21

This is the way recommended in the Chef Fast Start tutorial:

knife ssh name:mynode -a ipaddress  -x ubuntu -i mycredentials.pem "sudo chef-client"

This is really clumsy. Is there really not a better way, or is the idea that in a real production environment, you'll have nodes auto-updating anyway?

Colin R
  • 103
  • 4
Steve Bennett
  • 5,539
  • 12
  • 45
  • 57
  • 1
    In what way do you think this is "clumsy"? – womble Jul 23 '12 at 11:04
  • 10
    Well, put it this way. This wouldn't be clumsy: "knife update name:mynode". Having to spell out both how to connect to the client, and the name of the chef client command (plus the fact it needs to be run with sudo permissions) is clumsy. Knife does well at abstracting away lots of other mess - why not this? – Steve Bennett Jul 24 '12 at 08:05

6 Answers6

12

You could use knife ssh to run chef-client on all boxes that contain a certain role or recipe:

knife ssh "role:web" "sudo chef-client" -x ubuntu --sudo

Or if you're in EC2:

knife ssh "role:web" "sudo chef-client" -x ubuntu -a ec2.public_hostname
mgorven
  • 30,036
  • 7
  • 76
  • 121
user157553
  • 129
  • 1
  • 2
10

That'd pretty much how you get things started to begin with, but it only needs to be done once. The initial run of chef-client typically enables and starts the chef-client daemon as an init.d service.

If you really wanted to do it more elegantly, you could ditch knife-ssh and run ssh directly:

ssh ubuntu@ipadddress -i mycredentials.pem sudo chef-client

that will probably be faster, as knife-ssh does a search against the Chef server to fetch nodes matching the search term (in this case name:dynode), which you don't strictly need to do if you already know the IP address.

user2066657
  • 336
  • 2
  • 13
Tim Potter
  • 1,754
  • 15
  • 15
  • 2
    Ok, I guess that answers the question - no, there isn't a better way. Pity that "knife bootstrap" can't also actually run chef-client. – Steve Bennett Jul 24 '12 at 08:07
  • I usually run chef-client at the end of my bootstrap script to solve that particular problem. However if you dislike knife-ssh then you will probably think the knife-bootstrap internals are equally ungainly. There's an [example script](https://github.com/opscode/chef/blob/master/chef/lib/chef/knife/bootstrap/ubuntu10.04-apt.erb) on github. – Tim Potter Jul 24 '12 at 11:45
  • 1
    The `ec2 server create` knife plugin just runs bootstrap followed by SSH + chef-client. So if it makes you feel any better, the Chef authors haven't figured out anything particularly smarter. – kgilpin Sep 17 '12 at 23:58
  • If chef-client takes some time to run you get a timeout. :( ssh: connect to host xx.xx.xx.xx port 22: Connection timed out – gdanko May 14 '15 at 18:17
  • In the case where chef-client is run as a daemon after bootstrap, and regardless of the interval set, THE MOST ELEGANT WAY TO INVOKE IT IS: ssh ubuntu@ipadddress -i mycredentials.pem -f -n "sudo killall -USR1 chef-client". Fork ssh to do this concurrently to a list of nodes. – Andrew S Sep 28 '16 at 19:00
2

You could use ansible to deploy and run chef-client.

$ ansible -i hosts all -a 'chef-client'

ansible is easily installed with pip:

pip install ansible

Your inventory file (in the example, named "hosts") might look like this:

[all] host1.example.com ansible_user=root host2.example.com ansible_user=root host3.example.com ansibel_user=root

(notice "all" is the name of the grouping in the configuration file for our example - this is arbitrary and can be anything. Your inventory file can also include other groupings as well, eg [web_wervers], [database_servers], [chef_servers], etc.)

So,again, putting it all together:

> ansible -i hosts all -a 'chef-client'

or maybe:

> ansible -i hosts all -a 'systemctl status'

Greg Jones
  • 29
  • 1
0

I use Jenkins CI to manage the runs. Linux server is set up as a workstation and has Jenkins installed on it. So I can bootstrap the nodes with modified run_list. The bootstrapping process, anyway, runs chef-client at the end.

For the adhoc execution, the Jenkins job executes knife commands to modify the run_list for a node and to use the SSH plugin to execute chef-client on the desired node.

user2066657
  • 336
  • 2
  • 13
Anil Wavde
  • 1
0

It's a pity that to dispatch a command to chef client we have to use ssh underline.

It seems that although every chef client has set up a secure connection with chef server, but chef server does not provide a command multiplexer over that secure connection, why?

osexp2003
  • 355
  • 3
  • 5
0

There is a new command chef-run in Chef Workstation:

chef-run server_name resource_name

It will install chef-client if not present and run the resource or cookbook you specify.

Tutorial: https://learn.chef.io/modules/try-chef-infra#/

sekrett
  • 181
  • 1
  • 6