This has probably been asked a hundred times, and I probably just suck
I have a standard base role that includes such things as ldap
authentication, sudoers, ntp, timezone, etc.
It also configures the timing of the chef client runs and removes the
I manage the chef server machine the same as any other node in the
environment, but if the validation key gets removed from the server
node, all sorts of badness happens.
What is the best way to exclude running the remove validation key
recipe on just the chef server node?
I can think of a few ways to handle it:
- Different role for the chef server that doesn’t include that recipe
- remove validation key in its own role
- modify the validation key removal recipe to check for the existence
of /etc/chef/server.rb and does nothing if it sees that file
1 means needing to remember to copy any additions to base into the
chef server role
2 means remembering to include the remove validation key role every time
3 means modifying the cookbook as supplied
I like 3 the best because it doesn’t require anyone to remember
something… but are there better options I’m not thinking of?
Can you include something that says “skip recipe X” for a node (or role)?