Bootstrapping a Node With No Internet

When you bootstrap a node using knife bootstrap Chef assumes that you'll have access to the internet. It uses this to download the client package and some metadata, but you don't have to be connected to the internet to bootstrap a node.

This is especially handy in cases where you have a firewalled setup that won't let you get packages from the internet.

There's two ways to solve this. The first is to take advantage of the --bootstrap-install-command flag.

For distro's that use apt

$ knife bootstrap chefnode -N MyNewNode --bootstrap-install-command "curl http://your-internal-server/chef.deb -o /tmp/chef.deb && dpkg -i /tmp/chef.deb

For distro's that use yum

$ knife bootstrap chefnode -N MyNewNode --bootstrap-install-command "yum install -y http://your-internal-server/chef.rpm"

This method is a good choice for one-offs, or a very small number of machines, but if you have anymore than that then the better option is to make a bootstrap template.

Making your own bootstrap template

Bootstrap templates are simply erb files that Chef uses to determine how to bootstrap a node. You can override the default one with the knife flag --bootstrap-template

You can make your own template and place it in ~/chef-repo/.chef/bootstrap (you may have to make the bootstrap directory).

The easiest way to do make your own template, is to start with the default Chef template and modify it to contain the bootstrap commands you need, similar to the above.

Once you've created and saved your own template, you can now change your command to (assuming you made a debian.erb):

$ knife bootstrap chefnode -N MyNewNode --bootstrap-template debian

You may have noticed that these two methods are functionally the same, pass the command in and it gets interpolated into the template, make a template and put your command in, same result. The reason I recommend you use templates for more than a few nodes is because you can keep your bootstrap files in version control, though it takes a few more steps.

Version controlling your bootstrap files

Since knife will look in a few places for a .chef/bootstrap directory, we have to keep our bootstrap files there somehow. The problem is we shouldn't commit .chef directories to version control since the directory contains keys. Instead what you can do is make a ~/chef-repo/bootstrap folder that contains your files and instead of creating the directory as we did above, instead we'd symlink it.

From your ~/chef-repo:

$ ln -s ../bootstrap .chef/bootstrap

Now you can add your ~/chef-repo/bootstrap directory to your next commit without exposing keys or having to keep track of a bunch of bootstrap commands.

Liked what you saw? Get more automation insights delivered straight to your inbox.

indicates required