Chef (server): What is the difference between client and user

Question

Chef (server): What is the difference between client and user

I installed the open-source chef-server (11.x). I am new to the chef. I see what is userwith passwords and pubs / private keys (usually knife users (@workstations)). There is also client(chef-validator, nodes ...) with pubs / private keys.

When I do knife configuration --initial, it uses adminthe username and private key to enter a new workstation user, for example johnnym. Thus, the admin user with the key is powerful enough to create the user, node, client, ... etc.

But when I am knife bootstrap ${FQDN}required clientwith administrator privileges (chef-validator) to be able to authn / authz for the chef server and register a new node / client.

My question is: why do we separate the client and the user if they can perform the same tasks?

+4

chef knife

csikos.balint Mar 07 '14 at 9:40

source share

2 answers

. client user - . , , .
db , users admin, clients admin = validator.
users webUI ( webui client) chefAPI.
clients chefAPI.

opscode_chef=# select username,admin from osc_users;
 username | admin 
----------+-------
 admin    | t
 johnnym  | t
 leki     | t
 nemadmin | f
(4 rows)
                     name                  | admin | validator |                id                
---------------------------------------+-------+-----------+----------------------------------
 chef-validator                        | f     | t         | 0000000000006ab38d5bb2564bd91f5b
 chef-webui                            | t     | f         | 000000000000bd469d802db9a3fc3c88
 statictestXXxd.xxxxx.xxxxxxxx.private | f     | f         | 000000000000f106e5461e64a15d0662
 test-validator                        | f     | f         | 000000000000ea638b18e484e034b859
 cica                                  | f     | f         | 00000000000077dd4efbcd39a1fb10d3
(5 rows)

opscode_chef=# select name,environment,last_updated_by from nodes;
                 name                  | environment |         last_updated_by          
---------------------------------------+-------------+----------------------------------
 statictestXXxd.xxxxx.xxxxxxxx.private | _default    | 000000000000f106e5461e64a15d0662
 cica_node                             | _default    | 00000000000077dd4efbcd39a1fb10d3
(2 rows)

admin ( clients, users)
validator ( clients) node
( clients, users) client show node, node , , (. ) (00000000000077dd4efbcd39a1fb10d3)

, , ( node). , node.

.

+4

csikos.balint 18 . '14 15:15

cassianoleal · Accepted Answer · 2014-03-07T15:37:42+0000

In the context of the chef, the OSS, as in your case, useralso works like clientthat, with the added ability to use the web interface through a combination of username and password.

What you are missing is a validatorclient key.

validator- This is a special client that has only one purpose: to allow nodes to register as clients on the Chef server. It was used inside node during the first passage of the chef. After registering node, it is recommended to remove the key validatorfrom node.

knife bootstrap node SSH chef-client. , , , , validator, , knife ( knife.rb, , ).

Chef (server): What is the difference between client and user

More articles: