├── ruby-omnibus-build.sh ├── legacy ├── ruby-chef-gems.sh ├── ruby-chef-build.sh └── raspbian-wheezy-gems.erb ├── ruby-omnibus-prebuilt.sh ├── raspbian_bootstrap.erb └── README.md /ruby-omnibus-build.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # https://git.io/fpiRe 4 | 5 | #Optional - set version of ruby or chef 6 | # RUBY_VER=2.5.3 7 | # CHEF_VER=14.7.17 8 | 9 | curl -L https://git.io/fpiRv | sudo bash 10 | 11 | # curl -L https://git.io/fpiRv | sudo RUBY_VER= CHEF_VER= bash 12 | -------------------------------------------------------------------------------- /legacy/ruby-chef-gems.sh: -------------------------------------------------------------------------------- 1 | # steps if you want to install chef 2 | # via the system ruby and gems 3 | 4 | # current chef requires ruby-2.5 or later so 5 | # this no longer works on raspbian until they get 6 | # a newer ruby. use the omnibus builder 7 | 8 | # Update the Apt index 9 | apt-get update 10 | 11 | # Set a hold on any upgrades to Apt 12 | apt-mark hold apt 13 | 14 | # Install new packages 15 | DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y ruby ruby-dev curl autoconf bison build-essential libssl-dev libyaml-dev libreadline6-dev zlib1g-dev libncurses5-dev libffi-dev libgdbm3 libgdbm-dev 16 | 17 | apt-mark unhold apt 18 | 19 | gem install moneta --no-rdoc --no-ri --verbose 20 | gem install net-ssh-gateway --no-rdoc --no-ri --verbose 21 | gem install net-ssh --no-rdoc --no-ri --verbose 22 | gem install ohai --no-rdoc --no-ri --verbose 23 | gem install chef --no-rdoc --no-ri --verbose 24 | -------------------------------------------------------------------------------- /ruby-omnibus-prebuilt.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if [ -z "${CHEF_URL}" ]; then 4 | CHEF_URL="http://n1nj4net-public.s3-website-us-west-2.amazonaws.com/chef_14.8.10+20181204005213-1_armhf.deb" 5 | # not used yet 6 | CHEF_SHA=6a8a9fd8a5ba9ee00f1ab8eb6170fe6de8fb5d97bcd807e8366b9919140f8d2f 7 | fi 8 | CHEF_DEB=$(basename "$CHEF_URL") 9 | 10 | dpkg -s chef > /dev/null 2>&1 11 | if [ $? -eq 0 ]; then 12 | echo "chef package already installed" 13 | exit 1 14 | fi 15 | 16 | DEPS="curl wget git ntpdate" 17 | 18 | dpkg -l $DEPS > /dev/null 2>&1 19 | if [ $? -ne 0 ]; then 20 | echo "INFO: getting system fleshed out for download utils and ntpdate" 21 | apt-get update 22 | apt-get install -y $DEPS 23 | else 24 | echo "INFO: system setup for download tools and ntpdate" 25 | fi 26 | 27 | echo "INFO: syncing time to pool.ntp.org" 28 | ntpdate -u pool.ntp.org 29 | 30 | cd /tmp 31 | 32 | echo "INFO: downloading pre-built chef" 33 | echo "INFO: $CHEF_URL" 34 | test -f $CHEF_DEB || curl -O "${CHEF_URL}" 35 | if [ $? -eq 0 ]; then 36 | echo "downloaded chef: $CHEF_DEB" 37 | else 38 | echo "ERROR: download of prebuilt deb failed" 39 | echo "ERROR: failed to download: $CHEF_URL" 40 | exit 1 41 | fi 42 | 43 | test -f $CHEF_DEB && dpkg -i $CHEF_DEB 44 | if [ $? -ne 0 ]; then 45 | echo "ERROR: failed install of chef: dpkg -i $CHEF_DEB" 46 | exit 1 47 | else 48 | echo "INFO: install of chef successful" 49 | fi 50 | -------------------------------------------------------------------------------- /legacy/ruby-chef-build.sh: -------------------------------------------------------------------------------- 1 | RUBY_VER=2.5.3 2 | 3 | if [ ! -f /usr/bin/chef-client ]; then 4 | apt-get update 5 | apt-get purge ruby1.9 ruby ruby2.3-y 6 | apt-get install -y curl wget git autoconf bison build-essential libssl-dev libyaml-dev libreadline6-dev zlib1g-dev libncurses5-dev libffi-dev libgdbm3 libgdbm-dev ntpdate 7 | 8 | ntpdate -u pool.ntp.org 9 | 10 | if [ ! -d /opt/chef ] ; then 11 | pushd . 12 | cd / 13 | if [ ! -d /usr/local/src/ruby-build ]; then 14 | echo "installing ruby-build" 15 | git clone https://github.com/rbenv/ruby-build.git /usr/local/src/ruby-build 16 | cd /usr/local/src/ruby-build 17 | ./install.sh 18 | else 19 | cd /usr/local/src/ruby-build 20 | git pull 21 | ./install.sh 22 | fi 23 | mkdir -p /opt/chef 24 | if [ ! -f /opt/chef/bin/ruby ]; then 25 | echo "installing ruby $RUBY_VER into /opt/chef using ruby-build" 26 | /usr/local/bin/ruby-build $RUBY_VER /opt/chef 27 | fi 28 | popd 29 | fi 30 | fi 31 | 32 | PATH=/opt/chef/bin:$PATH 33 | export PATH 34 | 35 | ruby --version | grep $RUBY_VER 36 | if [ $? != 0 ]; then 37 | echo "ERROR: /opt/chef/bin/ruby is not expected version: $RUBY_VER -- got: `ruby --version`" 38 | exit 39 | fi 40 | 41 | gem install moneta --no-rdoc --no-ri --verbose 42 | gem install net-ssh-gateway --no-rdoc --no-ri --verbose 43 | gem install net-ssh --no-rdoc --no-ri --verbose 44 | gem install ohai --no-rdoc --no-ri --verbose 45 | gem install chef --no-rdoc --no-ri --verbose 46 | -------------------------------------------------------------------------------- /raspbian_bootstrap.erb: -------------------------------------------------------------------------------- 1 | sh -c ' 2 | <%= "export https_proxy=\"#{knife_config[:bootstrap_proxy]}\"" if knife_config[:bootstrap_proxy] -%> 3 | 4 | <% case ENV['OPT'] %> 5 | <% when "build" %> 6 | <%= File.read('ruby-omnibus-build.sh') %> 7 | <% else %> 8 | <%= File.read('ruby-omnibus-prebuilt.sh') %> 9 | <% end %> 10 | 11 | PATH=/opt/chef/bin:$PATH 12 | export PATH 13 | 14 | # Add Chef configurations 15 | mkdir -p /etc/chef 16 | 17 | if [ ! -f /usr/local/bin/chef-client ]; then 18 | ln -s /opt/chef/bin/chef-client /usr/local/bin/ 19 | fi 20 | 21 | <% if client_pem -%> 22 | cat > /etc/chef/client.pem < 24 | EOP 25 | chmod 0600 /etc/chef/client.pem 26 | <% end -%> 27 | 28 | <% if validation_key -%> 29 | cat > /etc/chef/validation.pem < 31 | EOP 32 | chmod 0600 /etc/chef/validation.pem 33 | <% end -%> 34 | 35 | <% if encrypted_data_bag_secret -%> 36 | cat > /etc/chef/encrypted_data_bag_secret < 38 | EOP 39 | chmod 0600 /etc/chef/encrypted_data_bag_secret 40 | <% end -%> 41 | 42 | <% unless trusted_certs.empty? -%> 43 | mkdir -p /etc/chef/trusted_certs 44 | <%= trusted_certs %> 45 | <% end -%> 46 | 47 | <%# Generate Ohai Hints -%> 48 | <% unless @chef_config[:knife][:hints].nil? || @chef_config[:knife][:hints].empty? -%> 49 | mkdir -p /etc/chef/ohai/hints 50 | 51 | <% @chef_config[:knife][:hints].each do |name, hash| -%> 52 | cat > /etc/chef/ohai/hints/<%= name %>.json < 54 | EOP 55 | <% end -%> 56 | <% end -%> 57 | 58 | cat > /etc/chef/client.rb < 60 | EOP 61 | 62 | cat > /etc/chef/first-boot.json < 64 | EOP 65 | 66 | <% unless client_d.empty? -%> 67 | mkdir -p /etc/chef/client.d 68 | <%= client_d %> 69 | <% end -%> 70 | 71 | echo "Starting the first Chef Client run..." 72 | 73 | <%= start_chef %>' 74 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ### raspbian_bootstrap ### 2 | 3 | # UPDATE 4 | 5 | This is no longer needed if you choose to use an up to date 64bit Raspberry Pi OS. 64 bit arm is available for Chef so you can do a standard bootstrap it should work without anything fancy. 6 | 7 | # ###### 8 | 9 | 10 | ### install `chef-client` on raspberry pi (raspbian). 11 | 12 | Chef doesn't offer a omnibus `chef-client` for raspberry pi **yet**. Any minute now. 13 | 14 | This `knife bootstrap` script helps get around that by either building a chef omnibus from scratch or using a pre-build deb package using my [chef_omnibus_build](https://gist.github.com/dayne/330c331ef2b5a69b318f5fb01c49b40a) tool. 15 | 16 | The `raspbian_bootstrap.erb` uses an `OPT` environent variable to provide provides different options to get ruby and chef. 17 | 18 | * **`OPT=prebuilt`** Installs prebuild .deb package 19 | * _Fast: Fast - uses my latest prebuilt chef_ 20 | * `CHEF_URL=http://your_url_to/your_package.deb` - specify your own prebuilt chef package. 21 | * **`OPT=build`** [chef_omnibus_builder](https://gist.github.com/dayne/330c331ef2b5a69b318f5fb01c49b40a) to build a ruby, omnibus-toolchain, and then a chef package. 22 | * _Slow: Takes many hours._ 23 | * Note: Creates an `omnibus` user with a locked password for the build process. 24 | 25 | ## Usage 26 | 27 | Clone the repo: 28 | 29 | ``` 30 | git clone https://github.com/dayne/raspbian_bootstrap 31 | cd raspbian_bootstrap 32 | ``` 33 | 34 | Bootstrap the pi: 35 | 36 | ``` 37 | knife bootstrap -t raspbian_bootstrap.erb \ 38 | --ssh-user pi --sudo PI_ADDRESS 39 | ``` 40 | 41 | Full build process by using `OPT`: 42 | 43 | ``` 44 | OPT=build knife bootstrap -t raspbian_bootstrap.erb \ 45 | --ssh-user pi --sudo PI_ADDRESS 46 | ``` 47 | 48 | ## Ramifications of using this script ## 49 | 50 | * Chef installed 51 | * pi's clock will be synchronized using [`ntpd`](http://doc.ntp.org/4.1.0/ntpd.htm) (network time protocol daemon). 52 | * `chef` package installed with chef tools in `/opt/chef` 53 | 54 | # Credits and Contributors 55 | 56 | * @tinoschroeter : [Tino Schröter](https://github.com/tinoschroeter/raspbian_bootstrap) as original author 57 | * @dayne : [dayne](http://dayne.broderson.org) updated and evolved to support Chef 12 58 | * @in-bto : [ino-bto](https://github.com/ino-bto) for [trusted certs forwarding to client node](https://github.com/dayne/raspbian_bootstrap/pull/1) 59 | * @Edubits: [Edubits](https://github.com/Edubits) updated to Jessie 60 | * @trinitronx: [trinitronx](https://github.com/trinitronx) Merged support for both Wheezy and Jessie 61 | * @marcusbooyah: [marcusbooyah](https://github.com/marcusbooyah) Tested and [fixed bugs in `OPT=stretch`](https://github.com/dayne/raspbian_bootstrap/pull/5) 62 | -------------------------------------------------------------------------------- /legacy/raspbian-wheezy-gems.erb: -------------------------------------------------------------------------------- 1 | bash -l -c ' 2 | <%= "export http_proxy=\"#{knife_config[:bootstrap_proxy]}\"" if knife_config[:bootstrap_proxy] -%> 3 | 4 | RUBY_VER=2.2.4 5 | BUILT_CHEF_TGZ=http://n1nj4net-public.s3-website-us-west-2.amazonaws.com/raspbian-opt_chef-201601.tgz 6 | 7 | if [ ! -f /usr/bin/chef-client ]; then 8 | apt-get update 9 | apt-get purge ruby1.9 -y 10 | apt-get install -y curl wget git autoconf bison build-essential libssl-dev libyaml-dev libreadline6-dev zlib1g-dev libncurses5-dev libffi-dev libgdbm3 libgdbm-dev ntpdate 11 | 12 | ntpdate -u pool.ntp.org 13 | 14 | if [ ! -d /opt/chef ] ; then 15 | pushd . 16 | cd / 17 | # Change to true to use a prebuilt (by @dayne) /opt/chef 18 | if false; then 19 | echo "downloading pre-built raspbian-opt_chef ruby for /opt/chef" 20 | curl $BUILT_CHEF_TGZ | tar xz 21 | else 22 | false 23 | fi 24 | if [ $? != 0 ]; then 25 | echo "curl of raspbian-opt_chef failed - using ruby build instead" 26 | if [ ! -d /usr/local/src/ruby-build ]; then 27 | echo "installing ruby-build" 28 | git clone https://github.com/rbenv/ruby-build.git /usr/local/src/ruby-build 29 | cd /usr/local/src/ruby-build 30 | ./install.sh 31 | fi 32 | mkdir -p /opt/chef 33 | if [ ! -f /opt/chef/bin/ruby ]; then 34 | echo "installing ruby $RUBY_VER into /opt/chef using ruby-build" 35 | /usr/local/bin/ruby-build $RUBY_VER /opt/chef 36 | fi 37 | fi 38 | popd 39 | fi 40 | 41 | 42 | fi 43 | 44 | PATH=/opt/chef/bin:$PATH 45 | export PATH 46 | 47 | gem install moneta --no-rdoc --no-ri --verbose 48 | gem install net-ssh-gateway --no-rdoc --no-ri --verbose 49 | gem install net-ssh --no-rdoc --no-ri --verbose 50 | gem install ohai --no-rdoc --no-ri --verbose 51 | gem install chef --no-rdoc --no-ri --verbose 52 | 53 | mkdir -p /etc/chef 54 | 55 | if [ ! -f /usr/local/bin/chef-client ]; then 56 | ln -s /opt/chef/bin/chef-client /usr/local/bin/ 57 | fi 58 | 59 | <% if validation_key %> 60 | ( 61 | cat <<'EOP' 62 | <%= validation_key %> 63 | EOP 64 | ) > /tmp/validation.pem 65 | awk NF /tmp/validation.pem > /etc/chef/validation.pem 66 | rm /tmp/validation.pem 67 | chmod 0600 /etc/chef/validation.pem 68 | <% end -%> 69 | 70 | <% if client_pem %> 71 | 72 | cat > /etc/chef/client.pem <<'EOP' 73 | <%= ::File.read(::File.expand_path(client_pem)) %> 74 | EOP 75 | chmod 0600 /etc/chef/client.pem 76 | <% end %> 77 | 78 | <% if @chef_config[:encrypted_data_bag_secret] -%> 79 | ( 80 | cat <<'EOP' 81 | <%= encrypted_data_bag_secret %> 82 | EOP 83 | ) > /tmp/encrypted_data_bag_secret 84 | awk NF /tmp/encrypted_data_bag_secret > /etc/chef/encrypted_data_bag_secret 85 | rm /tmp/encrypted_data_bag_secret 86 | chmod 0600 /etc/chef/encrypted_data_bag_secret 87 | <% end -%> 88 | 89 | <%# Generate Ohai Hints -%> 90 | <% unless @chef_config[:knife][:hints].nil? || @chef_config[:knife][:hints].empty? -%> 91 | mkdir -p /etc/chef/ohai/hints 92 | 93 | <% @chef_config[:knife][:hints].each do |name, hash| -%> 94 | ( 95 | cat <<'EOP' 96 | <%= hash.to_json %> 97 | EOP 98 | ) > /etc/chef/ohai/hints/<%= name %>.json 99 | <% end -%> 100 | <% end -%> 101 | 102 | ( 103 | cat <<'EOP' 104 | <%= config_content %> 105 | EOP 106 | ) > /etc/chef/client.rb 107 | 108 | <% if @chef_config[:trusted_certs_dir] -%> 109 | mkdir -p /etc/chef/trusted_certs 110 | <%= trusted_certs_content %> 111 | <% end -%> 112 | 113 | ( 114 | cat <<'EOP' 115 | <%= first_boot.to_json %> 116 | EOP 117 | ) > /etc/chef/first-boot.json 118 | 119 | <%= start_chef %>' 120 | --------------------------------------------------------------------------------