I have written a command line tool for using Chef with EC2. The tool defines
the clusters in JSON config file that defines some semantics about the
instances (which AMI to use, name, node config for Chef, etc), launches the
instances, bootstraps Chef via apt, and installs the cookbooks. The EC2 launch
data is stored in CouchDB, so that we can show some information about the
clusters that are created and terminate them.
I have been able to automate the entire process with the exception of one
issue. Once the clients connect to the master and are validated via token,
they need to be granted admin rights. Part of the bootstrap process installs a
node-config.json to the /etc/chef directory on each of the instances. I then
have to run “chef-config -j node-config.json” after the nodes have been granted
admin rights. My bootstrap scripts add the -j flag to the
/etc/init.d/chef-client script and then restart, but because the nodes have no
admin rights I have to go back and rerun the client to get the recipes to run.
Is there a way I can always have the nodes automatically granted admin rights
(without patching the server)? I realize I could just use the REST API to do
this as a last step, but I was seeing if there was another way. Having the
nodes automatically have the admin rights would also allow me to skip having
the tool go back to each instance server and fire the client again.
Very happy with where I got so far, looking forward to Chef 0.8.