So one thing that I didn’t have a chance to ask about during the Summit was
regarding the validator keys. I understand what their role is during
automated client registration; that part makes perfect sense to me (and is
one reason we went with Chef over Puppet for AWS nodes). However, what I
don’t understand is their role in a workstation setup. I know that it’s
standard to require the validator config as part of the knife
configuration; is that solely for the purpose of supporting knife
bootstrap, or is it used for API calls to the Chef server as well?
This came up because I was looking at bootstrapper, and that was one of the
selling points of the project, that it allowed you to bootstrap nodes
without dealing with the anonymous validator key, which down the line will
lead to better auditing to see who bootstrapped a node, etc.
Also regarding bootstrapper, I had tried it earlier and even though I set
the node name using “–node-name=blah.tld”, the client and node that were
created were listed based on the date instead of the node name. It also
doesn’t seem to support bootstrap proxies, unless that support is solely
done through creating a definition file? Ideally this is the tool I would
use, but I wasn’t able to get it to function as intended and went back to
using knife bootstrap the other day.
–
~~ StormeRider ~~
“Every world needs its heroes […] They inspire us to be better than we
are. And they protect from the darkness that’s just around the corner.”
(from Smallville Season 6x1: “Zod”)
On why I hate the phrase “that’s so lame”… http://bit.ly/Ps3uSS