"Just" register a Chef node?

Hi,

Assuming the machine already:

• Has the Chef client software installed
• Has client.pem removed
• Has client.rb with “node_name” being empty

Does Chef provide a way/tool to remotely cause that machine to be registered as a Chef node (initiated from a centralized machine)?

This would be for both Windows-based and Linux (CENTOS-/Redhat-) based machines.

I know that we can do “knife bootstrap”, but in our case, we don’t want to push the Chef client software to the node machines, but rather want to pre-provision the node machines with the Chef client software and just be able to cause the node machines to register as Chef nodes. Something like having a “knife bootstrap”, but where the bootstrap process would not include pushing the Chef client software to the node machine(s), would be perfect.

Thanks,
Jim

On Jul 12, 2015, at 9:09 AM, o haya ohaya@yahoo.com wrote:

Hi,

Assuming the machine already:

• Has the Chef client software installed
• Has client.pem removed
• Has client.rb with "node_name" being empty

Does Chef provide a way/tool to remotely cause that machine to be registered as a Chef node (initiated from a centralized machine)?

This would be for both Windows-based and Linux (CENTOS-/Redhat-) based machines.

I know that we can do "knife bootstrap", but in our case, we don't want to push the Chef client software to the node machines, but rather want to pre-provision the node machines with the Chef client software and just be able to cause the node machines to register as Chef nodes. Something like having a "knife bootstrap", but where the bootstrap process would not include pushing the Chef client software to the node machine(s), would be perfect.

Knife bootstrap is already idempotent, if chef-client is present on the machine it will not reinstall it. If you are working with something like an autoscaling, you can use the validator key bootstraps. Get the key for your org's validator client and put it in something like /etc/chef/validator.pem, and set the validator key path and client name in your client.rb when you bake your images. The first time chef-client runs it will use this to register with the server automatically.

--Noah

Hello Jim,

You could prevent knife from installing the client by using the ‘–bootstrap-install-command’ option, though keep in mind that it already checks if /usr/bin/chef-client ‎exists, and won’t re-install if that check succeeds.

Cheers,
Andrew

Sent from my BlackBerry 10 smartphone on the Rogers network.
Original Message
From: o haya
Sent: Sunday, July 12, 2015 12:09 PM
To: chef@lists.opscode.com
Reply To: chef@lists.opscode.com
Cc: ohaya@yahoo.com
Subject: [chef] “Just” register a Chef node ?

Hi,

Assuming the machine already:

• Has the Chef client software installed
• Has client.pem removed
• Has client.rb with “node_name” being empty

Does Chef provide a way/tool to remotely cause that machine to be registered as a Chef node (initiated from a centralized machine)?

This would be for both Windows-based and Linux (CENTOS-/Redhat-) based machines.

I know that we can do “knife bootstrap”, but in our case, we don’t want to push the Chef client software to the node machines, but rather want to pre-provision the node machines with the Chef client software and just be able to cause the node machines to register as Chef nodes. Something like having a “knife bootstrap”, but where the bootstrap process would not include pushing the Chef client software to the node machine(s), would be perfect.

Thanks,
Jim

Hi Andrew (and Noah, from the earlier response),

Thanks! I didn’t realize that it already checks for the presence of chef-client (should’ve tested it myself, and will now).

Jim

On Sun, 7/12/15, Andrew Brown anbrown@blackberry.com wrote:

Subject: [chef] Re: “Just” register a Chef node ?
To: “o haya” chef@lists.opscode.com, "chef@lists.opscode.com" chef@lists.opscode.com
Cc: "ohaya@yahoo.com" ohaya@yahoo.com
Date: Sunday, July 12, 2015, 12:24 PM

Hello Jim,

You could prevent knife from
installing the client by using the
’–bootstrap-install-command’ option, though keep in
mind that it already checks if /usr/bin/chef-client
‎exists, and won’t re-install if that check
succeeds.

Cheers,
Andrew

Sent
from my BlackBerry 10 smartphone on the Rogers network.
Original Message
From: o haya
Sent: Sunday, July 12, 2015 12:09 PM
To: chef@lists.opscode.com
Reply To: chef@lists.opscode.com
Cc: ohaya@yahoo.com
Subject: [chef] “Just” register a
Chef node ?

Hi,

Assuming
the machine already:

• Has
  the Chef client software installed
• Has
  client.pem removed
• Has client.rb with
  "node_name" being empty

Does Chef provide a way/tool to remotely cause
that machine to be registered as a Chef node (initiated from
a centralized machine)?

This would be for both Windows-based and Linux
(CENTOS-/Redhat-) based machines.

I know that we can do “knife
bootstrap”, but in our case, we don’t want to push
the Chef client software to the node machines, but rather
want to pre-provision the node machines with the Chef client
software and just be able to cause the node machines to
register as Chef nodes. Something like having a
"knife bootstrap", but where the bootstrap process
would not include pushing the Chef client software to the
node machine(s), would be perfect.

Thanks,
Jim

Hi Jim,

If you are talking about installing and registering a node during preseed (or kickstart if you use RHEL), this is what we do to install and register chef-clients:

/bin/mkdir /etc/chef

/usr/bin/curl -L https://www.chef.io/chef/install.sh | bash

cat < /etc/chef/client.rb
log_level :info
log_location "/var/log/chef/client.log"
ssl_verify_mode :verify_none
validation_client_name "example-company-validator"
validation_key "/etc/chef/validation.pem"
client_key "/etc/chef/client.pem"
chef_server_url "https://chef.example.com/organizations/example-company"
environment "$ENVIRONMENT"
node_name "$NODENAME"
json_attribs "/etc/chef/firstboot.json"
file_cache_path "/var/cache/chef"
file_backup_path "/var/backups/chef"
pid_file "/var/run/chef/client.pid"
Chef::Log::Formatter.show_time = true
EOF

cat <<'EOF' > /etc/chef/validation.pem
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEArGnRgfBG5s74qw7eNCo15hZgq/SRm6cPBrsA7pTVkfpSII2g
mKYArDdcxZR0d85AiCHre+0rTn/tBkTijdHFWTLtBpONF2UmsYOpFk27tFZEpz7K
0Lm+h1u8doiKr0iyA7v9JO7pLGmcSEUV3ORE8OXuefs3/EaAwHlE2kLDZuBK/75k
9G34mLUbWLsJd9qfgaPi7gioJcRM/+UmIUIsoq+sFcIgEe2TmF0MtTbpGl3zT7Lg
7Lxc9ZdqN31Cwk7T/VeF3oGeE2pRp7dnVuTnMBnStZZbUXYZKxnciZp+jjaFtBCM
0SSM/B0CgYEA0zn4gVtrGet5vjAWpG7KK0mScULr8uvaogtxFHTcei18gzGKkBtc
hscDgh6kJwOAmArKglsi2woTkO9ToXxBO6CFDTgCRpNQGzppDIASZbSuTM+6/PL5
9lQ7383T8p3CyLOt08G1gYPYSWC28GnSL3WovvFCkip3LCSUAe4XqwcCgYEA0PWv
4KzTk6WSexPZ4pEwLTAQGK41ED11AGilqyv9sxbLX5Of/tPCtZl4poUrdoFpYdOl
cojPgNTpmXPaO83diBEZqzB9L/Sa1+5VWdewySkKvztxWR6F81kVnrfQvoKmbFwv
i4/94cgzyaTkGLvJpgP5VooWsXpReJtLwpVTsvEHap8pY1vu/yZqCBeeOPj25sCg
LmT87WLZZvD2/J1FVxs8xLIVTMfMpkGikfbzPQIDAQABAoIBAHuAfVvHovI4dfYK
e28AgYVkqDDkytyliWT31Y4RPP8JQYUiDlTqLHcwXRsG4XrkWmNpcMZfuHLNvhqM
g4C1L9laWmEolpuYkGP9/MQGQJvIY/stRpjHRMyvEMwTuMwglauJIKcxIAP5TsKS
Ajwto5iwC+iC5LKoShgVhhWWV2Q7v2Afd3CkwOWhTQWB43VjE13ineUl5V5/3T31
6UO3uzyDubgqKgO1rNJRHO2+gWz41NDi9E9DTz8a23UhDdn4sgPMAd7WDWJs2G0l
SjIS+yA8LRvKAdqoTzRVDXqoI8d1tf8GoXTC6psCgYEAzfNMFfSo7NDoF0SUDyfm
/2Xw33Y80NKejjlRvHxlLMuFB/YaAIBtKwyIoyp1K4UCsTx0T73EsoWUplBz3pRk
llrg4A6oSWABT0sYehO13GzbNhGlZFUU29Utu/3Ylkq0TTTEXCAXdXy0OneOZ8MG
KTgznFloa1P0dpoDpg4cDakCgYB6QCMjqTknWmj2hMimmxa6eTIRnmoBFFONZ6v1
FwmYay+UvUOPzMhPgnhpw+OHs3K5/x7+gTgVQXthgbwd3PVMk+SWmQnEsrCcwB1D
MMOHDPHyq45G+2qW0nmpoBUKQFmpb81i9STRsyxBn85xg0GRBSb1edtBA4LEdW2l
rDAVHQKBgGqnr1a/fDOb9ign+qHmEdif0AFL8fimSkNl2EuRdwoijOEzMIAkvHJ5
1Z5TJ9ftoHBGVgmDFBbDbVV0HAIw6TISHZPesWRdQH56pG843x1SoGxA/fLPLemm
7nMnpB1gSTI4XNSGFPvAqStygba4D/fgpmwkhH/Bd2VDM/benicT
-----END RSA PRIVATE KEY-----
EOF

echo '{"run_list": ["role[bootstrap]"]}' > /etc/chef/firstboot.json

/bin/mkdir /var/log/chef

/usr/bin/chef-client -E "$ENVIRONMENT" -j /etc/chef/firstboot.json -L /var/log/chef/bootstrap.log

The $ENVIRONMENT & $NODENAME variable's are set during our preseed late_command scripts that we run "in-target".

Hope this helps.

--
Tracy Phillips

On Sunday, July 12, 2015 12:09 EDT, o haya ohaya@yahoo.com wrote:

Hi,

Assuming the machine already:

• Has the Chef client software installed
• Has client.pem removed
• Has client.rb with "node_name" being empty

Does Chef provide a way/tool to remotely cause that machine to be registered as a Chef node (initiated from a centralized machine)?

This would be for both Windows-based and Linux (CENTOS-/Redhat-) based machines.

I know that we can do "knife bootstrap", but in our case, we don't want to push the Chef client software to the node machines, but rather want to pre-provision the node machines with the Chef client software and just be able to cause the node machines to register as Chef nodes. Something like having a "knife bootstrap", but where the bootstrap process would not include pushing the Chef client software to the node machine(s), would be perfect.

Thanks,
Jim

The node needs it's private keys generated, and the server needs to register the public keys for the node, for "chef-client" to ever work for that node. You can manually create an artificial node in chef-server. I've seen this used to auto populate DNS tables and monitoring for non-chef enabled hosts, but it's confusing.

Nico Kadel-Garcia
Email: nkadel@gmail.com
Sent from iPhone

On Jul 12, 2015, at 12:09, "o haya" ohaya@yahoo.com wrote:

Hi,

Assuming the machine already:

• Has the Chef client software installed
• Has client.pem removed
• Has client.rb with "node_name" being empty

Does Chef provide a way/tool to remotely cause that machine to be registered as a Chef node (initiated from a centralized machine)?

This would be for both Windows-based and Linux (CENTOS-/Redhat-) based machines.

I know that we can do "knife bootstrap", but in our case, we don't want to push the Chef client software to the node machines, but rather want to pre-provision the node machines with the Chef client software and just be able to cause the node machines to register as Chef nodes. Something like having a "knife bootstrap", but where the bootstrap process would not include pushing the Chef client software to the node machine(s), would be perfect.

Thanks,
Jim

You can also use a custom bootstrap template. The template is the what controls how Chef is installed and registered. You could strip out the install part and just use the file transfer and registration process parts of the install template from the bootstrap.

Steve

Steven Murawski
Community Software Development Engineer @ Chef
Microsoft MVP - PowerShell
http://stevenmurawski.com [http://stevenmurawski.com/]
On 7/15/2015 9:18:25 AM, Nico Kadel-Garcia nkadel@skyhookwireless.com wrote:
The node needs it's private keys generated, and the server needs to register the public keys for the node, for "chef-client" to ever work for that node. You can manually create an artificial node in chef-server. I've seen this used to auto populate DNS tables and monitoring for non-chef enabled hosts, but it's confusing.

Nico Kadel-Garcia
Email: nkadel@gmail.com
Sent from iPhone

On Jul 12, 2015, at 12:09, "o haya" wrote:

Hi,

Assuming the machine already:

• Has the Chef client software installed
• Has client.pem removed
• Has client.rb with "node_name" being empty

Does Chef provide a way/tool to remotely cause that machine to be registered as a Chef node (initiated from a centralized machine)?

This would be for both Windows-based and Linux (CENTOS-/Redhat-) based machines.

I know that we can do "knife bootstrap", but in our case, we don't want to push the Chef client software to the node machines, but rather want to pre-provision the node machines with the Chef client software and just be able to cause the node machines to register as Chef nodes. Something like having a "knife bootstrap", but where the bootstrap process would not include pushing the Chef client software to the node machine(s), would be perfect.

Thanks,
Jim

Hello Jim,

you can just run the Chef client with an empty runlist:

chef-client --override-runlist '' --node-name <NODE_NAME>

Hope this helps,
Dennis Benzinger | hybris

-----Original Message-----
From: o haya [mailto:ohaya@yahoo.com]
Sent: Sonntag, 12. Juli 2015 18:09
To: chef@lists.opscode.com
Cc: ohaya@yahoo.com
Subject: [chef] "Just" register a Chef node ?

Hi,

Assuming the machine already:

• Has the Chef client software installed
• Has client.pem removed
• Has client.rb with "node_name" being empty

Does Chef provide a way/tool to remotely cause that machine to be
registered as a Chef node (initiated from a centralized machine)?

This would be for both Windows-based and Linux (CENTOS-/Redhat-) based
machines.

I know that we can do "knife bootstrap", but in our case, we don't want to
push the Chef client software to the node machines, but rather want to pre-
provision the node machines with the Chef client software and just be able
to cause the node machines to register as Chef nodes. Something like having
a "knife bootstrap", but where the bootstrap process would not include
pushing the Chef client software to the node machine(s), would be perfect.

Thanks,
Jim

Dennis Benzinger
IT Architecture Senior Specialist
hybris Cloud Services
dennis.benzinger@sap.com

hybris GmbH
Nymphenburger Straße 86
80636 München, Germany
Fax +49 89 890 65 555

hybris GmbH, Nymphenburger Str. 86, 80636 München, Deutschland.
Geschäftsführer: Ariel F. Lüdi, Carsten Thoma, Michael Zips.
Amtsgericht München, HRB 124384.

Hi Noah,

I wanted to try what you were suggesting. This was with CENTOS node (node6.whatever.com), which was NOT already registered in the Chef server.

On the node, I have /etc/chef/client.rb:

log_location STDOUT
chef_server_url "https://chefserver.whatever.com/organizations/chefadmins"
validation_client_name "chefadmins-validator"
node_name "node6.whatever.com"
trusted_certs_dir "/etc/chef/trusted_certs"

and validation.pem is in the same dir (/etc/chef).

I ran the command from my Chef workstation:

knife ssh 'name:node6.whatever.com' 'sudo chef-client -o recipe[mycookbook::xx_server]' -x root -P xxxxxxx

I got this error:

FATAL: No nodes returned from search!

Maybe I misunderstood what you said, or am missing something?

Thanks,
Jim

On Sun, 7/12/15, Noah Kantrowitz noah@coderanger.net wrote:

Subject: Re: [chef] "Just" register a Chef node ?
To: chef@lists.opscode.com
Cc: ohaya@yahoo.com
Date: Sunday, July 12, 2015, 12:17 PM

On
Jul 12, 2015, at 9:09 AM, o haya ohaya@yahoo.com
wrote:

Hi,

Assuming the machine
already:

• Has
  the Chef client software installed

Has client.pem removed

• Has client.rb
  with "node_name" being empty

Does Chef provide a way/tool to
remotely cause that machine to be registered as a Chef node
(initiated from a centralized machine)?

This would be for both Windows-based
and Linux (CENTOS-/Redhat-) based machines.

I know that we can
do "knife bootstrap", but in our case, we
don't want to push the Chef client software to the node
machines, but rather want to pre-provision the node machines
with the Chef client software and just be able to cause the
node machines to register as Chef nodes. Something like
having a "knife bootstrap", but where the
bootstrap process would not include pushing the Chef client
software to the node machine(s), would be perfect.

Knife bootstrap is already
idempotent, if chef-client is present on the machine it will
not reinstall it. If you are working with something like an
autoscaling, you can use the validator key bootstraps. Get
the key for your org's validator client and put it in
something like /etc/chef/validator.pem, and set the
validator key path and client name in your client.rb when
you bake your images. The first time chef-client runs it
will use this to register with the server automatically.

--Noah

This! Definitely this!

There are a number of cookbooks that do not work well, in combination, in a bootstrap. This is particularly the case when "yum" configs need editing before installing prerequisites for chef managed tools, like Percona mysql, or when a host does not have a FQDN in DNS or in /etc/hosts until after it is first chef deployed.

Nico Kadel-Garcia
Email: nkadel@gmail.com
Sent from iPhone

On Jul 15, 2015, at 11:35, "Benzinger, Dennis" dennis.benzinger@sap.com wrote:

Hello Jim,

you can just run the Chef client with an empty runlist:

chef-client --override-runlist '' --node-name <NODE_NAME>

Hope this helps,
Dennis Benzinger | hybris

-----Original Message-----
From: o haya [mailto:ohaya@yahoo.com]
Sent: Sonntag, 12. Juli 2015 18:09
To: chef@lists.opscode.com
Cc: ohaya@yahoo.com
Subject: [chef] "Just" register a Chef node ?

Hi,

Assuming the machine already:

• Has the Chef client software installed
• Has client.pem removed
• Has client.rb with "node_name" being empty

Does Chef provide a way/tool to remotely cause that machine to be
registered as a Chef node (initiated from a centralized machine)?

This would be for both Windows-based and Linux (CENTOS-/Redhat-) based
machines.

I know that we can do "knife bootstrap", but in our case, we don't want to
push the Chef client software to the node machines, but rather want to pre-
provision the node machines with the Chef client software and just be able
to cause the node machines to register as Chef nodes. Something like having
a "knife bootstrap", but where the bootstrap process would not include
pushing the Chef client software to the node machine(s), would be perfect.

Thanks,
Jim

Dennis Benzinger
IT Architecture Senior Specialist
hybris Cloud Services
dennis.benzinger@sap.com

hybris GmbH
Nymphenburger Straße 86
80636 München, Germany
Fax +49 89 890 65 555
www.hybris.com
hybris GmbH, Nymphenburger Str. 86, 80636 München, Deutschland.
Geschäftsführer: Ariel F. Lüdi, Carsten Thoma, Michael Zips.
Amtsgericht München, HRB 124384.

Hi
I have a base cookbook and a app cookbook which depends on base.
The base cookbook has a template - base_temp.conf.erb which gets used inside the app cookbook
app_cookbook/recipe/default.rb has include_recipe 'base’
Is there a way to append to the base template within app cookbook without modifying the template in the base cookbook as it is applicable only to this one app.
So can I have a app_temp.conf.erb which gets appended to the base_temp.conf in the recipe or maybe get the resource collection and append line by line to the base_temp.conf
I can get the template resource in the app recipe like so

run_context.resource_collection.lookup(
“template[#{base_template}]”)
But I dont know if any of the above is correct.
Any pointers would be appreciated?
Regards
mg

You’d want to wrap your base cookbook in the app cookbook. Since you’ve
already setup the dependency, your next step is to override the template
source being referenced by the template resource. Julian Dunn wrote up a
nice blog, entitled “Doing Wrapper Cookbooks Right” and addresses exactly
how to specify a different template as the source from a wrapper cookbook.

Cheers,

Dang Nguyen

From: M G [mailto:meher03@hotmail.com]
Sent: Thursday, July 16, 2015 8:41 AM
To: chef@lists.opscode.com
Subject: [chef] Append to a template within recipe

Hi

I have a base cookbook and a app cookbook which depends on base.

The base cookbook has a template - base_temp.conf.erb which gets used inside
the app cookbook

app_cookbook/recipe/default.rb has include_recipe ‘base’

Is there a way to append to the base template within app cookbook without
modifying the template in the base cookbook as it is applicable only to this
one app.

So can I have a app_temp.conf.erb which gets appended to the base_temp.conf
in the recipe or maybe get the resource collection and append line by line
to the base_temp.conf

I can get the template resource in the app recipe like so

run_context.resource_collection.lookup(

“template[#{base_template}]”)

But I dont know if any of the above is correct.

Any pointers would be appreciated?

Regards

mg