- From: Brad Knowles <
- Cc: Brad Knowles <
- Subject: [chef] Re: Re: RE: Re: Re: Why does knife sometime decide to bomb out?
- Date: Thu, 19 Apr 2012 10:26:27 -0500
On Apr 19, 2012, at 10:20 AM, Peter Norton wrote:
> There is no difference at all when bootstrapping on a cloud provider e.g.
> AWS. You need to not have a host key in known_hosts to bootstrap the
> server since conflicts will kill the bootstrap. If there is a MITM at this
> point in the process, then it's their public key that's being stored
> whether or not you use host key checking.
Note that all providers will recycle old IP addresses. So, if you create and
destroy enough nodes, you can be guaranteed that sooner or later you will run
into a new node that has been assigned the IP address of a node you used to
have a while back. The more nodes you create & destroy, the more likely that
will happen sooner rather than later.
The best solution here is that when you destroy an old node, you purge all
references to it, everywhere. In addition to deleting the node, you also
delete the corresponding client that Chef created, you delete all references
to the ssh keys for that node, you use the provider-specific plugins to make
sure that the system is actually gone as opposed to simply making it
unmanaged by Chef, you need to delete all entries related to that node from
your DNS, etc....
IMO, there needs to be a better solution to this problem so that you can
purge all references to any given node(s) with a single command. But we're
not there yet.
SAGE Level IV, Chef Level 0.0.1
Archive powered by MHonArc 2.6.16.