--2017-09-20 15:35:14-- https://packages.chef.io/files/stable/chefdk/2.3.1/el/7 /chefdk-2.3.1-1.el7.x86_64.rpm
Resolving packages.chef.io (packages.chef.io)... 151.101.34.110
Connecting to packages.chef.io (packages.chef.io)|151.101.34.110|:443... connect ed.
HTTP request sent, awaiting response... 200 OK
Length: 104886580 (100M) [application/x-rpm]
Saving to: ‘chefdk-2.3.1-1.el7.x86_64.rpm’
chefdk-2.3.1-1.el7. 100%[===================>] 100.03M 64.4MB/s in 1.6s
2017-09-20 15:35:16 (64.4 MB/s) - ‘chefdk-2.3.1-1.el7.x86_64.rpm’ saved [1048865 80/104886580]
[root@ip-172-31-16-75 ~]# rpm -ivh https://packages.chef.io/files/stable/chefdk/ 2.3.1/el/7/chefdk-2.3.1-1.el7.x86_64.rpm^C
[root@ip-172-31-16-75 ~]# rpm -ivh chefdk-2.3.1-1.el7.x86_64.rpm
warning: chefdk-2.3.1-1.el7.x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID 83e f826a: NOKEY
Preparing... ################################# [100%]
Updating / installing...
1:chefdk-2.3.1-1.el7 ################################# [100%]
Thank you for installing Chef Development Kit!
[root@ip-172-31-16-75 ~]# which ruby
/usr/bin/ruby
[root@ip-172-31-16-75 ~]# chef
Usage:
chef -h/--help
chef -v/--version
chef command [arguments...] [options...]
Available Commands:
exec Runs the command in context of the embedded ruby
env Prints environment variables used by ChefDK
gem Runs the `gem` command in context of the embedded ruby
generate Generate a new app, cookbook, or component
shell-init Initialize your shell to use ChefDK as your primary ruby
install Install cookbooks from a Policyfile and generate a locked cookbook set
update Updates a Policyfile.lock.json with latest run_list and cookbooks
push Push a local policy lock to a policy group on the server
push-archive Push a policy archive to a policy group on the server
show-policy Show policyfile objects on your Chef Server
diff Generate an itemized diff of two Policyfile lock documents
provision Provision VMs and clusters via cookbook
export Export a policy lock as a Chef Zero code repo
clean-policy-revisions Delete unused policy revisions on the server
clean-policy-cookbooks Delete unused policyfile cookbooks on the server
delete-policy-group Delete a policy group on the server
delete-policy Delete all revisions of a policy on the server
undelete Undo a delete command
[root@ip-172-31-16-75 ~]# knife
ERROR: You need to pass a sub-command (e.g., knife SUB-COMMAND)
Usage: knife sub-command (options)
-s, --server-url URL Chef Server URL
--chef-zero-host HOST Host to start chef-zero on
--chef-zero-port PORT Port (or port range) to start chef-zero on. Port ranges like 1000,1010 or 8889-9999 will try all given ports until one works.
-k, --key KEY API Client Key
--[no-]color Use colored output, defaults to enabled
-c, --config CONFIG The configuration file to use
--config-option OPTION=VALUE Override a single configuration option
--defaults Accept default values for all questions
-d, --disable-editing Do not open EDITOR, just accept the data as is
-e, --editor EDITOR Set the editor to use for interactive commands
-E, --environment ENVIRONMENT Set the Chef environment (except for in searches, where this will be flagr antly ignored)
--[no-]fips Enable fips mode
-F, --format FORMAT Which format to use for output
--[no-]listen Whether a local mode (-z) server binds to a port
-z, --local-mode Point knife commands at local repository instead of server
-u, --user USER API Client Username
--print-after Show the data after a destructive operation
-V, --verbose More verbose output. Use twice for max verbosity
-v, --version Show chef version
-y, --yes Say yes to all prompts for confirmation
-h, --help Show this message
Available subcommands: (for details, knife SUB-COMMAND --help)
** OPSCODE PRIVATE CHEF ORGANIZATION MANAGEMENT COMMANDS **
knife opc org create ORG_SHORT_NAME ORG_FULL_NAME (options)
knife opc org delete ORG_NAME
knife opc org edit ORG
knife opc org list
knife opc org show ORGNAME
knife opc org user add ORG_NAME USER_NAME
knife opc org user remove ORG_NAME USER_NAME
knife opc user create USERNAME FIRST_NAME [MIDDLE_NAME] LAST_NAME EMAIL PASSWORD
knife opc user delete USERNAME [-d]
knife opc user edit USERNAME
knife opc user list
knife opc user password USERNAME [PASSWORD | --enable-external-auth]
knife opc user show USERNAME
** BOOTSTRAP COMMANDS **
knife bootstrap [SSH_USER@]FQDN (options)
knife bootstrap windows ssh FQDN (options)
knife bootstrap windows winrm FQDN (options)
** CLIENT COMMANDS **
knife client bulk delete REGEX (options)
knife client create CLIENTNAME (options)
knife client delete [CLIENT[,CLIENT]] (options)
knife client edit CLIENT (options)
knife client key create CLIENT (options)
knife client key delete CLIENT KEYNAME (options)
knife client key edit CLIENT KEYNAME (options)
knife client key list CLIENT (options)
knife client key show CLIENT KEYNAME (options)
knife client list (options)
knife client reregister CLIENT (options)
knife client show CLIENT (options)
** CONFIGURE COMMANDS **
knife configure (options)
knife configure client DIRECTORY
** COOKBOOK COMMANDS **
knife cookbook bulk delete REGEX (options)
Usage: /usr/bin/knife (options)
knife cookbook delete COOKBOOK VERSION (options)
knife cookbook download COOKBOOK [VERSION] (options)
knife cookbook list (options)
knife cookbook metadata COOKBOOK (options)
knife cookbook metadata from FILE (options)
knife cookbook show COOKBOOK [VERSION] [PART] [FILENAME] (options)
knife cookbook test [COOKBOOKS...] (options)
knife cookbook upload [COOKBOOKS...] (options)
** COOKBOOK SITE COMMANDS **
knife cookbook site download COOKBOOK [VERSION] (options)
knife cookbook site install COOKBOOK [VERSION] (options)
knife cookbook site list (options)
knife cookbook site search QUERY (options)
knife cookbook site share COOKBOOK [CATEGORY] (options)
knife cookbook site show COOKBOOK [VERSION] (options)
knife cookbook site unshare COOKBOOK
** DATA BAG COMMANDS **
knife data bag create BAG [ITEM] (options)
knife data bag delete BAG [ITEM] (options)
knife data bag edit BAG ITEM (options)
knife data bag from file BAG FILE|FOLDER [FILE|FOLDER..] (options)
knife data bag list (options)
knife data bag show BAG [ITEM] (options)
** EC2 COMMANDS **
knife ec2 amis ubuntu DISTRO [TYPE] (options)
** ENVIRONMENT COMMANDS **
knife environment compare [ENVIRONMENT..] (options)
knife environment create ENVIRONMENT (options)
knife environment delete ENVIRONMENT (options)
knife environment edit ENVIRONMENT (options)
knife environment from file FILE [FILE..] (options)
knife environment list (options)
knife environment show ENVIRONMENT (options)
** EXEC COMMANDS **
knife exec [SCRIPT] (options)
** HELP COMMANDS **
knife help [list|TOPIC]
** INDEX COMMANDS **
knife index rebuild (options)
** JOB COMMANDS **
knife job list
knife job output
knife job start
knife job status
** KNIFE COMMANDS **
Usage: /usr/bin/knife (options)
** NODE COMMANDS **
knife node bulk delete REGEX (options)
knife node create NODE (options)
knife node delete [NODE[,NODE]] (options)
knife node edit NODE (options)
knife node environment set NODE ENVIRONMENT
knife node from file FILE (options)
knife node list (options)
knife node run_list add [NODE] [ENTRY[,ENTRY]] (options)
knife node run_list remove [NODE] [ENTRY[,ENTRY]] (options)
knife node run_list set NODE ENTRIES (options)
knife node show NODE (options)
knife node status [
** NULL COMMANDS **
knife null
** OSC COMMANDS **
knife osc_user create USER (options)
knife osc_user delete USER (options)
knife osc_user edit USER (options)
knife osc_user list (options)
knife osc_user reregister USER (options)
knife osc_user show USER (options)
** PATH-BASED COMMANDS **
knife delete [PATTERN1 ... PATTERNn]
knife deps PATTERN1 [PATTERNn]
knife diff PATTERNS
knife download PATTERNS
knife edit [PATTERN1 ... PATTERNn]
knife list [-dfR1p] [PATTERN1 ... PATTERNn]
knife show [PATTERN1 ... PATTERNn]
knife upload PATTERNS
knife xargs [COMMAND]
** RAW COMMANDS **
knife raw REQUEST_PATH
** RECIPE COMMANDS **
knife recipe list [PATTERN]
** REHASH COMMANDS **
knife rehash
** ROLE COMMANDS **
knife role bulk delete REGEX (options)
knife role create ROLE (options)
knife role delete ROLE (options)
knife role edit ROLE (options)
knife role env_run_list add [ROLE] [ENVIRONMENT] [ENTRY[,ENTRY]] (options)
knife role env_run_list clear [ROLE] [ENVIRONMENT]
knife role env_run_list remove [ROLE] [ENVIRONMENT] [ENTRIES]
knife role env_run_list replace [ROLE] [ENVIRONMENT] [OLD_ENTRY] [NEW_ENTRY]
knife role env_run_list set [ROLE] [ENVIRONMENT] [ENTRIES]
knife role from file FILE [FILE..] (options)
knife role list (options)
knife role run_list add [ROLE] [ENTRY[,ENTRY]] (options)
knife role run_list clear [ROLE]
knife role run_list remove [ROLE] [ENTRY]
knife role run_list replace [ROLE] [OLD_ENTRY] [NEW_ENTRY]
knife role run_list set [ROLE] [ENTRIES]
knife role show ROLE (options)
** SEARCH COMMANDS **
knife search INDEX QUERY (options)
** SERVE COMMANDS **
knife serve (options)
** SPORK COMMANDS **
knife spork bump COOKBOOK [major|minor|patch|manual]
knife spork check COOKBOOK (options)
knife spork data bag create BAG [ITEM] (options)
knife spork data bag delete BAG [ITEM] (options)
knife spork data bag edit BAG ITEM (options)
knife spork data bag from file BAG FILE|FOLDER [FILE|FOLDER..] (options)
knife spork delete [COOKBOOKS...] (options)
knife spork environment check ENVIRONMENT (options)
knife spork environment create ENVIRONMENT (options)
knife spork environment delete ENVIRONMENT (options)
knife spork environment edit ENVIRONMENT (options)
knife spork environment from file FILENAME (options)
knife spork info
knife spork node create NODE (options)
knife spork node delete NODE (options)
knife spork node edit NODE (options)
knife spork node from file FILE (options)
knife spork node run_list add [NODE] [ENTRY[,ENTRY]] (options)
knife spork node run_list add [NODE] [ENTRY[,ENTRY]] (options)
knife spork node run_list set NODE ENTRIES (options)
knife spork omni COOKBOOK (options)
knife spork promote ENVIRONMENT COOKBOOK (options)
knife spork role create ROLE (options)
knife spork role delete ROLENAME (options)
knife spork role edit ROLENAME (options)
knife spork role from file FILENAME (options)
knife spork upload [COOKBOOKS...] (options)
** SSH COMMANDS **
knife ssh QUERY COMMAND (options)
** SSL COMMANDS **
knife ssl check [URL] (options)
knife ssl fetch [URL] (options)
** STATUS COMMANDS **
knife status QUERY (options)
** SUPERMARKET COMMANDS **
knife supermarket download COOKBOOK [VERSION] (options)
knife supermarket install COOKBOOK [VERSION] (options)
knife supermarket list (options)
knife supermarket search QUERY (options)
knife supermarket share COOKBOOK [CATEGORY] (options)
knife supermarket show COOKBOOK [VERSION] (options)
knife supermarket unshare COOKBOOK (options)
** TAG COMMANDS **
knife tag create NODE TAG ...
knife tag delete NODE TAG ...
knife tag list NODE
** USER COMMANDS **
knife user create USERNAME DISPLAY_NAME FIRST_NAME LAST_NAME EMAIL PASSWORD (options)
knife user delete USER (options)
knife user edit USER (options)
knife user key create USER (options)
knife user key delete USER KEYNAME (options)
knife user key edit USER KEYNAME (options)
knife user key list USER (options)
knife user key show USER KEYNAME (options)
knife user list (options)
knife user reregister USER (options)
knife user show USER (options)
** VAULT COMMANDS **
knife vault create VAULT ITEM VALUES (options)
knife vault delete VAULT ITEM (options)
knife vault download VAULT ITEM PATH (options)
knife vault edit VAULT ITEM (options)
knife vault isvault VAULT ITEM (options)
knife vault itemtype VAULT ITEM (options)
knife vault list (options)
knife vault refresh VAULT ITEM
knife vault remove VAULT ITEM VALUES (options)
knife vault rotate all keys
knife vault rotate keys VAULT ITEM (options)
knife vault show VAULT [ITEM] [VALUES] (options)
knife vault update VAULT ITEM VALUES (options)
** WINDOWS COMMANDS **
knife windows cert generate FILE_PATH (options)
knife windows cert install CERT [CERT] (options)
knife bootstrap windows winrm FQDN (options)
knife bootstrap windows ssh FQDN (options)
knife winrm QUERY COMMAND (options)
knife wsman test QUERY (options)
knife windows listener create (options)
** WINRM COMMANDS **
knife winrm QUERY COMMAND (options)
** WSMAN COMMANDS **
knife wsman test QUERY (options)
[root@ip-172-31-16-75 ~]# chef generate app
Usage: chef generate app NAME [options]
-C, --copyright COPYRIGHT Name of the copyright holder - defaults to 'The Authors'
-m, --email EMAIL Email address of the author - defaults to 'you@example.com'
-a, --generator-arg KEY=VALUE Use to set arbitrary attribute KEY to VALUE in the code_generator cookbook
-h, --help Show this message
-I, --license LICENSE all_rights, apachev2, mit, gplv2, gplv3 - defaults to all_rights
-v, --version Show chef version
-g GENERATOR_COOKBOOK_PATH, Use GENERATOR_COOKBOOK_PATH for the code_generator cookbook
--generator-cookbook
[root@ip-172-31-16-75 ~]# pwd
/root
[root@ip-172-31-16-75 ~]# which chef
/usr/bin/chef
[root@ip-172-31-16-75 ~]# knife client list
WARNING: No knife configuration file found
WARN: Failed to read the private key /etc/chef/client.pem: #
ERROR: Your private key could not be loaded from /etc/chef/client.pem
Check your configuration file and ensure that your private key is readable
[root@ip-172-31-16-75 ~]# ls -la
total 102472
dr-xr-x--- 5 root root 4096 Sep 20 15:35 .
dr-xr-xr-x 25 root root 4096 Sep 19 20:14 ..
-rw-r--r-- 1 root root 18 Jan 15 2011 .bash_logout
-rw-r--r-- 1 root root 176 Jan 15 2011 .bash_profile
-rw-r--r-- 1 root root 176 Jan 15 2011 .bashrc
-rw-r--r-- 1 root root 104886580 Sep 14 18:53 chefdk-2.3.1-1.el7.x86_64.rpm
-rw-r--r-- 1 root root 100 Jan 15 2011 .cshrc
drwxr----- 3 root root 4096 Sep 20 15:35 .pki
drwxr-xr-x 3 root root 4096 Sep 19 20:15 .python-eggs
drwx------ 2 root root 4096 Sep 19 20:06 .ssh
-rw-r--r-- 1 root root 129 Jan 15 2011 .tcshrc
------------------------------------------------------------------------------------------------------------------------
- On each workstation, this directory is the location into which SSL certificates are placed after they are downloaded from the Chef server using the
knife ssl fetch
subcommand
WARNING: No knife configuration file found
WARNING: Certificates from localhost will be fetched and placed in your trusted_cert
directory (/root/.chef/trusted_certs).
Knife has no means to verify these are the correct certificates. You should
verify the authenticity of these certificates after downloading.
Adding certificate for chef-automate-server-qgr4glxhllrewxvs in /root/.chef/trusted_certs/chef-automate-server- qgr4glxhllrewxvs.crt
Adding certificate for AWS_OpsWorks_Intermediate_CA_for_us-east-1_region in /root/.chef/trusted_certs/AWS_OpsWo rks_Intermediate_CA_for_us-east-1_region.crt
Adding certificate for AWS_OpsWorks_Root_CA in /root/.chef/trusted_certs/AWS_OpsWorks_Root_CA.crt
--------------------------------------------------------------------------------------------------------------------------
- On every node, this directory is the location into which SSL certificates are placed when a node has been bootstrapped with the chef-client from a workstation
[root@ip-172-31-16-75 ~]# cd .chef/
[root@ip-172-31-16-75 .chef]# ll
total 4
drwxr-xr-x 2 root root 4096 Sep 20 16:15 trusted_certs
[root@ip-172-31-16-75 .chef]# cd trusted_certs/
[root@ip-172-31-16-75 trusted_certs]# ll
total 12
-rw-r--r-- 1 root root 2155 Sep 20 16:15 AWS_OpsWorks_Intermediate_CA_for_us-east-1_region.crt
-rw-r--r-- 1 root root 2147 Sep 20 16:15 AWS_OpsWorks_Root_CA.crt
-rw-r--r-- 1 root root 1704 Sep 20 16:15 chef-automate-server-qgr4glxhllrewxvs.crt
[root@ip-172-31-16-75 trusted_certs]# ll /opt/chef/embedded/ssl/certs/cacert.pem
ls: cannot access /opt/chef/embedded/ssl/certs/cacert.pem: No such file or directory
[root@ip-172-31-16-75 trusted_certs]# ll /opt/chefdk/embedded/ssl/certs/cacert.pem
-rw-r--r-- 1 root root 256008 Sep 14 18:51 /opt/chefdk/embedded/ssl/certs/cacert.pem
[root@ip-172-31-16-75 trusted_certs]#
--------------------------------------------------------------------------------------------------------------------------
[root@ip-172-31-16-75 trusted_certs]# knife ssl check
WARNING: No knife configuration file found
Configuration Info:
OpenSSL Configuration:
* Version: OpenSSL 1.0.2l 25 May 2017
* Certificate file: /opt/chefdk/embedded/ssl/cert.pem
* Certificate directory: /opt/chefdk/embedded/ssl/certs
Chef SSL Configuration:
* ssl_ca_path: nil
* ssl_ca_file: nil
* trusted_certs_dir: "/root/.chef/trusted_certs"
WARNING: There are invalid certificates in your trusted_certs_dir.
OpenSSL will not use the following certificates when verifying SSL connections:
/root/.chef/trusted_certs/AWS_OpsWorks_Intermediate_CA_for_us-east-1_region.crt: unable to get local issuer certificate
/root/.chef/trusted_certs/chef-automate-server-qgr4glxhllrewxvs.crt: unable to get local issuer certificate
TO FIX THESE WARNINGS:
We are working on documentation for resolving common issues uncovered here.
* If the certificate is generated by the server, you may try redownloading the
server's certificate. By default, the certificate is stored in the following
location on the host where your chef-server runs:
/var/opt/opscode/nginx/ca/SERVER_HOSTNAME.crt
Copy that file to your trusted_certs_dir (currently: /root/.chef/trusted_certs)
using SSH/SCP or some other secure method, then re-run this command to confirm
that the server's certificate is now trusted.
Connecting to host localhost:443
ERROR: The SSL cert is signed by a trusted authority but is not valid for the given hostname
ERROR: You are attempting to connect to: 'localhost'
ERROR: The server's certificate belongs to 'chef-automate-server-qgr4glxhllrewxvs'
TO FIX THIS ERROR:
The solution for this issue depends on your networking configuration. If you
are able to connect to this server using the hostname chef-automate-server-qgr4glxhllrewxvs
instead of localhost, then you can resolve this issue by updating chef_server_url
in your configuration file.
If you are not able to connect to the server using the hostname chef-automate-server-qgr4glxhllrewxvs
you will have to update the certificate on the server to use the correct hostname.
[root@ip-172-31-16-75 trusted_certs]# ll /var/opt/opscode/nginx/ca/SERVER_HOSTNAME.crt
ls: cannot access /var/opt/opscode/nginx/ca/SERVER_HOSTNAME.crt: No such file or directory
[root@ip-172-31-16-75 trusted_certs]# cd /var/opt/opscode/nginx/ca/
[root@ip-172-31-16-75 ca]# pwd
/var/opt/opscode/nginx/ca
[root@ip-172-31-16-75 ca]# ls
chef-automate-server-qgr4glxhllrewxvs.us-east-1.opsworks-cm.io.crt chef-automate-server-qgr4glxhllrewxvs.us-east-1.opsworks-cm.io.key dhparams.pem
[root@ip-172-31-16-75 ca]# ls -la
total 20
drwxr-x--- 2 opscode opscode 4096 Sep 19 20:12 .
drwxr-x--- 8 opscode opscode 4096 Sep 19 20:11 ..
-rw-r--r-- 1 root root 1562 Sep 19 20:11 chef-automate-server-qgr4glxhllrewxvs.us-east-1.opsworks-cm.io.crt
-rw-r--r-- 1 root root 1679 Sep 19 20:11 chef-automate-server-qgr4glxhllrewxvs.us-east-1.opsworks-cm.io.key
-rw-r--r-- 1 root root 424 Sep 19 20:12 dhparams.pem
[root@ip-172-31-16-75 ca]# cp chef-automate-server-qgr4glxhllrewxvs.us-east-1.opsworks-cm.io.crt /root/.chef/trusted_certs/
[root@ip-172-31-16-75 ca]#
No comments:
Post a Comment