- From: Daniel DeLeo <
>
- To:
- Subject: [chef] Re: Registering client when old client exists.
- Date: Sun, 27 Jun 2010 19:21:03 -0700
Ohai!
On Sun, Jun 27, 2010 at 6:43 PM, John Hanks
<
>
wrote:
>
Hello,
>
>
Before upgrading to 0.8.16 when my nodes booted they registered
>
themselves regardless of whether or not a client with the same name
>
existed. With my fresh install of 0.8.16, this behavior has changed
>
and rebooted nodes fail to register because of the existing client. Is
>
there a way I can select/revert the old behavior? My nodes are
>
diskless and boot from a common base OS image so while it's trivial to
>
have a validation.pem on the image, it'd be complicated and kludgy to
>
work out how to keep track of the client.pem for every client/node
>
across reboots.
>
>
Thanks,
>
>
griznog
>
You're getting a 403 forbidden error when the client attempts to
re-register, yes? This happens because the validation client is no
longer an admin, but a much lesser privileged entity. You could
probably get the old behavior back by creating an admin client (via
`knife client create`) and using that instead of the stock validation
client. If you do that, though, your entire infrastructure is at risk
should the alt-validator's private key be compromised.
I'd recommend you investigate some means of giving your nodes unique
names. If you configure the node_name in client.rb before the node has
ever registered, you can set any name you want. For example, you could
name the node as the FQDN plus the boot time with something like this:
node_name(`hostname -f`.strip + IO.read('/proc/stat')[/^btime ([\d]+$)/,1])
HTH,
Dan DeLeo
Archive powered by MHonArc 2.6.16.