Ask Your Question

Revision history [back]

DNS name is optional If all your chef clients and chef server are in a private network in a single OpenStack (which means they can talk to chef server over IP address only and it can ignore SSL host verification b/c of trust), you can use IP address in chef server url without a DNS name. E.g., you can provisioning chef server with IP address 10.40.40.5 (make sure port 4000 is open in security group), and all your chef client can use URL https://10.40.40.5:4000/ (it can ignore SSL verify on chef clients since they're both in private network).

However, if your chef clients access chef server over public network like internet, you need a DNS name to:

  1. locate where chef server is
  2. chef clients must verify the chef server hostname via SSL
  3. chef server provisioning must use the correct name (FQDN) to generate a cert (or use your own cert following this guide: custom ssl certificates with chef 11 server).

According to step 3, you can use cloud init to inject an FQDN in /etc/opscode/chef-server.rb:

  chef-server-config:
    type: OS::Heat::CloudConfig
    properties:
      cloud_config:
        manage_etc_hosts: true
        user: ubuntu
        - path: /etc/opscode/chef-server.rb
          content:
            str_replace:
              template: |
                server_name = "$chef-server-fqdn"
                api_fqdn server_name
                bookshelf['vip'] = server_name
                nginx['url'] = "https://#{server_name}"
                nginx['server_name'] = server_name
              params:
                $chef-server-fqdn: chef-server.example.com
        runcmd:
        - execute-this-command-to-install-chef-server.sh

  server-init:
    type: OS::Heat::MultipartMime
    properties:
      parts:
      - config: { get_resource: chef-server-config }

  chef-server:
    type: OS::Nova::Server
    properties:
      name: chef-server
      image: { get_param: image_name }
      flavor: { get_param: flavor }
      key_name: your-keypair-name
      networks:
      - network: { get_param: network_name }
      user_data_format: SOFTWARE_CONFIG
      user_data: { get_resource: server-init }