Now, my chef station is in linux, some chef clients are in windows and some are in linux.
Then i use the command: knife ssh ‘name:delta.*’ ‘sudo chef-client’, to let my linux node execute ‘chef-client’.
But for windows node, i had to execute the command like this: knife winrm ‘name:CNXANDRCNB001.delta.corp’ “chef-client” -x ‘DELTA\user’ -P ‘123456’.
As far as i know, if we use ssh protocol, we can save the pub key of work station to each node, then we can execute the first command without username and password successfully, so that i can deploy multiple clients.
But how can i do this in the second command as i use winrm protocol to access the windows node?
On Windows nodes you do have to use a username and password. Winrm actually does support certificate auth and the winrm ruby gem added support for that just a few months ago. However knife winrm does not yet support it.
Matt_Wrock,
Thank you for reply.
In this situation, i manage multiple nodes of windows, How can i deploy my cookbook to multiple nodes in one command ? Is it having other way to do this?
Assuming each node can authenticate the same credentials, you can use knife winrm as you would knife ssh by using a search.
Please don’t ask on both StackOverflow (https://stackoverflow.com/questions/39694132/how-chef-station-in-linux-access-chef-client-in-windows-without-write-username-a/39694335) and here simultaneously. It’s rude and disrespectful of the time people volunteer to provide user support.
coderanger,
Deeply sorry for that, i delete the question in statckoverflow.
Matt_Wrock,
Do you have any link about doing this? i don’t find any content about it in the user guide.
https://docs.chef.io/release/12-13/install_windows.html
https://docs.chef.io/plugin_knife_windows.html
The chef docs page is here and the github readme refer to it. Are you having issues using the command?
Matt_Wrock,
I’m new to chef, so maybe my explanation is not clear.
Here is the situation, after i execute this command :
knife bootstrap windows winrm CNXANDRCNB001.delta.corp -x ‘DELTA\user’ -P ‘123456’,
and the chef client is installed into my windows machine. After that i can use this command below to deploy my cookbook successfully,
knife winrm ‘name:CNXANDRCNB001.delta.corp’ “chef-client” -x ‘DELTA\user’ -P ‘123456’.
but as you know i don’t want to use the username and password in this command, and you have said knife winrm does not support it yet now.
so i’m a little confusion about the sentence as you replied later “Assuming each node can authenticate the same credentials, you can use knife winrm as you would knife ssh by using a search.”. How can i do like what you said?
My apologies for the confusion here. So let me try to clarify.
When using knife winrm, you do need to specify a username and password in the command every time. That is NOT like knife ssh. However it is the same as knife ssh in all other aspects. You can specify a query to search for nodes and then run a command on each node. The key difference is that with knife winrm you must provide a username and password and if there are multiple nodes you want to converge, then each of those nodes must have the same credentials.
Matt_Wrock,
Thank you, i understand.
If i use freeSSHd and WinSSHD service in the windows like the doc says, Can i avoid this situation ? because as you know we may have hundreds windows nodes to manage, i really do not want to specify username and password for each node when i deploy my cookbook.
yes. If you have a ssh server running on the windows nodes, you can avoid that and just run knife ssh everywhere.
ok, i will have a try.
And thanks very much.