Skip to content

Bootstrapping Windows nodes behind a firewall with Knife

Using knife to bootstrap a node to be managed with Chef is a fundamental part of the Chef workflow, especially for dev and test purposes. When you bootstrap a node you are preparing the node to communicate with the Chef Server so it can download the cookbooks and recipes you have defined in its run-list, and eventually match the state you have defined in your Chef code.

As part of the bootstrapping process for Windows the chef-client package is retrieved from the chef.io website. You can see this in the process output.

If working in a locked down environment, perhaps behind a firewall, this can be problematic. If your node is unable to retrieve a package from the Internet the bootstrapping process will fail.

The work around is to use a (currently) undocumented argument in your bootstrap command.

--msi-url

This argument will accept a remote location as well as a local system path. This means you can use an internal package hosting service of some kind, or reference the package location on the node’s filesystem; perhaps baked into your images.

Voila, your locked down instance is bootstrapped.

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *