Configuring Your Repository - nshenry03/chef-repo GitHub Wiki
Configuring Knife to Connect to a Chef Server
For simplicity, I'll just be explaining how to connect to a hosted chef server; however, many of the steps will be the same no matter what your environment is.
Download your validation key
For your organization's validation key, go to the Organizations page and find the Regenerate validation key
link for your organization. Download this key and save it in the '.chef' folder of your chef repository. WARNING: Do not do this if you are already using the repository as it will break things for anyone else who is using it (you will have to give them the key before they will be able to connect again)
For your client key, go to the Clients page and find the Regenerate API Key
associated with you or your account... If there isn't already a client associated with your account, you can create a new client and download the key when you're done. Download this key and save it in the '.chef' folder of your chef repository.
Configure knife to connect to the chef server
Go to your chef repository and edit the '.chef/knife.rb' file.
Modify the following configuration settings (they all have 'CHANGE REQUIRED' comments to make them easier to find)
- chef_server_url
- validation_key
- validation_client_name
Now copy .chef/SAMPLE.knife.local.rb
to .chef/knife.local.rb
. Open .chef/knife.local.rb
for editing.
You will need to modify the following configuration settings (they all have 'CHANGE REQUIRED' comments to make them easier to find)
- node_name
- client_key
You should now be able to run knife client list
and get a list of all of the clients on your chef server.
Additional Knife Configurations
In .chef/knife.rb
, I would recommend that you configure cookbook options to match your company's needs. If you don't have any existing servers already running chef, I would also recommend that you set data_bag_encrypt_version
to '2'.
Rake Configuration
If you would like to take advantage of some of the included rake task (for example rake ssl_cert
), I would recommend that you modify the default values in config/rake.rb