Configuring Your Repository - nshenry03/chef-repo GitHub Wiki

Configuring Knife to Connect to a Chef Server

For simplicity, I'll just be explaining how to connect to a hosted chef server; however, many of the steps will be the same no matter what your environment is.

Download your validation key

For your organization's validation key, go to the Organizations page and find the Regenerate validation key link for your organization. Download this key and save it in the '.chef' folder of your chef repository. WARNING: Do not do this if you are already using the repository as it will break things for anyone else who is using it (you will have to give them the key before they will be able to connect again)

For your client key, go to the Clients page and find the Regenerate API Key associated with you or your account... If there isn't already a client associated with your account, you can create a new client and download the key when you're done. Download this key and save it in the '.chef' folder of your chef repository.

Configure knife to connect to the chef server

Go to your chef repository and edit the '.chef/knife.rb' file.

Modify the following configuration settings (they all have 'CHANGE REQUIRED' comments to make them easier to find)

  • chef_server_url
  • validation_key
  • validation_client_name

Now copy .chef/SAMPLE.knife.local.rb to .chef/knife.local.rb. Open .chef/knife.local.rb for editing.

You will need to modify the following configuration settings (they all have 'CHANGE REQUIRED' comments to make them easier to find)

  • node_name
  • client_key

You should now be able to run knife client list and get a list of all of the clients on your chef server.

Additional Knife Configurations

In .chef/knife.rb, I would recommend that you configure cookbook options to match your company's needs. If you don't have any existing servers already running chef, I would also recommend that you set data_bag_encrypt_version to '2'.

Rake Configuration

If you would like to take advantage of some of the included rake task (for example rake ssl_cert), I would recommend that you modify the default values in config/rake.rb