Information Technology Reference
In-Depth Information
one in the
chef-client
cookbook, tell you what problem the cookbook is trying to solve,
plus how to use the cookbook.
On the right are two big buttons,
View Source
and
Download Cookbook
. The View Source
button will take you to the cookbook source code. (Usually it's some link on the GitHub
source hosting service.) From there you can inspect the cookbook more closely. Finally there
is the Download Cookbook button, which lets you download a tarball containing the cook-
book source.
The
chef-client
cookbook is a popular cookbook because it makes two things easy:
1. Configuring
chef-client
to run as a service or a cron job
2. Deleting the
validation.pem
file
Because one of the design goals for Chef Server is scalability, the server tries to offload as
much processing as it can onto the nodes. So by default, the node is responsible for schedul-
ing and initiating a
chef-client
run and performing all the related processing, not Chef
Server. Chef Server itself is really just a dumb artifact repository for cookbooks and other as-
sociated metadata about your infrastructure.
load any cookbook updates or perform Chef runs at regular intervals. You'll definitely want
to configure all your nodes to do this on a regular basis, say, every 15 to 30 minutes. The
chef-client
cookbook makes it easy to configure
chef-client
to run as a service or a
cron job.
Also, it's important to delete the
validation.pem
file after the first Chef run. With Enterprise
Chef, this file is called
<organization-validator>.pem
by default. With Open Source Chef
Server, the file is called
validation.pem
by default. To explain why deleting the
valida-
tion.pem
file is important, we need to provide a quick explanation of how requests by nodes
are verified by Chef Server.
Chef Server requires that every request
chef-client
makes to the server be authenticated
using a client public/private key pair. Every node has its own special public/private key pair.
You have already seen this because users have their own special public/private key pair as
well—you needed to download the
<username.pem>
file to configure
knife
to make re-
quests against Chef Server. The
<username>.pem
file you downloaded contains the private
portion of the key pair. The public portion of this key is stored on Chef Server, and the key is
used to authenticate you as a valid Chef Server user.