[SOLVED] Obtaining the Chef::Client instance in a running recipe

Chef Infra
#1

Hi,
I have the following Question and got redirected here from Github, so I hope you can help me.

Is it possible to obtain the Chef::Client instance in a running recipe?
I am using the following versions of Chef under CentOS 7
chef-server-core-12.12.0-1.el7.x86_64
chef-12.21.4-1.el7.x86_64

What I want to achieve is a chef-server switch during the chef-client run.
Scenario is that I am installing a VM with chef-zero. During the chef-run a chef server is installed and the cookbooks/nodes/data bags/etc. are uploaded to the fresh server. Then I want the running client to report its results to the server.
What I did is creating the required files (org-val cert, client.rb, etc.) and then trigger a Chef::Config.from_file('/etc/chef/client.rb') and the running client would contact the chef-server to report at the end of the current run.
While reporting it receives Net::HTTPServerException: 401 "Unauthorized" because there is no client on the server, just the node.
So I tried to do a node.save in the hope it would create a client and then downloading the acl with knife, fixing it and uploading it again. Unfortunately node.save does not seem to try and create a client if it doesn’t exist.

What I would like to do now is invoke Chef::Client.register() instead of node.save but it seems that there is no way for a recipe to get the instance of the running chef-client.

Best regards

#2

In short, there isn’t any good way to do this aside from two independent chef runs with different configs/invocations. Node.save won’t ever create a client because it presumes that if you’ve made it that far in a run the keys were validated at the beginning. This feels overly complex and brittle for very little value.

What are you trying to achieve here by switching the chef-server? is it just the reporting of that first run?

#3

Thanks for your answer. It’s basically gold plating.
We decided to move to chef-zero. Before we had a 2nd chef-server and exported all clients/nodes/etc. and imported them in the new one (this is all part of a deployment for bare-metal boxes that host vms in the end). In this scenario it was possible to do the switch in one run (because the client was imported), which was quite nice and I wanted to preserve that…
The switch itself is necessary, achieving it in one run is gold plating.
I was asking out of curiosity if it would be doable.

1 Like
#4

Thanks for elaborating on the use case. I’ve built similar-ish configurations of chef-server built with chef and other nodes already tied in but getting the reporting of that first run was either a punt or solved by breaking up the runs. It might still be possible and my inclination (as in the past cases) would be reaching for https://github.com/chef/cheffish and diving into code to see if I can cheat it.

Good luck!

#5

Thanks for the link, maybe I will be able to get something working.
For now I will settle with two chef runs for the switch.

Thanks for your help!