General discussion about Chef

[chef] Re: Re: Re: Re: Re: Private Chef: registering a client for an existing node


Chronological Thread 
  • From: Andrea Campi < >
  • To: " " < >
  • Subject: [chef] Re: Re: Re: Re: Re: Private Chef: registering a client for an existing node
  • Date: Thu, 17 Jan 2013 18:42:47 +0100



On Thu, Jan 17, 2013 at 5:10 PM, Daniel DeLeo < " target="_blank"> > wrote:

On Thursday, January 17, 2013 at 5:23 AM, Gourav Shah wrote:


No, that's the whole point :) And it does work with a "regular" open source Chef server, doesn't it?


Could you double check that?  I have been using the open source version of chef and as long as I remember, you must delete the node before registering with the same name.  

Thanks
Gourav
In Hosted Chef and Private Chef, clients get permission to update a node by virtue of creating it; clients otherwise have default permissions. This happens because the RBAC system tracks clients, nodes, etc. by internal unique identifiers and not the external ones (i.e., name). In the open source server, there is a simple check for matching name.

That's what I suspected.
Is there are any sanctioned way of "fixing" permissions after the fact?

The reason I'm asking this is that, if I re-create the client and then go to edit its permissions (/clients/US14/_acl) it is displayed as having all rights on the node that has the same name. So one way or the other, it seems to be inconsistent.

Andrea

Archive powered by MHonArc 2.6.16.

§