General discussion about Chef

[chef] Re: API Interaction from node


Chronological Thread 
  • From: Anthony Goddard < >
  • To:
  • Subject: [chef] Re: API Interaction from node
  • Date: Tue, 8 Jan 2013 17:36:12 -0500
Thanks AJ,

OSS chef - I got 403's back when adding a new data bag item though. I think the admin node will be a good workaround, and I'll write some middleware in front of it.


Cheers,
Ant



On Jan 8, 2013, at 4:53 PM, AJ Christensen < "> > wrote:

Yo Ant,

You won't be able to update data bag items already created with a node like that, at least with the default permissions? I do believe you will be able to create *new* data-bag items inside of a data-bag.

Hosted chef or OSS?

On OSS, you can make the node an admin. Hosted/Private, you can use RBAC to allow create items in that d-bag. knife-acls may help with automating this.

Cheers,

AJ


On 9 January 2013 10:49, Anthony Goddard < " target="_blank"> > wrote:
Hi all,
I'm writing a little script to populate a databag each time it's run - the purpose is to store mysql bin log data in a databag when a slave is backed up. I was originally thinking of using the API from the node and just using the local client.pem for authentication, but while I can read databags this way, I get a 403 when writing to them, so I'm looking for a breakdown of what objects the client is able to modify.
I could also just change where I'm storing the data, or if that doesn't work, some middleware with another key will work, but I'd be interested in hearing about any other approaches if I'm Doing It Wrong™.

fwiw, the script that's interacting with chef is run from cron.


Cheers,
Ant




Archive powered by MHonArc 2.6.16.

§