We use AWS-Opswork Chef-automate for automation stuff and i have been encountering a new package Automate-Liveness agent getting installed when ever i run a Bootstrap command to perform a job ,from couple of months . Previously we did not use automation for patching our servers but now from couple of months we do yum-updates monthly and performing this job and we are encountering the automate-liveless agent getting installed additionally after the patching recipe is executed from then we began to see some suspicious activities going on the servers on which the jobs were performed while ago example some of the agents like montioring tool agents are going down and some of the config, files getting changed as the are updated to new ones and uploaded recently to chef-server.
I read the doc’s and came to know that Automate-Liveness agent performs chef-client for every 30 minutes to communicate with chef-automate server so that the nodes does not go to missing state…
My major concern is that we have like 500+ servers both windows and Linux and few production Live servers that has cookbook in run list not specifically know on which node run_list we have exactly what but the cookbooks has recipes regarding yum update and also restart resource included in the recipe .
- Will Automate-Liveness agent runs the recipes that are in run_list and execute them every 30mins when chef-client runs? i believe chef is idempotent but coming to restart /reboot services what would be result?
- As we use AWS-opswork chef automate we don not have any GUI to see the run_list as how we could able to see in Chef-server enterprise edition (Manage)
- is there any Best practice available to remove the recipes or cookbook from run_list as i cannot check and execute kinfe node run_list command manually on 500+ servers and remove the run_list manually .
- what If i deleted the cookbooks from node dir ex :chef/cache/cookbooks/ when the chef-client runs will that again download the cookbook from chef-server and execute the recipes ?