Validation.pem on each and every client?


#1

Hey,

I made the ticket http://tickets.opscode.com/browse/COOK-258 regarding
validation.pem, and the regular bootstrap.

I was looking at


and felt the ‘hack’ that I had put into http://likens.us/client.rb
should be included,

specifically

if File.exists?("/etc/chef/validation.pem")
validation_key "/etc/chef/validation.pem"
end

Because my concern is basically that I don’t want to have the ship the
validation.pem to each server; I like the ability to ship either
client.pem or validation.pem and let the client do the work… however
without that in client.rb chef-client will spew that it can’t find the
key… even on a registered node that fully works!

So … any comments? votes? am I wrong?

Thanks,

Scott M. Likens


#2

On 2/22/10 2:30 PM, Scott M. Likens wrote:

Hey,

I made the ticket http://tickets.opscode.com/browse/COOK-258 regarding
validation.pem, and the regular bootstrap.

I was looking at
http://github.com/jtimberman/cookbooks/blob/08alpha_bootstrap/bootstrap/templates/default/client.rb.erb
and felt the ‘hack’ that I had put into http://likens.us/client.rb
should be included,

specifically

if File.exists?("/etc/chef/validation.pem")
validation_key "/etc/chef/validation.pem"
end

Because my concern is basically that I don’t want to have the ship the
validation.pem to each server; I like the ability to ship either
client.pem or validation.pem and let the client do the work… however
without that in client.rb chef-client will spew that it can’t find the
key… even on a registered node that fully works!

So … any comments? votes? am I wrong?

Thanks,

Scott M. Likens

!DSPAM:4b83057621843136519882!

FYI,

jtimberman does have a recipe that’s not commit-ed I believe for the
deletion of this file after client.pem exists…