Information Technology Reference
In-Depth Information
one in the chef-client cookbook, tell you what problem the cookbook is trying to solve,
plus how to use the cookbook.
On the right are two big buttons, View Source and Download Cookbook . The View Source
button will take you to the cookbook source code. (Usually it's some link on the GitHub
source hosting service.) From there you can inspect the cookbook more closely. Finally there
is the Download Cookbook button, which lets you download a tarball containing the cook-
book source.
The chef-client cookbook is a popular cookbook because it makes two things easy:
1. Configuring chef-client to run as a service or a cron job
2. Deleting the validation.pem file
Because one of the design goals for Chef Server is scalability, the server tries to offload as
much processing as it can onto the nodes. So by default, the node is responsible for schedul-
ing and initiating a chef-client run and performing all the related processing, not Chef
Server. Chef Server itself is really just a dumb artifact repository for cookbooks and other as-
sociated metadata about your infrastructure.
When you bootstrap a node with knife in order to install chef-client , as we did in Boot-
strap the Node with Knife , the bootstrap process does not configure chef-client to down-
load any cookbook updates or perform Chef runs at regular intervals. You'll definitely want
to configure all your nodes to do this on a regular basis, say, every 15 to 30 minutes. The
chef-client cookbook makes it easy to configure chef-client to run as a service or a
cron job.
Also, it's important to delete the validation.pem file after the first Chef run. With Enterprise
Chef, this file is called <organization-validator>.pem by default. With Open Source Chef
Server, the file is called validation.pem by default. To explain why deleting the valida-
tion.pem file is important, we need to provide a quick explanation of how requests by nodes
are verified by Chef Server.
Chef Server requires that every request chef-client makes to the server be authenticated
using a client public/private key pair. Every node has its own special public/private key pair.
You have already seen this because users have their own special public/private key pair as
well—you needed to download the <username.pem> file to configure knife to make re-
quests against Chef Server. The <username>.pem file you downloaded contains the private
portion of the key pair. The public portion of this key is stored on Chef Server, and the key is
used to authenticate you as a valid Chef Server user.
Search WWH ::




Custom Search