- From: Waldemar Schwan <
>
- To:
- Subject: [chef] Re: chef Digest Thu, 27 Jun 2013 (3/3)
- Date: Fri, 28 Jun 2013 10:20:49 +0200
Where can I find the unsubscribe link?
Am 27.06.2013 um 22:26 schrieb
:
>
chef Digest Thu, 27 Jun 2013
>
>
Table of contents:
>
>
51. [chef] Re: Setting security on remote_directory files in Windows -
>
Jeppe Nejsum Madsen
>
<
>
>
52. [chef] Re: Deploy from github, using individual keys - Andrew Gross
>
<
>
>
53. [chef] Re: Deploy from github, using individual keys - Matthew Moretti
>
<
>
>
54. [chef] Re: Re: Deploy from github, using individual keys - Ronan Amicel
>
<
>
>
55. [chef] Re: Re: Re: chef-solo server deploy with many services - Daniel
>
DeLeo
>
<
>
>
56. [chef] Re: Re: What's a cookbook name? - Russell Bateman
>
<
>
>
57. [chef] Re: <Errno::ECONNRESET: Connection reset by peer -
>
SSL_connect> when chef-server-ctl test - Daniel Condomitti
>
<
>
>
>
>
----------------------------------------------------------------------
>
>
Date: Thu, 27 Jun 2013 15:31:17 +0200
>
From: Jeppe Nejsum Madsen
>
<
>
>
Subject: [chef] Re: Setting security on remote_directory files in Windows
>
>
On Thu, Jun 13, 2013 at 2:37 PM, Jeppe Nejsum Madsen
>
<
>wrote:
>
>
> Hi,
>
>
>
> Trying to create a directory containing files from a cookbook using the
>
> following:
>
>
>
> remote_directory root_path do
>
> source 'AppRoot'
>
> rights :full_control, 'NETWORK SERVICE', :applies_to_children => true
>
> recursive true
>
> end
>
>
>
> The directory & files are created ok, and security is set on the directory.
>
>
>
> But the files do not get the required permissions...no mention of NETWORK
>
> SERVICE for the files.
>
>
>
> Any clues?
>
>
>
> /Jeppe
>
>
>
>
Strange, this works:
>
>
remote_directory root_path do
>
source 'AppRoot'
>
end
>
>
directory root_path do
>
rights :full_control, 'NETWORK SERVICE'
>
end
>
>
It would imagine this to be sufficient:
>
>
remote_directory root_path do
>
source 'AppRoot'
>
rights :full_control, 'NETWORK SERVICE'
>
end
>
>
But specifying rights on remote_directory doesn't work, even with the
>
subsequent directory resource....
>
>
Bug?
>
>
/Jeppe
>
>
>
------------------------------
>
>
Date: Thu, 27 Jun 2013 10:42:23 -0400
>
From: Andrew Gross
>
<
>
>
Subject: [chef] Re: Deploy from github, using individual keys
>
>
Hey Mike,
>
>
Here is a post I made on how we do deploy keys:
>
http://loadedinthecloud.blogspot.com/2012/11/github-deploy-keys-with-chef.html
>
>
Our solution is to use a new deploy key for every run and then clean them
>
up later with a batch job. However, this doesn't really solve the problem,
>
just makes it so that now the valuable thing is your Github API key. Unsure
>
if there is a good way to use a the hosts ssh-agent from Vagrant, though
>
you may be able to hack something together with a Vagrant plugin.
>
>
Andrew
>
>
>
On Thu, Jun 27, 2013 at 8:10 AM, Mike
>
<
>
>
wrote:
>
>
> I feel like this has been done, demonstrated, but I couldn't find
>
> anything on it.
>
>
>
> Flow:
>
>
>
> Provision a box
>
> At some point in the run, pull a branch from github (master, tag, etc)
>
> Restart service if changed
>
>
>
> By using a GitHub deploy key, I can automate this for prod, sure.
>
>
>
> But if I'm using Vagrant, and I want to restrict access to the deploy
>
> key, is there a known way for me to specify "use a user's ssh-agent
>
> forwarded ssh key instead".
>
>
>
> Ideas, blogs, thoughts?
>
> -M
>
>
>
>
>
------------------------------
>
>
Date: Thu, 27 Jun 2013 11:03:29 -0400
>
From: Matthew Moretti
>
<
>
>
Subject: [chef] Re: Deploy from github, using individual keys
>
>
I haven't tried this, but you can specify JSON data in your Vagrantfile.
>
>
If your deploy process gets your deploy key from an attribute, you can
>
override that in the Vagrantfile. And, since a Vagrantfile is just ruby,
>
you could get that key from just reading in a user's SSH public key file.
>
>
Something like
>
>
Vagrant.configure("2") do |config|
>
config.vm.provision "chef_server" do |chef|
>
# ...
>
>
chef.json = {
>
"myapp" => {
>
"deploy_key" => File.read(ENV['MYORG_DEPLOY_KEY'] ||
>
"#{ENV['HOME']}/.ssh/id_rsa.pub")
>
}
>
}
>
endend
>
>
Maybe?
>
>
-Matt Moretti
>
>
>
On Thu, Jun 27, 2013 at 8:10 AM, Mike
>
<
>
>
wrote:
>
>
> I feel like this has been done, demonstrated, but I couldn't find
>
> anything on it.
>
>
>
> Flow:
>
>
>
> Provision a box
>
> At some point in the run, pull a branch from github (master, tag, etc)
>
> Restart service if changed
>
>
>
> By using a GitHub deploy key, I can automate this for prod, sure.
>
>
>
> But if I'm using Vagrant, and I want to restrict access to the deploy
>
> key, is there a known way for me to specify "use a user's ssh-agent
>
> forwarded ssh key instead".
>
>
>
> Ideas, blogs, thoughts?
>
> -M
>
>
>
>
>
------------------------------
>
>
Date: Thu, 27 Jun 2013 17:21:45 +0200
>
From: Ronan Amicel
>
<
>
>
Subject: [chef] Re: Re: Deploy from github, using individual keys
>
>
** Warning: Message part originally used character set UTF-8
>
Some characters may be lost or incorrect **
>
>
On Thu, Jun 27, 2013 at 4:42 PM, Andrew Gross
>
<
>
>
wrote:
>
> Unsure if there is a good way to use a the hosts ssh-agent from Vagrant,
>
> though you may be able to hack something together with a Vagrant plugin.
>
>
I just add this to my Vagrantfile:
>
>
# Forward SSH authentication agent
>
config.ssh.forward_agent = true
>
>
--
>
Ronan Amicel
>
>
>
------------------------------
>
>
Date: Thu, 27 Jun 2013 09:18:50 -0700
>
From: Daniel DeLeo
>
<
>
>
Subject: [chef] Re: Re: Re: chef-solo server deploy with many services
>
>
** Warning: Message part originally used character set utf-8
>
Some characters may be lost or incorrect **
>
>
>
>
On Wednesday, June 26, 2013 at 5:40 PM, Albert Vonpupp wrote:
>
>
> Thanks for your answer Daniel.
>
>
>
> I'm having just one git repo that should be available all the time (i.e.
>
github or similar). My goal would be continuous delivery of an rpm / deb
>
package with the cookbooks within.
>
>
>
> My main concern is if using templates of configuration files instead of
>
cookbooks would be better or not. Ideally I would prefer cookbooks, but I
>
don't
>
seem to find all of them, i.e: dhcp-server (working) with rndc-keys.
>
Templates are part of cookbooks. I'm assuming you mean using a community
>
cookbook vs. writing your own with templates based on your current config
>
files?
>
>
>
>
> Any suggestion?
>
>
>
> Thanks a lot.
>
If you have the time, the best thing to do is fork the cookbooks on github,
>
patch them to provide the feature you need, and submit a pull request. Use
>
your
>
forked version in the meantime while working with the maintainer to get your
>
patch in.
>
>
If you don't have time for that, or feel like the existing cookbook is way
>
off
>
from your use case, then write your own that does just what you need.
>
>
>
--
>
Daniel DeLeo
>
>
>
------------------------------
>
>
Date: Thu, 27 Jun 2013 10:17:25 -0600
>
From: Russell Bateman
>
<
>
>
Subject: [chef] Re: Re: What's a cookbook name?
>
>
** Warning: Message part originally used character set UTF-8
>
Some characters may be lost or incorrect **
>
>
Brian,
>
>
I suppose this helps. What I've learned is that I should have done this
>
(which works):
>
>
~/dev/chef-repos $ knife node run_list add uas-dev-app01
>
'recipe[tomcat6]'
>
>
>
and left out the chef-repos:: qualification of the recipe name entirely.
>
This is fine; I was just trying to follow the examples I'd seen very
>
literally which used the more exact qualification.
>
>
Thanks,
>
>
Russ
>
>
>
>
On 6/26/2013 3:45 PM, Brian Hatfield wrote:
>
> In the above example, tomcat6 is the name of your cookbook. Specifying
>
> a recipe like 'recipe[tomcat6]' is equivalent to
>
> 'recipe[tomcat6::default]', which matches
>
> chef-repos/cookbooks/tomcat6/recipes/default.rb.
>
>
>
> Hope that helps.
>
>
>
>
>
> On Wed, Jun 26, 2013 at 5:27 PM, Russell Bateman
>
> <
>
>
>
> <mailto:
>>
>
> wrote:
>
>
>
> I'm discovering that, as I have recipes in subdirectory named
>
> /cookbook/, and have put those recipes up to my Chef server,
>
>
>
> ~/dev/chef-repos $ knife node run_list add uas-dev-app01
>
> 'role[application-node]'
>
> run_list: [role[application-node]]
>
> ~/dev/chef-repos $ knife node run_list add uas-dev-app01
>
> 'recipe[*chef-repos::tomcat6*]'
>
> run_list:
>
> role[application-node]
>
> recipe[*chef-repos::tomcat6*]
>
>
>
>
>
> nevertheless they aren't useful to me when, on each of my nodes, I
>
> execute chef-client. I used "chef-repos" because of examples I saw
>
> Googling.
>
>
>
> I get this:
>
>
>
> ...
>
>
>
===============================================================================
>
=
>
> Error Resolving Cookbooks for Run List:
>
>
>
===============================================================================
>
=
>
>
>
> Missing Cookbooks:
>
> ------------------
>
> The following cookbooks are required by the client but don't
>
> exist on the server:
>
> * chef-repos
>
> ...
>
>
>
>
>
> which clearly shows that, while the Chef server web UI lists the
>
> recipes I need, they're referenced by a cookbook the server has no
>
> knowledge of. I cannot figure out how, using knife, to tell it.
>
> This is pretty confusing.
>
>
>
> At my development host (from which I'm administering all of this),
>
> I see:
>
>
>
> chef-repos
>
> ????????? .chef
>
> ????????? cookbooks
>
> ??? ????????? apt
>
> ??? ????????? mongodb
>
> ??? ????????? tomcat6
>
> ????????? nodes
>
> ????????? roles
>
>
>
>
>
> Based on the error above, I am induced to think that chef-repos is
>
> the name of my cookbook:
>
>
>
> ~/uas/chef-repos $ knife cookbook show chef-repos
>
> ERROR: The object you are looking for could not be found
>
> Response: Cannot find a cookbook named chef-repos
>
>
>
> But, it's not. And sometimes in Chef, I can't tell the difference,
>
> especially when using knife cookbook, what the difference between
>
> a cookbook and a recipe is.
>
>
>
> I'd like to know what to tell my server so that when I attempt to
>
> get a node up with chef-client, it knows what
>
> chef-repos::tomcat6is and that this recipe is the tomcat6recipe
>
> sitting in Chef Server UI -> Cookbooks.
>
>
>
> Many thanks.
>
>
>
>
>
>
>
>
>
------------------------------
>
>
Date: Thu, 27 Jun 2013 10:41:06 -0700
>
From: Daniel Condomitti
>
<
>
>
Subject: [chef] Re: <Errno::ECONNRESET: Connection reset by peer -
>
SSL_connect> when chef-server-ctl test
>
>
** Warning: Message part originally used character set utf-8
>
Some characters may be lost or incorrect **
>
>
Try `openssl s_client -connect ip-10-0-1-86:443` and curl
>
http://ip-10-0-1-86:443/clients' to see if it's actually just serving HTTP
>
(non-TLS/SSL traffic) on port 443.
>
>
>
On Thursday, June 27, 2013 at 12:49 AM, Dmitrii Golub wrote:
>
>
> Hello
>
>
>
> After successfull chef installation on AWS Ubuntu 12.04 (default instance),
>
chef version chef-server_11.0.8-1.ubuntu.12.04_amd64.deb
>
> When I run
>
> sudo chef-server-ctl test
>
>
>
> Receive error <Errno::ECONNRESET: Connection reset by peer - SSL_connect>
>
(full error listing: https://gist.github.com/Houdini/5868356)
>
> I noticed that error is in file
>
>
>
/opt/chef-server/embedded/service/chef-pedant/lib/pedant/opensource/platform.rb
>
:81:in `create_client'
>
> I added puts there, and url is "https://ip-10-0-1-86/clients" that actually
>
is localhost.
>
>
>
> And really:
>
> curl https://ip-10-0-1-86/clients
>
> curl: (35) Unknown SSL protocol error in connection to ip-10-0-1-86:443
>
>
>
>
>
> Any ideas how to fix it?
>
>
>
> Thanks
>
>
>
------------------------------
>
>
>
End of chef Digest Thu, 27 Jun 2013
>
*********************************************
- [chef] Re: chef Digest Thu, 27 Jun 2013 (3/3), Waldemar Schwan, 06/28/2013
Archive powered by MHonArc 2.6.16.