Home / server / Questions / 410208
Accepted
Steve Bennett
Asked: 2012-07-23 22:57:54 +0800 CST

Is there a more elegant way to remotely run chef-client?

  • 772

This is the way recommended in the Chef Fast Start tutorial:

knife ssh name:mynode -a ipaddress  -x ubuntu -i mycredentials.pem "sudo chef-client"

This is really clumsy. Is there really not a better way, or is the idea that in a real production environment, you'll have nodes auto-updating anyway?

chef

6 Answers

  1. You could use knife ssh to run chef-client on all boxes that contain a certain role or recipe:

    knife ssh "role:web" "sudo chef-client" -x ubuntu --sudo

    Or if you're in EC2:

    knife ssh "role:web" "sudo chef-client" -x ubuntu -a ec2.public_hostname
    • 12
  2. Best Answer

    That'd pretty much how you get things started to begin with, but it only needs to be done once. The initial run of chef-client typically enables and starts the chef-client daemon as an init.d service.

    If you really wanted to do it more elegantly, you could ditch knife-ssh and run ssh directly:

    ssh ubuntu@ipadddress -i mycredentials.pem sudo chef-client

    that will probably be faster, as knife-ssh does a search against the Chef server to fetch nodes matching the search term (in this case name:dynode), which you don't strictly need to do if you already know the IP address.

    • 10

  3. You could use ansible to deploy and run chef-client.

    $ ansible -i hosts all -a 'chef-client'

    ansible is easily installed with pip:

    pip install ansible

    Your inventory file (in the example, named "hosts") might look like this:

    [all] host1.example.com ansible_user=root host2.example.com ansible_user=root host3.example.com ansibel_user=root

    (notice "all" is the name of the grouping in the configuration file for our example - this is arbitrary and can be anything. Your inventory file can also include other groupings as well, eg [web_wervers], [database_servers], [chef_servers], etc.)

    So,again, putting it all together:

    > ansible -i hosts all -a 'chef-client'

    or maybe:

    > ansible -i hosts all -a 'systemctl status'

    • 2

  4. I use Jenkins CI to manage the runs. Linux server is set up as a workstation and has Jenkins installed on it. So I can bootstrap the nodes with modified run_list. The bootstrapping process, anyway, runs chef-client at the end.

    For the adhoc execution, the Jenkins job executes knife commands to modify the run_list for a node and to use the SSH plugin to execute chef-client on the desired node.

    • 0

  5. It's a pity that to dispatch a command to chef client we have to use ssh underline.

    It seems that although every chef client has set up a secure connection with chef server, but chef server does not provide a command multiplexer over that secure connection, why?

    • 0

  6. There is a new command chef-run in Chef Workstation:

    chef-run server_name resource_name

    It will install chef-client if not present and run the resource or cookbook you specify.

    Tutorial: https://learn.chef.io/modules/try-chef-infra#/

    • 0