General discussion about Chef

[chef] Re: Re: Re: Re: chef node and client creation


Chronological Thread 
  • From: "steve ." < >
  • To: " " < >
  • Subject: [chef] Re: Re: Re: Re: chef node and client creation
  • Date: Tue, 30 Jul 2013 09:41:53 -0700
During the course of a node's first Chef run (most users only see this during a knife bootstrap), the host realizes it doesn't have its own client key and uses the Chef organization's validator key to create its client on the server.  It copies the private key half of the Chef client object into /etc/chef/client.pem (by default) and doesn't need the validator after this point for normal operation.  (In other words, you should delete it after bootstrap since it can create new client keys at will...)

After the new node signs in with its brand new client key, it asks for its node object in order to determine its run list.  If the node object doesn't exist and no command-line run list was specified, it runs with an empty run list.

If a node runs with an empty run list, it runs Ohai and uploads the resulting node object and run results to the server.

*That* is where most of the node data comes from - fqdn, ipaddress, virtualization, etc. ...

As for why/when you'd want to create nodes by hand ... it actually comes in super handy if you're migrating nodes between Chef servers/orgs.  You can copy the node object from one node to another, making whatever changes are necessary to the run list on the way, and then you just bootstrap it as a new client to the new Chef endpoint.  The host will register as a new client but find a node object already waiting for it.

(This worked for me as of early Chef 10.x , which was the last time I did an org pivot on a few dozen nodes ... )


On Tue, Jul 30, 2013 at 6:01 AM, Cassiano Leal < " target="_blank"> > wrote:

A node created in such manner will not have IP address or FQDN because it’s nothing more than on object on the Chef Server. It doesn’t relate to an actual node. Maybe someone else on this list will correct me, but this is my limited understanding.


I haven’t as of yet found an use for manual node creation. Usually I use knife bootstrap or knife ec2, as these will automatically create both the node and client on the chef server, as long as your knife is correctly configured to point to your validation key.


That’s how I work personally. Others may have approaches more similar to what you’re trying to accomplish.


Cheers,


On July 29, 2013 at 17:53:38, neubyr ( " target="_blank"> ) wrote:


Thank you for explaining it in detail. That was helpful. 

I was able to use knife bootstrap command, but I am finding node/client creation by hand extremely confusing.

For example, a node created with 'knife node create test1' command doesn't have an IP address or FQDN attributes. I am not sure how to add/edit them as well.

$ knife search node name:test1
1 items found

Node Name:   test1
Environment: _default
FQDN:        
IP:          
Run List:    
Roles:       
Recipes:     
Platform:     
Tags: 

May be it's not a recommended approach, but my plan was use node/client commands to add node/client to the server. 

-N


On Mon, Jul 29, 2013 at 2:52 PM, Cassiano Leal < " target="_blank"> > wrote:

It actually is working.


The fact that ‘knife node show test1’ returns something is proof of that.


The search didn’t work because that query ‘test1’ doesn’t return anything. The basic syntax for these queries is ‘<attribute>:<value>’, such as ‘chef_environment:_default’, or ‘name:test1’. [0]


As for the difference between client and node, that’s a very common doubt for who’s only just starting with Chef. Basically, a client is an entity that can talk to the Chef Server API — It could be a person with certs for querying the API like you’re doing when using knife, or it could be a node.


A node is the actual thing you’re configuring — usually a physical server, a VM or your workstation. It has a run list, a set of attributes, etc, and it belongs to an environment. [1]


The node needs a corresponding client in order to query the Chef Server so that it knows what to do.


The documentation over at http://docs.opscode.com is quite good, be sure to read through as much as you can.


[0] http://docs.opscode.com/knife_search.html

[1] http://docs.opscode.com/chef_overview_nodes.html


Cheers,


On July 29, 2013 at 16:43:32, neubyr ( " target="_blank"> ) wrote:


I am looking for documentation on chef client and node objects. I created a node as follows, but it doesn't show up in the search.


$ :~/chef-repo$ knife node create test1
Created node[test1]

$ :~/chef-repo$ knife node show test1
Node Name:   test1
Environment: _default
FQDN:        
IP:          
Run List:    
Roles:       
Recipes:     
Platform:     
Tags:        

$ :~/chef-repo$ knife search node 'test1'
0 items found

How can I get it working to run some recipes?  

Also, what's the relationship between a client and node? How can a client be associated with a node? 

- N



Archive powered by MHonArc 2.6.16.

§