Information Technology Reference
In-Depth Information
Figure 10-3. How Chef Server verifies a request from a node
When you run
chef-client
for the first time, there is a problem—you don't have a
cli-
ent.pem
file for your node yet, and a corresponding public key for the node does not exist on
the Chef server. To solve this bootstrapping issue, a node uses a company-wide, well-known
key when it generates the request to register the node as a client. That's what the
valida-
tion.pem
key is for. The
validation.pem
is an organization-wide private key used specifically
to sign the request to register a new node with Chef Server on the first
chef-client
run.