Where can I find the unsubscribe link?
Am 27.06.2013 um 22:26 schrieb "> :
> chef Digest Thu, 27 Jun 2013
>
> Table of contents:
>
> 51. [chef] Re: Setting security on remote_directory files in Windows - Jeppe Nejsum Madsen < "> >
> 52. [chef] Re: Deploy from github, using individual keys - Andrew Gross < "> >
> 53. [chef] Re: Deploy from github, using individual keys - Matthew Moretti < "> >
> 54. [chef] Re: Re: Deploy from github, using individual keys - Ronan Amicel < "> >
> 55. [chef] Re: Re: Re: chef-solo server deploy with many services - Daniel DeLeo < "> >
> 56. [chef] Re: Re: What's a cookbook name? - Russell Bateman < "> >
> 57. [chef] Re: <Errno::ECONNRESET: Connection reset by peer -
> SSL_connect> when chef-server-ctl test - Daniel Condomitti < "> >
>
>
> ----------------------------------------------------------------------
>
> Date: Thu, 27 Jun 2013 15:31:17 +0200
> From: Jeppe Nejsum Madsen < "> >
> Subject: [chef] Re: Setting security on remote_directory files in Windows
>
> On Thu, Jun 13, 2013 at 2:37 PM, Jeppe Nejsum Madsen < "> >wrote:
>
>> Hi,
>>
>> Trying to create a directory containing files from a cookbook using the
>> following:
>>
>> remote_directory root_path do
>> source 'AppRoot'
>> rights :full_control, 'NETWORK SERVICE', :applies_to_children => true
>> recursive true
>> end
>>
>> The directory & files are created ok, and security is set on the directory.
>>
>> But the files do not get the required permissions...no mention of NETWORK
>> SERVICE for the files.
>>
>> Any clues?
>>
>> /Jeppe
>>
>
> Strange, this works:
>
> remote_directory root_path do
> source 'AppRoot'
> end
>
> directory root_path do
> rights :full_control, 'NETWORK SERVICE'
> end
>
> It would imagine this to be sufficient:
>
> remote_directory root_path do
> source 'AppRoot'
> rights :full_control, 'NETWORK SERVICE'
> end
>
> But specifying rights on remote_directory doesn't work, even with the
> subsequent directory resource....
>
> Bug?
>
> /Jeppe
>
>
> ------------------------------
>
> Date: Thu, 27 Jun 2013 10:42:23 -0400
> From: Andrew Gross < "> >
> Subject: [chef] Re: Deploy from github, using individual keys
>
> Hey Mike,
>
> Here is a post I made on how we do deploy keys:
> http://loadedinthecloud.blogspot.com/2012/11/github-deploy-keys-with-chef.html
>
> Our solution is to use a new deploy key for every run and then clean them
> up later with a batch job. However, this doesn't really solve the problem,
> just makes it so that now the valuable thing is your Github API key. Unsure
> if there is a good way to use a the hosts ssh-agent from Vagrant, though
> you may be able to hack something together with a Vagrant plugin.
>
> Andrew
>
>
> On Thu, Jun 27, 2013 at 8:10 AM, Mike < "> > wrote:
>
>> I feel like this has been done, demonstrated, but I couldn't find
>> anything on it.
>>
>> Flow:
>>
>> Provision a box
>> At some point in the run, pull a branch from github (master, tag, etc)
>> Restart service if changed
>>
>> By using a GitHub deploy key, I can automate this for prod, sure.
>>
>> But if I'm using Vagrant, and I want to restrict access to the deploy
>> key, is there a known way for me to specify "use a user's ssh-agent
>> forwarded ssh key instead".
>>
>> Ideas, blogs, thoughts?
>> -M
>>
>
>
> ------------------------------
>
> Date: Thu, 27 Jun 2013 11:03:29 -0400
> From: Matthew Moretti < "> >
> Subject: [chef] Re: Deploy from github, using individual keys
>
> I haven't tried this, but you can specify JSON data in your Vagrantfile.
>
> If your deploy process gets your deploy key from an attribute, you can
> override that in the Vagrantfile. And, since a Vagrantfile is just ruby,
> you could get that key from just reading in a user's SSH public key file.
>
> Something like
>
> Vagrant.configure("2") do |config|
> config.vm.provision "chef_server" do |chef|
> # ...
>
> chef.json = {
> "myapp" => {
> "deploy_key" => File.read(ENV['MYORG_DEPLOY_KEY'] ||
> "#{ENV['HOME']}/.ssh/id_rsa.pub")
> }
> }
> endend
>
> Maybe?
>
> -Matt Moretti
>
>
> On Thu, Jun 27, 2013 at 8:10 AM, Mike < "> > wrote:
>
>> I feel like this has been done, demonstrated, but I couldn't find
>> anything on it.
>>
>> Flow:
>>
>> Provision a box
>> At some point in the run, pull a branch from github (master, tag, etc)
>> Restart service if changed
>>
>> By using a GitHub deploy key, I can automate this for prod, sure.
>>
>> But if I'm using Vagrant, and I want to restrict access to the deploy
>> key, is there a known way for me to specify "use a user's ssh-agent
>> forwarded ssh key instead".
>>
>> Ideas, blogs, thoughts?
>> -M
>>
>
>
> ------------------------------
>
> Date: Thu, 27 Jun 2013 17:21:45 +0200
> From: Ronan Amicel < "> >
> Subject: [chef] Re: Re: Deploy from github, using individual keys
>
> ** Warning: Message part originally used character set UTF-8
> Some characters may be lost or incorrect **
>
> On Thu, Jun 27, 2013 at 4:42 PM, Andrew Gross < "> > wrote:
>> Unsure if there is a good way to use a the hosts ssh-agent from Vagrant,
>> though you may be able to hack something together with a Vagrant plugin.
>
> I just add this to my Vagrantfile:
>
> # Forward SSH authentication agent
> config.ssh.forward_agent = true
>
> --
> Ronan Amicel
>
>
> ------------------------------
>
> Date: Thu, 27 Jun 2013 09:18:50 -0700
> From: Daniel DeLeo < "> >
> Subject: [chef] Re: Re: Re: chef-solo server deploy with many services
>
> ** Warning: Message part originally used character set utf-8
> Some characters may be lost or incorrect **
>
>
>
> On Wednesday, June 26, 2013 at 5:40 PM, Albert Vonpupp wrote:
>
>> Thanks for your answer Daniel.
>>
>> I'm having just one git repo that should be available all the time (i.e.
> github or similar). My goal would be continuous delivery of an rpm / deb
> package with the cookbooks within.
>>
>> My main concern is if using templates of configuration files instead of
> cookbooks would be better or not. Ideally I would prefer cookbooks, but I don't
> seem to find all of them, i.e: dhcp-server (working) with rndc-keys.
> Templates are part of cookbooks. I'm assuming you mean using a community
> cookbook vs. writing your own with templates based on your current config
> files?
>
>>
>> Any suggestion?
>>
>> Thanks a lot.
> If you have the time, the best thing to do is fork the cookbooks on github,
> patch them to provide the feature you need, and submit a pull request. Use your
> forked version in the meantime while working with the maintainer to get your
> patch in.
>
> If you don't have time for that, or feel like the existing cookbook is way off
> from your use case, then write your own that does just what you need.
>
>
> --
> Daniel DeLeo
>
>
> ------------------------------
>
> Date: Thu, 27 Jun 2013 10:17:25 -0600
> From: Russell Bateman < "> >
> Subject: [chef] Re: Re: What's a cookbook name?
>
> ** Warning: Message part originally used character set UTF-8
> Some characters may be lost or incorrect **
>
> Brian,
>
> I suppose this helps. What I've learned is that I should have done this
> (which works):
>
> ~/dev/chef-repos $ knife node run_list add uas-dev-app01
> 'recipe[tomcat6]'
>
>
> and left out the chef-repos:: qualification of the recipe name entirely.
> This is fine; I was just trying to follow the examples I'd seen very
> literally which used the more exact qualification.
>
> Thanks,
>
> Russ
>
>
>
> On 6/26/2013 3:45 PM, Brian Hatfield wrote:
>> In the above example, tomcat6 is the name of your cookbook. Specifying
>> a recipe like 'recipe[tomcat6]' is equivalent to
>> 'recipe[tomcat6::default]', which matches
>> chef-repos/cookbooks/tomcat6/recipes/default.rb.
>>
>> Hope that helps.
>>
>>
>> On Wed, Jun 26, 2013 at 5:27 PM, Russell Bateman
>> < "> <mailto: "> >> wrote:
>>
>> I'm discovering that, as I have recipes in subdirectory named
>> /cookbook/, and have put those recipes up to my Chef server,
>>
>> ~/dev/chef-repos $ knife node run_list add uas-dev-app01
>> 'role[application-node]'
>> run_list: [role[application-node]]
>> ~/dev/chef-repos $ knife node run_list add uas-dev-app01
>> 'recipe[*chef-repos::tomcat6*]'
>> run_list:
>> role[application-node]
>> recipe[*chef-repos::tomcat6*]
>>
>>
>> nevertheless they aren't useful to me when, on each of my nodes, I
>> execute chef-client. I used "chef-repos" because of examples I saw
>> Googling.
>>
>> I get this:
>>
>> ...
>>
> ===============================================================================
> =
>> Error Resolving Cookbooks for Run List:
>>
> ===============================================================================
> =
>>
>> Missing Cookbooks:
>> ------------------
>> The following cookbooks are required by the client but don't
>> exist on the server:
>> * chef-repos
>> ...
>>
>>
>> which clearly shows that, while the Chef server web UI lists the
>> recipes I need, they're referenced by a cookbook the server has no
>> knowledge of. I cannot figure out how, using knife, to tell it.
>> This is pretty confusing.
>>
>> At my development host (from which I'm administering all of this),
>> I see:
>>
>> chef-repos
>> ????????? .chef
>> ????????? cookbooks
>> ??? ????????? apt
>> ??? ????????? mongodb
>> ??? ????????? tomcat6
>> ????????? nodes
>> ????????? roles
>>
>>
>> Based on the error above, I am induced to think that chef-repos is
>> the name of my cookbook:
>>
>> ~/uas/chef-repos $ knife cookbook show chef-repos
>> ERROR: The object you are looking for could not be found
>> Response: Cannot find a cookbook named chef-repos
>>
>> But, it's not. And sometimes in Chef, I can't tell the difference,
>> especially when using knife cookbook, what the difference between
>> a cookbook and a recipe is.
>>
>> I'd like to know what to tell my server so that when I attempt to
>> get a node up with chef-client, it knows what
>> chef-repos::tomcat6is and that this recipe is the tomcat6recipe
>> sitting in Chef Server UI -> Cookbooks.
>>
>> Many thanks.
>>
>>
>>
>
>
> ------------------------------
>
> Date: Thu, 27 Jun 2013 10:41:06 -0700
> From: Daniel Condomitti < "> >
> Subject: [chef] Re: <Errno::ECONNRESET: Connection reset by peer -
> SSL_connect> when chef-server-ctl test
>
> ** Warning: Message part originally used character set utf-8
> Some characters may be lost or incorrect **
>
> Try `openssl s_client -connect ip-10-0-1-86:443` and curl
> http://ip-10-0-1-86:443/clients' to see if it's actually just serving HTTP
> (non-TLS/SSL traffic) on port 443.
>
>
> On Thursday, June 27, 2013 at 12:49 AM, Dmitrii Golub wrote:
>
>> Hello
>>
>> After successfull chef installation on AWS Ubuntu 12.04 (default instance),
> chef version chef-server_11.0.8-1.ubuntu.12.04_amd64.deb
>> When I run
>> sudo chef-server-ctl test
>>
>> Receive error <Errno::ECONNRESET: Connection reset by peer - SSL_connect>
> (full error listing: https://gist.github.com/Houdini/5868356)
>> I noticed that error is in file
>>
> /opt/chef-server/embedded/service/chef-pedant/lib/pedant/opensource/platform.rb
> :81:in `create_client'
>> I added puts there, and url is "https://ip-10-0-1-86/clients" that actually
> is localhost.
>>
>> And really:
>> curl https://ip-10-0-1-86/clients
>> curl: (35) Unknown SSL protocol error in connection to ip-10-0-1-86:443
>>
>>
>> Any ideas how to fix it?
>>
>> Thanks
>
>
> ------------------------------
>
>
> End of chef Digest Thu, 27 Jun 2013
> *********************************************
Archive powered by MHonArc 2.6.16.