/chef-server

Chef-server container for Docker.

Primary LanguageShell

chef-server

chef-server will run Chef Server 12 in an Ubuntu Trusty 14.04 LTS container.
Image Size: 1.124 GB

This is a fork of: base/chef-server.

Environment

Protocol / Port

Chef is running over HTTPS/443 by default.
You can however change that to another port by adding -e SSL_PORT=new_port to the docker run command below and update the expose port -p accordingly.

SSL certificate

When Chef Server gets configured it creates an SSL certificate based on the container's FQDN (i.e "103d6875c1c5" which is the "CONTAINER ID"). This default behiavior has been changed to always produce an SSL certificate file named "chef-server.crt".
You can change the certificate name by adding -e CONTAINER_NAME=new_name to the docker run command. Remember to reflect that change in config.rb!

DNS

The container needs to be DNS resolvable!
Be sure 'chef-server' or $CONTAINER_NAME is pointing to the container's IP!
This needs to be done to match the SSL certificate name with the chef_server_url from knife's config.rb file.

Start the container

Docker command:

$ docker run --privileged --name chef-server -d -p 443:443 cbuisson/chef-server

2 volumes directories are available: /root and /var/log. Feel free to optionally to use them while running the docker run command above by adding: -v ~/chef-logs:/var/log -v ~/install-chef-out:/root

Setup knife

Once Chef Server 12 is configured, you can download the Knife admin keys here:

curl -Ok https://chef-server:$SSL_PORT/knife_admin_key.tar.gz

Then un-tar that archive and point your config.rb to the admin.pem and my_org-validator.pem files.

config.rb example:

log_level                :info
log_location             STDOUT
cache_type               'BasicFile'
node_name                'admin'
client_key               '/home/cbuisson/.chef/admin.pem'
validation_client_name   'my_org-validator'
validation_key           '/home/cbuisson/.chef/my_org-validator.pem'
chef_server_url          'https://chef-server:$SSL_PORT/organizations/my_org'

When the config.rb file is ready, you will need to get the SSL certificate file from the container to access Chef Server:

cbuisson@server:~/.chef# knife ssl fetch
WARNING: Certificates from chef-server will be fetched and placed in your trusted_cert
directory (/home/cbuisson/.chef/trusted_certs).

Knife has no means to verify these are the correct certificates. You should
verify the authenticity of these certificates after downloading.

Adding certificate for chef-server in /home/cbuisson/.chef/trusted_certs/chef-server.crt

You should now be able to use the knife command!

cbuisson@server:~# knife user list
admin

Done!

Note

Chef-Server running inside a container isn't officially supported by Chef and as a result the webui isn't available.
However the webui is not required since you can interact with Chef-Server via the knife and chef-server-ctl commands.

Tags

v1.0: Chef Server 11
v2.x: Chef Server 12