Client registered to mulltiple chef servers


#1

Can a client be registered to multiple servers? ie; one that does o/s and the other does application.


#2

The server connection details are located by default in /etc/chef/client.rb

chef-client --help shows the list of flags. Try using -c (for config) and pointing it to a different client.rb

On Nov 30, 2011, at 10:54 AM, djo@dave-n-georgi.com wrote:

Can a client be registered to multiple servers? ie; one that does o/s and the other does application.


#3

On Nov 30, 2011 8:55 AM, djo@dave-n-georgi.com wrote:

Can a client be registered to multiple servers? ie; one that does o/s and
the other does application.

Why are you using two servers? Security or privilege reasons?

We may have better suggestions if we knew what you are trying to do.

Bryan


#4

O/s and application are handled by different groups
Sent via BlackBerry from T-Mobile

-----Original Message-----
From: Bryan McLellan btm@loftninjas.org
Date: Wed, 30 Nov 2011 12:29:46
To: chef@lists.opscode.com
Reply-To: chef@lists.opscode.com
Subject: [chef] Re: client registered to mulltiple chef servers

On Nov 30, 2011 8:55 AM, djo@dave-n-georgi.com wrote:

Can a client be registered to multiple servers? ie; one that does o/s and
the other does application.

Why are you using two servers? Security or privilege reasons?

We may have better suggestions if we knew what you are trying to do.

Bryan


#5

On Wed, Nov 30, 2011 at 12:35 PM, djo@dave-n-georgi.com wrote:

O/s and application are handled by different groups

That’s pretty interesting that the two groups would each run their own
server. I presume that both servers would be used to manage the node
over time, which provides an interesting possible conflict situation.
What happens if the OS group removes a package for security reasons
that the application group depends on and reinstalls? How do you
troubleshoot a problem like that?

In any case, as mentioned you certainly can. Create two configuration
files in /etc/chef, one called “os-client.rb” and one called
"app-client.rb" and specify a different client_key in each of them,
such as “/etc/app/os-client.pem” and “/etc/chef/app-client.pem”. When
you run chef-client, however you decide to (manually, cron,
daemonized) be sure so specify the “-c” flag and which configuration
file you would like to be used.

Bryan


#6

we have a similar situation here, where one team manages system/OS
configs and another team handles application/product configs. instead
of using two different servers, we create two different chef nodes on
each node. so we do have two separate config files, but both point at
the same server. the “system” node only has system related roles and
recipes in its runlist, and the “product” node has those, and product
related roles and recipes. We run two knife bootstraps per node, one to
create the system node and one to create the product node.

In our knife bootstrap templates we added a step to create a command
alias something like this for the product node:

alias chef-client-product=“chef-client -N $HOSTNAME-product -k
/etc/chef/$HOSTNAME-product.pem -c
/etc/chef/client.$HOSTNAME-product.rb”

so the systems team manages their stuff, and the application team
manages the product related attributes, but all are still searchable by
the node since they’re on the same server.

-----Original Message-----
From: Bryan McLellan [mailto:btm@loftninjas.org]
Sent: Wednesday, November 30, 2011 12:44 PM
To: djo@dave-n-georgi.com
Cc: chef@lists.opscode.com
Subject: [chef] Re: Re: Re: client registered to mulltiple chef servers

On Wed, Nov 30, 2011 at 12:35 PM, djo@dave-n-georgi.com wrote:

O/s and application are handled by different groups

That’s pretty interesting that the two groups would each run their own
server. I presume that both servers would be used to manage the node
over time, which provides an interesting possible conflict situation.
What happens if the OS group removes a package for security reasons
that the application group depends on and reinstalls? How do you
troubleshoot a problem like that?

In any case, as mentioned you certainly can. Create two configuration
files in /etc/chef, one called “os-client.rb” and one called
"app-client.rb" and specify a different client_key in each of them,
such as “/etc/app/os-client.pem” and “/etc/chef/app-client.pem”. When
you run chef-client, however you decide to (manually, cron,
daemonized) be sure so specify the “-c” flag and which configuration
file you would like to be used.

Bryan

CONFIDENTIALITY NOTICE and DISCLAIMER
This message and any attachment are confidential and may be
privileged or otherwise protected from disclosure and solely for
the use of the person(s) or entity to whom it is intended. If you
have received this message in error and are not the intended
recipient, please notify the sender immediately and delete this
message and any attachment from your system. If you are not the
intended recipient, be advised that any use of this message is
prohibited and may be unlawful, and you must not copy this
message or attachment or disclose the contents to any other person.