Continuing from our conversation on twitter,
The client provides authentication to the server and unique identifies
On Wed, Mar 21, 2012 at 10:08 AM, rahul sharma < "> > wrote:
> Q1. My question is why do we need to register our machine with machine-name
> as client to get the node registered??
the server. This is the same as creating a username and password for a
new user to a system, except that the user is a server and the
credentials are typically created automatically using the special
validator client whose job it is to do so.
The client object is for authentication. When a client is created a
> Q2. Also I am unable to get clearly the distinction between client and node
> in chef.
public key pair is created. The public portion is stored with the
client name on the server and the private portion of the key pair is
stored on the client. This uniquely grants access to the chef server
for the node and prevents the compromise of one system from being able
to affect the another as far as the chef server goes. See also,
http://wiki.opscode.com/display/chef/Nodes#Nodes-Authentication
The node object is for storing data about the node. The client object
and node object are tied together, but the node object is just for
data about the node itself.
The client and node objects serve different purposes and consequently
different API endpoints handle them. They have different resource
consumption patterns and this design allows you to scale these two
parts of the chef server separately.
It's the other way around. A client gives access to a node object. On
> Q3. Is it that one physical/virtual machine will correspond to one node and
> in that node we can have n number of clients(user accounts).
an Open Source Chef Server there is almost always a single client for
every node. Again, clients for authentication, nodes for data. The
exception is when you create an admin client for a user to access the
Chef Server and manage it, e.g. with knife..
Think of a self-storage unit. Every customer (client) needs access to
the building and has a key to get into the shared building (chef
server), but each customer (client) stores different stuff (node data)
in their private storage unit (node object).
http://wiki.opscode.com/display/chef/Architecture+Introduction
You mentioned on twitter that you only run chef-client once to
bootstrap a system and you wanted to use a single client and node
object as creating them each time was costly. This really isn't the
intended pattern for Chef; it is not just for initially setting up a
server, but also for managing them over time. The individual clients
exist to give the server access to the Chef Server to get unique
configuration settings. If you're building lots of servers that are
the same, you should configure their settings in a Role and then apply
that role to each node's run_list when you initially bootstrap it.
This way you avoid "one-offs" which is where someone goes in and
changes something on one of many servers, increasing the difficulty of
managing these servers because you don't know that server is
different. All changes should go through your configuration management
system, Chef, so they get applied to all servers.
That said, you can do what you're asking. Before you run chef-client
set node_name to 'kickseed1' in /etc/chef/client.rb and copy the
/etc/chef/client.pem that you've already created to the new system.
More information on configuration settings is available here:
http://wiki.opscode.com/display/chef/Chef+Configuration+Settings
Bryan
Archive powered by MHonArc 2.6.16.