- From: Joshua Timberman <
>
- To:
- Subject: [chef] Re: Skip a recipe on a specific node
- Date: Thu, 15 Mar 2012 18:15:55 -0600
Hello!
On Thu, Mar 15, 2012 at 3:43 PM, Jesse Campbell
<
>
wrote:
>
>
I have a standard base role that includes such things as ldap
>
authentication, sudoers, ntp, timezone, etc.
>
It also configures the timing of the chef client runs and removes the
>
validation key.
>
>
I manage the chef server machine the same as any other node in the
>
environment, but if the validation key gets removed from the server
>
node, all sorts of badness happens.
>
>
What is the best way to exclude running the remove validation key
>
recipe on just the chef server node?
>
I can think of a few ways to handle it:
>
1. Different role for the chef server that doesn't include that recipe
>
2. remove validation key in its own role
>
3. modify the validation key removal recipe to check for the existence
>
of /etc/chef/server.rb and does nothing if it sees that file
The Opscode chef-client cookbook has a "delete_validation" recipe that
will not delete the validation key if the node also has the
"chef-server" recipe.
The "chef-server" recipe by default does database compaction, which
you probably want so the Chef CouchDB database doesn't grow out of
control.
--
Opscode, Inc
Joshua Timberman, Technical Program Manager
IRC, Skype, Twitter, Github: jtimberman
Archive powered by MHonArc 2.6.16.