[chef] Re: Re: Skip a recipe on a specific node

[AJ Christensen < >]

Hello all,

Sorry for the top post. Heavy Water currently has some code in flight
for 'partial run list application' by way of approved/restricted run
lists. These can be applied temporally on the command line or config
file variables.

There is some controversy around this feature ('what happened to my
state? oh there it is'), so I'm sure the first version will be rapidly
iterated.

I will post more when I know more.

--AJ

On 16 March 2012 13:15, Joshua Timberman 
<
 >
 wrote:
> Hello!
>
> On Thu, Mar 15, 2012 at 3:43 PM, Jesse Campbell 
> <
 >
>  wrote:
>>
>> I have a standard base role that includes such things as ldap
>> authentication, sudoers, ntp, timezone, etc.
>> It also configures the timing of the chef client runs and removes the
>> validation key.
>>
>> I manage the chef server machine the same as any other node in the
>> environment, but if the validation key gets removed from the server
>> node, all sorts of badness happens.
>>
>> What is the best way to exclude running the remove validation key
>> recipe on just the chef server node?
>> I can think of a few ways to handle it:
>> 1. Different role for the chef server that doesn't include that recipe
>> 2. remove validation key in its own role
>> 3. modify the validation key removal recipe to check for the existence
>> of /etc/chef/server.rb and does nothing if it sees that file
>
> The Opscode chef-client cookbook has a "delete_validation" recipe that
> will not delete the validation key if the node also has the
> "chef-server" recipe.
>
> The "chef-server" recipe by default does database compaction, which
> you probably want so the Chef CouchDB database doesn't grow out of
> control.
>
>
> --
> Opscode, Inc
> Joshua Timberman, Technical Program Manager
> IRC, Skype, Twitter, Github: jtimberman