厨师客户和验证人 [英] Chef clients and validators

问题描述

我试图了解Chef客户和验证程序的概念，以及它们与引导过程的关系。

I'm trying to understand the concept of Chef clients and validators, and their relationship to the bootstrapping process.

根据本文，厨师客户将使用 /etc/chef/validation.pem 私钥来可以对自己进行初始身份验证，因为 /etc/chef/client.pem 尚不存在。最初的运行将以某种方式生成 client.pem ，然后将其用于所有后续的客户请求。

According to this article, the chef-client will use the /etc/chef/validation.pem private key to authenticate itself for the initial run, because /etc/chef/client.pem doesn't exist yet. This initial run will, somehow, produce that client.pem, which is then used for all subsequent client requests.

我的问题：

1. 什么过程放置了 /etc/chef/validation.pem 首先将文件放在chef-client节点上？引导程序？有人可以提供一个可以执行此操作的裁刀命令的示例吗？


2. 相同的问题，但对于 /etc/chef/client.pem 文件。


3. 决定厨师客户及其厨师验证者名称的因素是什么？

1. What process places the /etc/chef/validation.pem file on the chef-client node in the first place? The bootstrap? Can someone provide an example of a knife command that would do this?
2. Same question, but for the /etc/chef/client.pem file.
3. What dictates the names of the chef-client and its chef-validator?

推荐答案

回答更新的问题

1）Validation.Pem（和client.rb）将在引导过程之后创建。您需要运行以下所示的命令（刀配置客户端）才能创建这些文件。在〜/ .chef目录中创建这些文件后，您需要将它们移至/ etc / chef

1) Validation.Pem (and client.rb) would be created after the bootstrap process. you need to run the command(knife configure client) shown below in order to create those file. once those files are created in the ~/.chef directory you need to move them to /etc/chef

 knife configure client ~/.chef  
 sudo su
 mkdir -p /etc/chef
cp ~/.chef/client.rb /etc/chef
cp ~/.chef/validation.pem /etc/chef

，输出为

创建客户端配置
编写client.rb
编写validate.pem

2）Client.pem将在第一个厨师客户运行期间创建。 Chef Documenation的摘录

2) Client.pem will be created during the first chef-client run. Excerpts from the Chef Documenation

在第一次运行主客户端时，此（client.pem）私钥不存在。相反，主客户端将尝试使用分配给厨师验证器的私钥，该私钥位于/etc/chef/validation.pem。（如果出于某种原因，厨师验证器无法向厨师服务器发出经过身份验证的请求，则初始厨师客户机运行将失败。）

"During the first chef-client run, this(client.pem) private key does not exist. Instead, the chef-client will attempt to use the private key assigned to the chef-validator, located in /etc/chef/validation.pem. (If, for any reason, the chef-validator is unable to make an authenticated request to the Chef server, the initial chef-client run will fail.)"

例如，我通常以以下方式进行操作。设置好客户端（第一次）后，我使用如下的Chef-client命令在该节点上运行厨师配方，那么它将自动创建client.pem

For instance, I generally do it in the following manner. once the client is set up(for the first time) and I run the chef recipe on that node using chef-client command as below then it would automatically create client.pem

chef-client -o Cookbook_name::Recipe_Name

3）在执行此操作之前，请确保您的主机名是唯一/正确的。在Centos上，更改/ etc / sysconfig / network文件并使用/etc/init.d/network restart重新绑定所有内容。

3) MAKE SURE YOUR HOSTNAME IS UNIQUE/CORRECT BEFORE DOING THIS. On Centos, change the /etc/sysconfig/network file and use /etc/init.d/network restart to rebind everything.

我对第一个问题的回答是解决方案这里。运行命令后（通常在引导程序后运行此命令）

My answer to first question is the solution here. After running the command(generally this command is run after bootstrap)

knife configure client ~/.chef 

客户端节点的主机名将在Chef服务器中自动创建。

the hostname of the client node would be automatically created in the chef-server.

第一个和第二个问题的答案（在编辑问题之前）

Answers to your first and second questions(before editing the question)

1）您在链接 http://mychefserver.example.com/clients 是向该特定节点注册的节点（物理机）的发送厨师服务器。 Chef-Client是一个代理，它将在注册到Chef服务器的每个节点的每个节点上运行。 Chef-client用于在相应节点上运行配方。以下是使用厨师客户端在节点上运行厨师食谱的方法。

1) Everything you see in the following link http://mychefserver.example.com/clients are the sent of nodes(physical machines) that are registered with that particular Chef-Server. Chef-Client is an agent that would be running on each of every node that is registered with the chef-server. Chef-client is used to run the recipes on the corresponding nodes. Below is the way to run the chef recipe on a node using chef client.

chef-client -o Cookbook_name::Recipe_Name

将所有客户端放在一起是连接到厨师服务器的节点集厨师客户端是代理在所有节点中运行，并用于在厨师服务器中注册该节点，以使该节点进入所需状态。 Chef-client还有许多其他用途。有关详细信息，请访问[Chef-Client] [1]文档页面。

Putting all together clients are the set of nodes which are connected to chef-server chef-client is an agent running in all the nodes and is used to register the node with the chef-server in order to bring the node to the desired state. There are many other uses of chef-client. For details visit [Chef-Client][1] the documentation page.

2）引导程序是将Chef-Client安装到目标系统上的过程。可以作为Chef客户端运行并与Chef服务器通信。

2) A bootstrap is a process that installs the chef-client on a target system so that it can run as a chef-client and communicate with a Chef server.

以另一种方式进行引导过程是在节点（硬件机器）上安装Chef-Client的方法。 ），并使该节点成为该厨师服务器的客户端之一。只有完成引导过程后，该特定节点才会在

To put in another way bootstrap process is the way to install chef-client on a node(hardware machine) and make that node as one of the client for that chef-server. only once the bootstrap process is completed that particular node will be visible in the clients list in your

http://mychefserver.example.com/clients

这篇关于厨师客户和验证人的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！