This topic is something i am investigating in the last couple of days. We are moving to AWS and i am exploring the AWS.I now have an AMI created with the chef-client installed as a service. Now i am trying to find how to update the chef's run-list and trigger a chef-client run when AWS creates the instance (scaling out) without manual interference. And also to set the node name parameter in the chef-server as the FQDN or the public IP of the node.- Okram--On Wed, Jun 3, 2015 at 10:00 AM, Pedro Vilaça < " target="_blank"> > wrote:That approach works, but remember that, unless you take particular precautions, any user on the system can then use the node's IAM role to get the validator.pem from S3 and then create his/her own client on the chef-server.You can solve that security issue if you create a base image with chef-client installed and the validator key inside (only accessible by root). That way you don't need to use an IAM role and only users with sudo access will be able to use the validator key. Or, you can also delete the validator key after the initial registration process.2015-06-03 16:27 GMT+01:00 Gabriel Rosendorf < " target="_blank"> >:I'd love to hear other approaches. I'm not crazy about the way were handling it, it was just our only idea :)On Wed, Jun 3, 2015 at 11:07 Peter Burkholder < " target="_blank"> > wrote:That approach works, but remember that, unless you take particular precautions, any user on the system can then use the node's IAM role to get the validator.pem from S3 and then create his/her own client on the chef-server.--PeterOn Wed, Jun 3, 2015 at 11:00 AM, Gabriel Rosendorf < " target="_blank"> > wrote:We use user data and IAM roles. User data pulls down the validator.pem from S3 (authenticated using IAM), writes the chef config and first-boot.json, then kicks off the first Chef run.HTH,GabrielOn Tue, Jun 2, 2015 at 5:08 PM Tiago Cruz < " target="_blank"> > wrote:Hello Gabriel, thanks for your reply!This is about the 'termination', and about the 'startupt' of a new instance? How are you dealing with the hostname issue?I'm using "name_of_some_city+auto_increment_number", such as:- sanfrancisco1..2..3- dublin1..2..3But I'm with problems to register this using Chef 12. If I run the 'knife node create' before, the client need to setup the ACL to grant permission to update itself.So, I would like to know how are you guys doing to register the instance in the autoscaling time. I think that is impossible to use knife bootstrap here, right?Thanks a lot!On Fri, May 29, 2015 at 10:17 AM, Gabriel Rosendorf < " target="_blank"> > wrote:We're pushing autoscaling notifications to an SQS queue, and we have a process that reads those messages from the queue, looks for terminations, and uses the Chef API to delete nodes/clients. I think most folks are doing something similar.Best,GabrielOn Fri, May 29, 2015 at 9:12 AM Tiago Cruz < " target="_blank"> > wrote:Hello guys,
Just to know, how are you guys are dealing with Chef and AutoScaling?
I'm using hostname such as 'mordor' and I was trying to scale such as 'mordor1', and after 'mordor2' and etc, using the knife node create to 'reserve' this hostname while the machine is created.It was working on Chef 11, but stopped now on Chef 12 :(- https://github.com/chef/chef-server/issues/263
So, I would like to know how you guys are working with this -- best praticies and tips :)
Thanks!
--
-- Tiago Cruz---- Tiago CruzRegards
nirish okram
Archive powered by MHonArc 2.6.16.