Chef Mailing Lists - Archives
Please visit https://discourse.chef.io to subscribe
Please visit https://discourse.chef.io to subscribe
Subscribers: 1946
Owners
Bryan McLellan
Joshua Timberman
Nathen Harvey
Seth Chisamore
Serdar Sutay
SubscribeOwners
Bryan McLellan
Joshua Timberman
Nathen Harvey
Seth Chisamore
Serdar Sutay
Unsubscribe
Info
Archive
RSS
Shared documents
- From: Stuart Preston < >
- To: " " < >
- Subject: [chef] Removing permission to persist an overridden run-list for a node.
- Date: Thu, 1 Oct 2015 12:19:12 +0000
- Accept-language: en-GB, en-US
- Authentication-results: spf=none (sender IP is ) ;
- Spamdiagnosticmetadata: NSPM
- Spamdiagnosticoutput: 1:23
|
Ohai Chefs, I’d like to prevent my clients from persisting an overridden run-list for a node to the Chef Server (e.g. this could be achieved with the default permissions for a client within a recipe using node.save or by running chef-client -r recipe[cookbook::mynaughtycookbook]) If I remove the node from the UPDATE and DELETE ACE on the node object , then Ohai data cannot be persisted to the server and the chef client run fails. Does anyone know any reasonable way around this problem? In other words, is there any way to have a read-only run-list on the server?
Thanks, Stuart Stuart Preston Technical Director
+447828735633
|
- [chef] Removing permission to persist an overridden run-list for a node., Stuart Preston, 10/01/2015
- [chef] Re: Removing permission to persist an overridden run-list for a node., Lamont Granquist, 10/01/2015
Archive powered by MHonArc 2.6.16.