Authentication
Communication with the Chef server can be initiated by different mechanisms such as chef-client, Knife, and using API in code. Let's see how authentication works under different circumstances.
chef-client
Every time a chef-client needs to communicate with the Chef server to fetch some data required for bootstrapping a machine, the chef-client needs to authenticate itself with the Chef server. It does so by using a private key located at /etc/chef/client.pem
. However, as we saw in the bootstrap process, when a chef-client is executed for the very first time, there is no private key on the concerned machine. Hence, a chef-client makes use of the private key assigned to the chef-validator (/etc/chef/validation.pem
). Once the initial ...
Get Mastering Chef now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.