The ask.openstack.org website will be read-only from now on. Please ask questions on the openstack-discuss mailing-list, stackoverflow.com for coding or serverfault.com for operations.
 | 1 | initial version |
DNS name is optional If all your chef clients and chef server are in a private network in a single OpenStack (which means they can talk to chef server over IP address only and it can ignore SSL host verification b/c of trust), you can use IP address in chef server url without a DNS name. E.g., you can provisioning chef server with IP address 10.40.40.5 (make sure port 4000 is open in security group), and all your chef client can use URL https://10.40.40.5:4000/ (it can ignore SSL verify on chef clients since they're both in private network).
However, if your chef clients access chef server over public network like internet, you need a DNS name to:
According to step 3, you can use cloud init to inject an FQDN in /etc/opscode/chef-server.rb:
chef-server-config:
type: OS::Heat::CloudConfig
properties:
cloud_config:
manage_etc_hosts: true
user: ubuntu
- path: /etc/opscode/chef-server.rb
content:
str_replace:
template: |
server_name = "$chef-server-fqdn"
api_fqdn server_name
bookshelf['vip'] = server_name
nginx['url'] = "https://#{server_name}"
nginx['server_name'] = server_name
params:
$chef-server-fqdn: chef-server.example.com
runcmd:
- execute-this-command-to-install-chef-server.sh
server-init:
type: OS::Heat::MultipartMime
properties:
parts:
- config: { get_resource: chef-server-config }
chef-server:
type: OS::Nova::Server
properties:
name: chef-server
image: { get_param: image_name }
flavor: { get_param: flavor }
key_name: your-keypair-name
networks:
- network: { get_param: network_name }
user_data_format: SOFTWARE_CONFIG
user_data: { get_resource: server-init }