 | May have old / inaccurate information Parts of this document that reference OpenID should be considered out of date if you run chef 0.8.2 or later |
Nodes in Chef are the thing that recipes are applied to. In practice, that most often means a single system (a computer, a switch, a router, etc.) But there is not an explicit mapping of a node to a single system: a single system could execute the recipes for multiple nodes.
Components of a Node
A node is made up of two prime components: a list of Recipes to run (in the order you want them run) and Attributes. Recipes are the fundamental building block of Chef - they define the resources you want managed, in the order you want them managed. Attributes are data about your node - things like the network interfaces, file systems, or how many clients your Apache server can accept.
Lifecycle of a Node
When you start Chef Client or Chef Solo, the first thing we do is create a Node object. We then load up Ohai, which detects information about the operating system ("Ohai speaks for the operating system"). This also gives us access to this hosts fully qualified domain name and hostname, which we use to grab the last known state of the Node from the Chef Server (assuming we are using Chef Client). Once there, we update all the Ohai attributes to their latest value, and add any extra attributes specified via JSON on the command line. Finally, we will run all of the Attribute files in all of the cookbooks in your Chef repository.
From here, the Node is available within Recipes, Definitions, and Resources.
Nodes have OpenIDs
Chef utilizes [OpenID] as it's internal authentication system. Each node registers for it's own OpenID with the Chef Server. Each Nodes OpenID Registration must be Validated before it will be accepted. You will know that a Node needs to be Validated when a chef-client run returns a 401 Authorization Required error.
You can Validate a registration in two ways:
Registration via the Web UI
- Log in to your Chef Server with your OpenID.
- Click the Registrations link.
- Click the Validate Registration button on the node in question.
- On the client run chef-client. If validation was successful you should get no output.
Installation walk through next step
After you have validated a node we recommend building yourself a new Chef Repository.
Shared Registration Tokens
If you want your nodes to automatically be validated, you can do so by creating a shared token. On the Chef Server, you will set the following option:
validation_token "fdasdflkdfjlhsdfoyweroiu124367"
Note: Tokens with non alphanumeric characters i.e. "ATxxwF0X2/Wnc3KTmFRlsVdsbT3dWstdmoHB7Y5oGF/AxiwsYL+zyMDbuqm3qe3I" do not seem to work on EC2 Ubuntu AMIs running bash as the shell. If you stick with alphanumeric characters however, you're golden!
And on each Chef Client, you can either provide that token via the -t option on the command line, or set the same variable in client.rb.
Managing Nodes
You can manage the recipes list and the attributes of your node in several ways:
Managing Nodes via the Web UI
First, you can log in to your Chef Server directly, and manage the Nodes data. The steps are as follows:
- Log in to your Chef Server with your OpenID.
- Click Nodes
- Click the Edit link for the Node you want to manage in the list of nodes. For this example we will use cc (chef-client).
- Click and drag a recipe from the "Available Recipes" Section into the "Run List" section. Make sure you place the "recipe rectangle" into the white section at the top of the "Run List" area. You arrange multiple recipes in order of execution.
- Scroll Down and click Save.
On your next Chef run, the new recipe will be applied.
Managing Nodes through JSON at the command line
Both Chef Client and Chef Solo allow you to write JSON to a file and read it in through the command line. The file should contain a hash, the elements of which will be added as attributes on your Node.
We have two special entries that can be used to set which cookbooks/recipes will be applied during run-time.
- run_list - specify roles and/or recipes to add to the node.
- recipes - add only recipes to the node.
 | For all you AWS users This is an awesome way to use per-instance metadata. You can just stick some JSON in, and have it written to a file on disk, which you read with the [chef-client] or [chef-solo] to configure your nodes. Easy peasy! |
Managing Nodes via a Cookbooks Attribute or Recipe file
You can also ensure that an attribute or is set via an Attribute or Recipe file.
Nodes FAQ
How do I run more than one node on a system?
You can use the -N option to chef-client or chef-solo to set the node name manually.
Comments (2)
Aug 11, 2009
Michael Marano says:
It's probably worth noting that the chef client has the following default in /et...It's probably worth noting that the chef client has the following default in /etc/chef/client.rb:
If for some crazy reason, you have any firewall or iptables rules setup between your chef server and clients, you're probably going to want to open port 444 for your clients to successfully connect for validating registration. I've got some restrictive default iptables rules on my servers, and this caught me.
Mar 03
Robert J. Berger says:
You can get the authoritative name of a node (the name that can be used as a han...You can get the authoritative name of a node (the name that can be used as a handle for editing or deleting the node) with
It may or may not be the same as
or sometimes