Workstation using Yum on Red Hat Enterprise Linux: - For example: + ``` bash + yum localinstall chef-workstation--1.el.x86_64.rpm + ``` - ``` bash - yum localinstall chef-workstation-24.4.1064-1.el8.x86_64.rpm - ``` + For example: - - Debian/Ubuntu: + ``` bash + yum localinstall chef-workstation-24.4.1064-1.el8.x86_64.rpm + ``` - ``` bash - dpkg -i chef-workstation_-1_amd64.deb - ``` +- To download Chef Workstation using Dpkg on Ubuntu or Debian: - For example: + ``` bash + dpkg -i chef-workstation_-1_amd64.deb + ``` - ```sh - dpkg -i chef-workstation_24.4.1064-1_amd64.deb - ``` + For example: -See the [Chef Workstation release notes](/release_notes_workstation/) or the [Omnitruck API](https://omnitruck.chef.io/stable/chef-workstation/versions/all) for supported version numbers. + ```sh + dpkg -i chef-workstation_24.4.1064-1_amd64.deb + ``` ## Verify the Installation diff --git a/_vendor/github.com/chef/chef-workstation/docs-chef-io/content/workstation/knife_ssh.md b/_vendor/github.com/chef/chef-workstation/docs-chef-io/content/workstation/knife_ssh.md index 9c39022dd3..9daec7d767 100644 --- a/_vendor/github.com/chef/chef-workstation/docs-chef-io/content/workstation/knife_ssh.md +++ b/_vendor/github.com/chef/chef-workstation/docs-chef-io/content/workstation/knife_ssh.md @@ -86,17 +86,15 @@ This subcommand has the following options: : The search query used to return a list of servers to be accessed using SSH and the specified `SSH_COMMAND`. This option uses the same syntax as the search subcommand. If the `SEARCH_QUERY` does not contain a colon character (`:`), then the default query pattern is `tags:*#{@query}* OR roles:*#{@query}* OR fqdn:*#{@query}* OR addresses:*#{@query}*`, which means the following two search queries are effectively the same: - - -``` bash -knife search ubuntu -``` - -or: - -``` bash -knife search node "tags:*ubuntu* OR roles:*ubuntu* OR fqdn:*ubuntu* (etc.)" -``` + ``` bash + knife search ubuntu + ``` + + or: + + ``` bash + knife search node "tags:*ubuntu* OR roles:*ubuntu* OR fqdn:*ubuntu* (etc.)" + ``` `SSH_COMMAND` diff --git a/_vendor/modules.txt b/_vendor/modules.txt index e322fcec2e..c29ebebf71 100644 --- a/_vendor/modules.txt +++ b/_vendor/modules.txt @@ -8,7 +8,7 @@ # github.com/inspec/inspec-azure/docs-chef-io v0.0.0-20240122032234-c1394fc25525 # github.com/inspec/inspec-habitat/docs-chef-io v0.0.0-20220218210405-bfd542da49fd # github.com/inspec/inspec-k8s/docs-chef-io v0.0.0-20240122032042-421355eaf502 -# github.com/chef/chef-workstation/docs-chef-io v0.0.0-20240809064339-878cb76b2b66 +# github.com/chef/chef-workstation/docs-chef-io v0.0.0-20241212065721-f1621731d636 # github.com/chef/supermarket/docs-chef-io v0.0.0-20241105172430-a362eded8f72 # github.com/chef/effortless/docs-chef-io v0.0.0-20230711123605-c8beb79aba4f # github.com/chef/compliance-profiles/docs-chef-io v0.0.0-20241211025148-fb9cb1f3e2bc diff --git a/content/azure_chef_cli.md b/content/azure_chef_cli.md index 477dd75221..78dec81cdb 100644 --- a/content/azure_chef_cli.md +++ b/content/azure_chef_cli.md @@ -22,8 +22,8 @@ Windows PowerShell cmdlets and two Microsoft Azure CLI commands. If the Microsoft Azure [cross-platform command line tool (Xplat-CLI)](https://github.com/Azure/azure-xplat-cli) is installed on -the workstation, along with the Azure Chef Extension, the `get-chef` and -`set-chef` extensions may be used to manage Chef running on virtual +the workstation along with the Azure Chef Extension, you can use the `get-chef` and +`set-chef` extensions to manage Chef running on virtual machines in Microsoft Azure. ### get-chef @@ -125,7 +125,7 @@ azure vm extension set-chef your-vm-name --validation-pem ~/chef-repo/.chef/test azure vm extension set-chef your-vm-name --validation-pem ~/chef-repo/.chef/testorg-validator.pem --client-config ~/chef-repo/.chef/client.rb --version "1201.12" -R 'recipe[your_cookbook_name::your_recipe_name]' ``` -##### Azure Resource Manager (ARM) Templates +##### Azure Resource Manager (ARM) templates If you are using Azure Resource Manager templates to create your infrastructure you can use the Chef extension to have Azure handle the bootstrapping/configuration of your node to your Chef Infra Server. @@ -222,7 +222,7 @@ The extension has the following options that can be provided in the : Verify the SSL certificate on the Chef Infra Server. When `true`, Chef Infra Client always verifies the SSL certificate. When `false`, Chef Infra Client uses the value of `ssl_verify_mode` to determine if the SSL certificate requires verification. -#### Protected Settings +#### Protected settings The following options can be provided to the extension through the `protectedSettings` hash: @@ -240,9 +240,9 @@ The following options can be provided to the extension through the `protectedSet ### Examples -The following examples show how Chef Infra Client can be installed and configured from an ARM template. +The following examples show how you can install and configure Chef Infra Client from an ARM template. -#### Installing the Azure Chef extension on a Linux system +#### Install the Azure Chef extension on a Linux system ```json { @@ -270,7 +270,7 @@ The following examples show how Chef Infra Client can be installed and configure } ``` -#### Installing the Azure Chef extension on a Windows system +#### Install the Azure Chef extension on a Windows system ```json { @@ -289,7 +289,7 @@ The following examples show how Chef Infra Client can be installed and configure "validation_client_name": "my-chef-organization-validator" }, "runlist": "recipe[awesome_customers_windows],recipe[iis],role[windows_base]", - "chef_package_url" : "https://my.packages.chef.io/chef-client-15.11.8-1-x64.msi", + "chef_package_url" : "https://download.example.com/chef-client-15.11.8-1-x64.msi", "validation_key_format": "plaintext" }, "protectedSettings": { @@ -299,7 +299,7 @@ The following examples show how Chef Infra Client can be installed and configure } ``` -#### Installing the Azure Chef extension on a Linux system with SSL peer verification turned off and given a data bag secret +#### Install the Azure Chef extension on a Linux system with SSL peer verification turned off and given a data bag secret ```json { @@ -331,6 +331,6 @@ The following examples show how Chef Infra Client can be installed and configure {{< note >}} -Here we're also base64 encoding our validator key which is a recommended approach when using the Azure Chef extension in an ARM template +In this example the validator key is base64 encoded, which is a recommended approach when using the Azure Chef extension in an ARM template. {{< /note >}} diff --git a/content/install_bootstrap.md b/content/install_bootstrap.md index 63a6351635..145bf2409e 100644 --- a/content/install_bootstrap.md +++ b/content/install_bootstrap.md @@ -1,5 +1,5 @@ +++ -title = "Bootstrap a Node" +title = "Bootstrap a node" draft = false gh_repo = "chef-web-docs" aliases = ["/install_bootstrap.html"] @@ -23,21 +23,26 @@ product = ["client", "workstation"] ### Run the bootstrap command -The `knife bootstrap` subcommand is used to run a bootstrap operation that installs Chef Infra Client on the target node. The following steps describe how to bootstrap a node using knife. +The `knife bootstrap` command runs a bootstrap operation that installs Chef Infra Client on a target node. The following steps describe how to bootstrap a node using knife. 1. Identify the FQDN or IP address of the target node. The `knife bootstrap` command requires the FQDN or the IP address for the node to complete the bootstrap operation. -2. Once the workstation machine is configured, it can be used to install Chef Infra Client on one (or more) nodes across the organization using a knife bootstrap operation. The `knife bootstrap` command is used to SSH into the target machine, and then do what is needed to allow Chef Infra Client to run on the node. It will install the Chef Infra Client executable (if necessary), generate keys, and register the node with the Chef Infra Server. The bootstrap operation requires the IP address or FQDN of the target system, the SSH credentials (username, password or identity file) for an account that has root access to the node, and (if the operating system is not Ubuntu, which is the default distribution used by `knife bootstrap`) the operating system running on the target system. +2. Once the workstation machine is configured, it can be used to install Chef Infra Client on one (or more) nodes across the organization using a knife bootstrap operation. The `knife bootstrap` command is used to SSH into the target machine, and then do what's needed to allow Chef Infra Client to run on the node. It will install the Chef Infra Client executable (if necessary), generate keys, and register the node with the Chef Infra Server. The bootstrap operation requires the IP address or FQDN of the target system, the SSH credentials (username, password or identity file) for an account that has root access to the node, and (if the operating system isn't Ubuntu, which is the default distribution used by `knife bootstrap`) the operating system running on the target system. In a command window, enter the following: ```bash - knife bootstrap 172.16.1.233 -U USERNAME --sudo + knife bootstrap
-U --sudo ``` - where `172.16.1.233` is the IP address or the FQDN for the node, and `USERNAME` is the username you want to use to connect, and `--sudo` specifies to elevate privileges using the sudo command on UNIX-based systems. + Replace: - Then while the bootstrap operation is running, the command window will show something similar to the following: + - `
` the IP address or the FQDN of the node + - `` with the username used to connect to the node + + The `--sudo` option elevates privileges using the sudo command on UNIX-based systems. + + While the bootstrap operation is running, the command window returns something similar to the following: ```bash Enter password for ubuntu@172.16.1.233: @@ -123,7 +128,7 @@ The `knife bootstrap` subcommand is used to run a bootstrap operation that insta client2 ``` -## Validatorless and Legacy Validator Bootstraps +## Validatorless and legacy validator bootstraps We recommended using "validatorless bootstrapping" to authenticate new nodes with the Chef Infra Server. @@ -131,8 +136,8 @@ The legacy Chef Infra validator-based node bootstrapping process depended on usi Shortcomings of the legacy validator process are: -* All users share the same key for bootstrapping new systems -* Key sharing makes key rotation difficult, if it is compromised or if an employee leaves the organization. +- All users share the same key for bootstrapping new systems +- Key sharing makes key rotation difficult, if it's compromised or if an employee leaves the organization. The "validatorless bootstrap" generates a key for each node, which is then transferred to the new node and used to authenticate with the Chef Infra Server instead of relying on a shared "validator" key. @@ -152,7 +157,7 @@ Use the following options with a validatorless bootstrap to specify items that a `--bootstrap-vault-json VAULT_JSON` -: A JSON string that contains a list of vaults and items to be updated. --bootstrap-vault-json '{ "vault1": \["item1", "item2"\], "vault2": "item2" }' +: A JSON string that contains a list of vaults and items to be updated. `--bootstrap-vault-json '{ "vault1": \["item1", "item2"\], "vault2": "item2" }'` ## Examples @@ -175,7 +180,7 @@ cat sea-power-content.json knife vault create sea power -M client -A sean_horn,angle -J sea-power-content.json ``` -No clients, because the `-S` option was not specified while creating the vault. +No clients, because the `-S` option wasn't specified while creating the vault. At this time, only the users `sean_horn` and `angle` are authorized to read and manage the vault. @@ -190,7 +195,7 @@ search_query: some: content for them ``` -It is definitely an encrypted databag, see? +It's definitely an encrypted databag, see? ```bash knife data_bag show sea power @@ -344,27 +349,28 @@ search_query: some: content for them ``` -## Unattended Installs +## Unattended installs -Chef Infra Client can be installed using an unattended bootstrap. This allows Chef Infra Client to be installed from itself, without requiring SSH. For example, machines are often created using environments like AWS Auto Scaling, AWS CloudFormation, Rackspace Auto Scale, and PXE. In this scenario, using tooling for attended, single-machine installs like `knife bootstrap` or `knife CLOUD_PLUGIN create` is not practical because the machines are created automatically and someone cannot always be on-hand to initiate the bootstrap process. +Chef Infra Client can be installed using an unattended bootstrap. This allows Chef Infra Client to be installed from itself, without requiring SSH. For example, machines are often created using environments like AWS Auto Scaling, AWS CloudFormation, Rackspace Auto Scale, and PXE. In this scenario, using tooling for attended, single-machine installs like `knife bootstrap` or `knife CLOUD_PLUGIN create` is not practical because the machines are created automatically and someone can't always be on-hand to initiate the bootstrap process. When Chef Infra Client is installed using an unattended bootstrap, remember that Chef Infra Client: -* Must be able to authenticate to the Chef Infra Server -* Must be able to configure a run-list -* May require custom attributes, depending on the cookbooks that are being used -* Must be able to access the chef-validator.pem so that it may create a new identity on the Chef Infra Server -* Must have a unique node name; Chef Infra Client will use the FQDN for the host system by default +- Must be able to authenticate to the Chef Infra Server. +- Must be able to configure a run-list. +- May require custom attributes, depending on the cookbooks that are being used. +- Must be able to access the `chef-validator.pem` file so that it may create a new identity on the Chef Infra Server. +- Must have a unique node name; Chef Infra Client will use the FQDN for the host system by default. When Chef Infra Client is installed using an unattended bootstrap, it may be built into an image that starts Chef Infra Client on boot, or installed using User Data or some other kind of post-deployment script. The type of image or User Data used depends on the platform on which the unattended bootstrap will take place. -### Bootstrapping with User Data +### Bootstrapping with user data -The method used to inject a user data script into a server will vary depending on the infrastructure platform being used. For example, on AWS you can pass this data in as a text file using the command line tool. +The method used to inject a user data script into a server varies depending on the infrastructure platform being used. +For example, on AWS you can pass this data in as a text file using the command line. The following user data examples demonstrate the process of bootstrapping Windows and Linux nodes. -#### PowerShell User Data +#### PowerShell user data ```powershell ## Set host file so the instance knows where to find chef-server @@ -372,8 +378,8 @@ $hosts = "1.2.3.4 hello.example.com" $file = "C:\Windows\System32\drivers\etc\hosts" $hosts | Add-Content $file -## Download the Chef Infra Client -$clientURL = "https://packages.chef.io/files/stable/chef/12.19.36/windows/2012/chef-client-.msi" +## Download Chef Infra Client +$clientURL = "https://chefdownload-commercial.chef.io/stable/client/download?p=windows>&pv=&m=&v=&license_id=" $clientDestination = "C:\chef-client.msi" Invoke-WebRequest $clientURL -OutFile $clientDestination @@ -402,7 +408,7 @@ Set-Content -Path c:\chef\client.rb -Value $clientrb C:\opscode\chef\bin\chef-client.bat -j C:\chef\first-boot.json ``` -#### Bash User Data +#### Bash user data ```bash #!/bin/bash -xev @@ -447,7 +453,7 @@ EOF chef-client -j /etc/chef/first-boot.json ``` -It is important that settings in the [client.rb file](/config_rb_client/)---`chef_server_url`, `http_proxy`, and so on are used---to ensure that configuration details are built into the unattended bootstrap process. +It's important that settings in the [client.rb file](/config_rb_client/)---for example `chef_server_url` and `http_proxy`---are used to ensure that configuration details are built into the unattended bootstrap process. ##### Setting the initial run-list diff --git a/content/install_chef_air_gap.md b/content/install_chef_air_gap.md index 473f4f37b8..af34beb654 100644 --- a/content/install_chef_air_gap.md +++ b/content/install_chef_air_gap.md @@ -22,15 +22,16 @@ network. Since a variety of different practices are used to create an air-gapped network, this guide focuses solely on the implementation of Chef software - as such, it makes the following assumptions: -* You have a way to get packages to your air-gapped machines -* Machines on your air-gapped network are able to resolve each other using DNS -* A server's Fully Qualified Domain Name (FQDN) is the name that will be used by other servers to access it -* You have a private Ruby gem mirror to supply gems as needed -* You have an artifact store for file downloads. At a minimum, it should have the following packages available: - * Chef Workstation - * Chef Infra Client - * Chef Supermarket - * An [install script](/install_chef_air_gap/#create-an-install-script) for Chef Infra Client +- You have a way to get packages to your air-gapped machines +- Machines on your air-gapped network are able to resolve each other using DNS +- A server's Fully Qualified Domain Name (FQDN) is the name that will be used by other servers to access it +- You have a private Ruby gem mirror to supply gems as needed +- You have an artifact store for file downloads. At a minimum, it should have the following packages available: + + - Chef Workstation + - Chef Infra Client + - Chef Supermarket + - An [install script](/install_chef_air_gap/#create-an-install-script) for Chef Infra Client ### Required cookbooks @@ -39,18 +40,18 @@ This guide will link to the required cookbooks for each piece of software in tha For Chef Supermarket: -* [supermarket-omnibus-cookbook](https://supermarket.chef.io/cookbooks/supermarket-omnibus-cookbook) -* [chef-ingredient](https://supermarket.chef.io/cookbooks/chef-ingredient) -* [hostsfile](https://supermarket.chef.io/cookbooks/hostsfile) +- [supermarket-omnibus-cookbook](https://supermarket.chef.io/cookbooks/supermarket-omnibus-cookbook) +- [chef-ingredient](https://supermarket.chef.io/cookbooks/chef-ingredient) +- [hostsfile](https://supermarket.chef.io/cookbooks/hostsfile) -### Required Gems +### Required gems The following Ruby gems are required to install private Supermarket using the supermarket-omnibus-cookbook: -* mixlib-install -* mixlib-shellout -* mixlib-versioning -* artifactory +- mixlib-install +- mixlib-shellout +- mixlib-versioning +- artifactory These should be accessible from your Gem mirror. @@ -72,16 +73,16 @@ The install script should be accessible from your artifact store. In this section you'll install the Chef Infra Server, and create your organization and user. Note that to configure Supermarket later -in this guide, you will need a user that is a member of the `admins` +in this guide, you will need a user that's a member of the `admins` group. 1. Download the package from [Chef Downloads](https://www.chef.io/downloads). -2. Upload the package to the machine that will run the Chef Infra Server, and then record its location on the file system. The rest of these steps assume this location is in the `/tmp` directory. +1. Upload the package to the machine that will run the Chef Infra Server, and then record its location on the file system. The rest of these steps assume this location is in the `/tmp` directory. -3. {{< readfile file="content/server/reusable/md/install_chef_server_install_package.md" >}} +1. {{< readfile file="content/server/reusable/md/install_chef_server_install_package.md" >}} -4. Run the following to start all of the services: +1. Run the following to start all of the services: ```bash sudo chef-server-ctl reconfigure @@ -91,9 +92,9 @@ group. that work together to create a functioning system, this step may take a few minutes to complete. -5. {{< readfile file="content/server/reusable/md/ctl_chef_server_user_create_admin.md">}} +1. {{< readfile file="content/server/reusable/md/ctl_chef_server_user_create_admin.md">}} -6. {{< readfile file="content/server/reusable/md/ctl_chef_server_org_create_summary.md">}} +1. {{< readfile file="content/server/reusable/md/ctl_chef_server_org_create_summary.md">}} ## Chef Workstation @@ -107,19 +108,19 @@ group. dpkg -i chef-workstation_0.14.16-1_amd64.deb ``` -2. Use the `chef generate repo` command to generate your Chef repo: +1. Use the `chef generate repo` command to generate your Chef repo: ```bash chef generate repo chef-repo ``` -3. Within your Chef repo, create a `.chef` directory: +1. Within your Chef repo, create a `.chef` directory: ```bash mkdir /chef-repo/.chef ``` -4. Copy the `USER.pem` and `ORGANIZATION.pem` files from the server, +1. Copy the `USER.pem` and `ORGANIZATION.pem` files from the server, and move them into the `.chef` directory. ```bash @@ -130,7 +131,7 @@ group. By default, `knife bootstrap` uses the `chef-full` template to bootstrap a node. This template contains a number of useful features, but it also -attempts to pull an installation script from `packages.chef.io`. In +attempts to pull an installation script from `https://omnitruck.chef.io`. In this section, you'll copy the contents of the `chef-full` template to a custom template, and then modify the package and Ruby gem sources. @@ -141,15 +142,14 @@ custom template, and then modify the package and Ruby gem sources. mkdir bootstrap ``` -2. Move to the `bootstrap` directory and create a blank template file; +1. Move to the `bootstrap` directory and create a blank template file; this example will use `airgap.erb` for the template name: ```bash touch airgap.erb ``` -3. Still in the `bootstrap` directory, issue the following command to - copy the `chef-full` configuration to your new template: +1. Still in the `bootstrap` directory, issue the following command to copy the `chef-full` configuration to your new template: ```bash find /opt/chef-workstation/embedded/lib/ruby -type f -name chef-full.erb -exec cat {} \; > airgap.erb @@ -161,14 +161,13 @@ custom template, and then modify the package and Ruby gem sources. template file name, be sure to replace `airgap.erb` with the template file you created during the last step. -4. Update `airgap.erb` to replace `omnitruck.chef.io` with the URL of - `install.sh` on your artifact store: +1. Update `airgap.erb` to replace `omnitruck.chef.io` with the URL of `install.sh` on your artifact store: ```ruby install_sh="<%= knife_config[:bootstrap_url] ? knife_config[:bootstrap_url] : "http://packages.example.com/install.sh" %>" ``` -5. Still in your text editor, locate the following line near the bottom +1. Still in your text editor, locate the following line near the bottom of your `airgap.erb` file: ```ruby @@ -233,27 +232,27 @@ In this section, you will use a wrapper around the to install private Supermarket. The Supermarket cookbook depends upon the following cookbooks: -* [chef-ingredient](https://supermarket.chef.io/cookbooks/chef-ingredient) -* [hostsfile](https://supermarket.chef.io/cookbooks/hostsfile) +- [chef-ingredient](https://supermarket.chef.io/cookbooks/chef-ingredient) +- [hostsfile](https://supermarket.chef.io/cookbooks/hostsfile) The following Gems must be accessible using your Gem mirror: -* mixlib-install -* mixlib-shellout -* mixlib-versioning -* artifactory +- mixlib-install +- mixlib-shellout +- mixlib-versioning +- artifactory Your `cookbooks` directory must have all three of these cookbooks installed before you will be able to use the Supermarket cookbook wrapper. In addition the necessary cookbooks, a private Chef Supermarket has the following requirements: -* An operational Chef Infra Server to act as the OAuth 2.0 provider -* A user account on the Chef Infra Server with `admins` privileges -* A key for the user account on the Chef server -* An x86_64 Ubuntu, RHEL, or Amazon Linux host with at least 1 GB memory -* System clocks synchronized on the Chef Infra Server and Supermarket hosts -* Sufficient disk space to meet project cookbook storage capacity or credentials to store cookbooks in an Amazon Simple Storage Service (S3) bucket +- An operational Chef Infra Server to act as the OAuth 2.0 provider +- A user account on the Chef Infra Server with `admins` privileges +- A key for the user account on the Chef server +- An x86_64 Ubuntu, RHEL, or Amazon Linux host with at least 1 GB memory +- System clocks synchronized on the Chef Infra Server and Supermarket hosts +- Sufficient disk space to meet project cookbook storage capacity or credentials to store cookbooks in an Amazon Simple Storage Service (S3) bucket ### Configure credentials @@ -266,17 +265,17 @@ Supermarket. admin-level user. If running a multi-node Chef Infra Server cluster, log on to the node acting as the primary node in the cluster. -2. Update the `/etc/opscode/chef-server.rb` configuration file. +1. Update the `/etc/opscode/chef-server.rb` configuration file. {{< readfile file="content/server/reusable/md/config_ocid_application_hash_supermarket.md" >}} -3. Reconfigure the Chef Infra Server. +1. Reconfigure the Chef Infra Server. ```bash sudo chef-server-ctl reconfigure ``` -4. Retrieve Supermarket's OAuth 2.0 client credentials: +1. Retrieve Supermarket's OAuth 2.0 client credentials: Depending on your Chef Infra Server version and configuration (see [chef-server.rb](/server/config_rb_server_optional_settings/#config-rb-server-insecure-addon-compat)), @@ -301,13 +300,13 @@ Supermarket. chef generate cookbook my_supermarket_wrapper ``` -2. Change directories into that cookbook: +1. Change directories into that cookbook: ```bash cd my_supermarket_wrapper ``` -3. Defines the wrapper cookbook's dependency on the +1. Defines the wrapper cookbook's dependency on the `supermarket-omnibus-cookbook` cookbook. Open the `metadata.rb` file of the newly-created cookbook, and then add the following line: @@ -315,9 +314,9 @@ Supermarket. depends 'supermarket-omnibus-cookbook' ``` -4. Save and close the `metadata.rb` file. +1. Save and close the `metadata.rb` file. -5. Open the `/recipes/default.rb` recipe located within the +1. Open the `/recipes/default.rb` recipe located within the newly-generated cookbook and add the following content: ```ruby @@ -337,12 +336,12 @@ and then reference them from the recipe. For example, the data bag could be named `apps` and then a data bag item within the data bag could be named `supermarket`. The following attributes are required: -* `chef_server_url`: the url for your chef server. -* `chef_oauth2_app_id`: the Chef Identity uid from +- `chef_server_url`: the url for your chef server. +- `chef_oauth2_app_id`: the Chef Identity uid from `/etc/opscode/oc-id-applications/supermarket.json` -* `chef_oauth2_secret`: The Chef Identity secret from +- `chef_oauth2_secret`: The Chef Identity secret from `/etc/opscode/oc-id-applications/supermarket.json` -* `package_url`: The location of the Supermarket package on your +- `package_url`: The location of the Supermarket package on your artifact store To define these attributes, do the following: @@ -356,7 +355,7 @@ To define these attributes, do the following: app = data_bag_item('apps', 'supermarket') ``` -2. Set the attributes from the data bag: +1. Set the attributes from the data bag: ```ruby node.override['supermarket_omnibus']['chef_server_url'] = app['chef_server_url'] @@ -391,9 +390,9 @@ To define these attributes, do the following: include_recipe 'supermarket-omnibus-cookbook' ``` -3. Save and close the `recipes/default.rb` file. +1. Save and close the `recipes/default.rb` file. -4. Upload all of your cookbooks to the Chef Infra Server: +1. Upload all of your cookbooks to the Chef Infra Server: ```ruby knife cookbook upload -a @@ -411,10 +410,10 @@ knife bootstrap ip_address -N supermarket-node -x ubuntu --sudo where: -* `-N` defines the name of the Chef Supermarket node: +- `-N` defines the name of the Chef Supermarket node: `supermarket-node` -* `-x` defines the (ssh) user name: `ubuntu` -* `--sudo` ensures that sudo is used while running commands on the +- `-x` defines the (ssh) user name: `ubuntu` +- `--sudo` ensures that sudo is used while running commands on the node during the bootstrap operation When the bootstrap operation is finished, do the following: @@ -429,14 +428,14 @@ When the bootstrap operation is finished, do the following: where `supermarket-node` is the name of the node that was just bootstrapped. -2. Start Chef Infra Client on the newly-bootstrapped Chef Supermarket +1. Start Chef Infra Client on the newly-bootstrapped Chef Supermarket node. For example, using SSH: ```bash ssh ubuntu@your-supermarket-node-public-dns ``` -3. After accessing the Chef Supermarket node, run Chef Infra Client: +1. After accessing the Chef Supermarket node, run Chef Infra Client: ```bash sudo chef-client @@ -446,18 +445,18 @@ When the bootstrap operation is finished, do the following: To reach the newly spun up private Chef Supermarket, the hostname must be resolvable from a workstation. For production use, the hostname -should have a DNS entry in an appropriate domain that is trusted by each +should have a DNS entry in an appropriate domain that's trusted by each user's workstation. 1. Visit the Chef Supermarket hostname in the browser. A private Chef Supermarket will generate and use a self-signed certificate, if a - certificate is not supplied as part of the installation process (using + certificate isn't supplied as part of the installation process (using the wrapper cookbook). -2. If an SSL notice is shown due to your self-signed certificate while +1. If an SSL notice is shown due to your self-signed certificate while connecting to Chef Supermarket using a web browser, accept the SSL certificate. A trusted SSL certificate should be used for private - Chef Supermarket that is used in production. -3. After opening Chef Supermarket in a web browser, click the **Create + Chef Supermarket that's used in production. +1. After opening Chef Supermarket in a web browser, click the **Create Account** link. A prompt to log in to the Chef Infra Server is shown. Authorize the Chef Supermarket to use the Chef Infra Server account for authentication. @@ -467,7 +466,7 @@ user's workstation. The redirect URL specified for Chef Identity **MUST** match the FQDN hostname of the Chef Supermarket server. The URI must also be correct: `/auth/chef_oauth2/callback`. Otherwise, an error message similar to -`The redirect uri included is not valid.` will be shown. +`The redirect uri included isn't valid.` will be shown. {{< /note >}} diff --git a/go.mod b/go.mod index f5f034fe22..13f15556a6 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,7 @@ require ( github.com/chef/automate/components/docs-chef-io v0.0.0-20241202053455-d6fa3db8941a // indirect github.com/chef/chef-docs-theme v0.0.0-20241206202643-d5ef90c514a1 // indirect github.com/chef/chef-server/docs-chef-io v0.0.0-20241126093050-948ceb81afae // indirect - github.com/chef/chef-workstation/docs-chef-io v0.0.0-20240809064339-878cb76b2b66 // indirect + github.com/chef/chef-workstation/docs-chef-io v0.0.0-20241212065721-f1621731d636 // indirect github.com/chef/compliance-profiles/docs-chef-io v0.0.0-20241211025148-fb9cb1f3e2bc // indirect github.com/chef/compliance-remediation-2022/docs-chef-io v0.0.0-20240313054833-ebbc45209efa // indirect github.com/chef/desktop-config/docs-chef-io v0.0.0-20240814044820-5af667d41a43 // indirect diff --git a/go.sum b/go.sum index b48cbee47c..ec1e10b301 100644 --- a/go.sum +++ b/go.sum @@ -4,8 +4,8 @@ github.com/chef/chef-docs-theme v0.0.0-20241206202643-d5ef90c514a1 h1:1ASUjeDFUB github.com/chef/chef-docs-theme v0.0.0-20241206202643-d5ef90c514a1/go.mod h1:+Jpnv+LXE6dXu2xDcMzMc0RxRGuCPAoFxq5tJ/X6QpQ= github.com/chef/chef-server/docs-chef-io v0.0.0-20241126093050-948ceb81afae h1:ml5zs10Wv+YgJSq5zLlyLroTcP2x1U4Op/whIpVr14s= github.com/chef/chef-server/docs-chef-io v0.0.0-20241126093050-948ceb81afae/go.mod h1:gMSa25GUHmLimA0gjvRd3hs1buOBqkKPrdHzHvaJauY= -github.com/chef/chef-workstation/docs-chef-io v0.0.0-20240809064339-878cb76b2b66 h1:mGSa2uVyyi8bHyluwmmd83UReZR9gqF/roi5v7lnv0s= -github.com/chef/chef-workstation/docs-chef-io v0.0.0-20240809064339-878cb76b2b66/go.mod h1:u6KNpAJs9lTmRigxXsxX0dEywa5KLB40m1vbAalN0NI= +github.com/chef/chef-workstation/docs-chef-io v0.0.0-20241212065721-f1621731d636 h1:Sxl7NK+aUJjWAjWK8e7BW3LkKuXC48wPplLNG67NaV8= +github.com/chef/chef-workstation/docs-chef-io v0.0.0-20241212065721-f1621731d636/go.mod h1:u6KNpAJs9lTmRigxXsxX0dEywa5KLB40m1vbAalN0NI= github.com/chef/compliance-profiles/docs-chef-io v0.0.0-20241211025148-fb9cb1f3e2bc h1:1XQ9lU2HIVdaJDmbZC3zptA6mGoOSwi6vs67wZgVRrw= github.com/chef/compliance-profiles/docs-chef-io v0.0.0-20241211025148-fb9cb1f3e2bc/go.mod h1:fsG7S6r66ZW6Af/sqq+OL3WNP+BoO4V1/Evwu98Noig= github.com/chef/compliance-remediation-2022/docs-chef-io v0.0.0-20240313054833-ebbc45209efa h1:H2kX1/99ggT3YoLlO6xe7FuqsWl0dETD0OXUvKCWrII=