Hostnames hit by knife ssh


#1

hi. recently i noticed when i use knife ssh, the hostnames in the output
are the EC2 public dns hostnames, which i guess is
node[‘ec2’][‘public_hostname’]. it didn’t used to do that. knife ssh
used to spit out node[‘fqdn’].

tho i haven’t confirmed by sniffing traffic, i’m assuming knife ssh
is hitting my nodes using node[‘ec2’][‘public_hostname’] as opposed to
node[‘fqdn’]. my desired behavior is for knife ssh to hit node[‘fqdn’],
which is the private name on RFC-1918 space, because we are ceasing
allowing ssh from the internet in our EC2 security groups.

today, undesired:

[oberon chefdev]$ knife ssh “bender_role:app AND chef_environment:fry” 'uname -m’
ec2-17-2-59-33.compute-1.amazonaws.com x86_64
ec2-23-23-2-20.compute-1.amazonaws.com x86_64
ec2-23-21-77-23.compute-1.amazonaws.com x86_64
ec2-174-129-90-16.compute-1.amazonaws.com i686

in the past, desired:

$ knife ssh “bender_role:app AND chef_environment:fry” 'uname -m’
webapp04.bender.fry.com x86_64
webapp01.bender.fry.com x86_64
webapp08.bender.fry.com x86_64
admin08.bender.fry.com i686

anyone know how this changed? or how i can get the behavior of knife ssh
hitting node[‘fqdn’]?

today i’m using knife from chef 10.16.2. in the past, i don’t know
which version it would’ve been.

thanks in advance,
kallen


#2

On 12/5/12 12:31 AM, kallen@groknaut.net wrote:

anyone know how this changed? or how i can get the behavior of knife ssh
hitting node[‘fqdn’]?

The feature was added in 10.14.0 in subsequently improved/changed. The
commit is 3c52de54beb03a371b06a7b451591c650a79bb8a in the Chef repository.

Across the cloud providers, the thought was that
node[‘cloud’][‘public_hostname’] would be the more reliable name to
connect to.

You should be able to use fqdn by doing the following:

knife ssh "QUERY' -a fqdn

I hope this helps.

Sincerely,

Steven


Steven Danna
Systems Engineer, Opscode, Inc
GPG Key: http://stevendanna.github.com/downloads/code/public.key


#3

You can also set this in knife.rb if you prefer.

knife[:ssh_attribute] = “fqdn”

On Wed, Dec 5, 2012 at 4:30 AM, Steven Danna steve@opscode.com wrote:

On 12/5/12 12:31 AM, kallen@groknaut.net wrote:

anyone know how this changed? or how i can get the behavior of knife ssh
hitting node[‘fqdn’]?

The feature was added in 10.14.0 in subsequently improved/changed. The
commit is 3c52de54beb03a371b06a7b451591c650a79bb8a in the Chef repository.

Across the cloud providers, the thought was that
node[‘cloud’][‘public_hostname’] would be the more reliable name to
connect to.

You should be able to use fqdn by doing the following:

knife ssh "QUERY' -a fqdn

I hope this helps.

Sincerely,

Steven


Steven Danna
Systems Engineer, Opscode, Inc
GPG Key: http://stevendanna.github.com/downloads/code/public.key


#4

awesome. thanks for the tips everyone!

kallen

On Wed, 05 Dec 2012, JD Harrington wrote:

You can also set this in knife.rb if you prefer.

knife[:ssh_attribute] = “fqdn”

On Wed, Dec 5, 2012 at 4:30 AM, Steven Danna steve@opscode.com wrote:

On 12/5/12 12:31 AM, kallen@groknaut.net wrote:

anyone know how this changed? or how i can get the behavior of knife ssh
hitting node[‘fqdn’]?

The feature was added in 10.14.0 in subsequently improved/changed. The
commit is 3c52de54beb03a371b06a7b451591c650a79bb8a in the Chef repository.

Across the cloud providers, the thought was that
node[‘cloud’][‘public_hostname’] would be the more reliable name to
connect to.

You should be able to use fqdn by doing the following:

knife ssh "QUERY' -a fqdn

I hope this helps.

Sincerely,

Steven


Steven Danna
Systems Engineer, Opscode, Inc
GPG Key: http://stevendanna.github.com/downloads/code/public.key