Chef works best when run as root user but there are scenarios when you would want to run a chef-client as non root user. To do that, do the following steps:
Assumption:
It is assumed that you already have bootstrapped the node and/or installed the chef-client. Also, it assumes that you have access to the client.pem key needed to talk to the CHEF server. For this example, we'll assume the non root user is "oracle".
Step 1:
As root, copy the entire content of /etc/chef folder to "oracle" user's home directory and change permissions.
cp -rf /etc/chef /home/oracle/.chef
chown -R oracle:oinstall /home/oracle/.chef
Step 2:
Open the /home/oracle/.che/client.rb file and add the following lines:
cache_path "/home/oracle/.chef"
client_key "/home/oracle/.chef/client.pem"
If you don't specify cache_path, you will get the error:
Unable to access cache at /var/chef. Switching cache to /home/oracle/.chef
whenever you run the chef-client as oracle user.
If you don't specify the client_key location, chef-client will look at /etc/chef/client.pem file, if the file is not readable (by default it won't), the client will error out with
Private Key Not Found:
----------------------
Your private key could not be loaded. If the key file exists, ensure that it is
readable by chef-client.
Relevant Config Settings:
-------------------------
validation_key "/etc/chef/validation.pem"
Step 3:
Now, run the chef-client with the following arguments:
chef-client -o recipe[] -c /home/oracle/.chef/client.rb
Assumption:
It is assumed that you already have bootstrapped the node and/or installed the chef-client. Also, it assumes that you have access to the client.pem key needed to talk to the CHEF server. For this example, we'll assume the non root user is "oracle".
Step 1:
As root, copy the entire content of /etc/chef folder to "oracle" user's home directory and change permissions.
cp -rf /etc/chef /home/oracle/.chef
chown -R oracle:oinstall /home/oracle/.chef
Step 2:
Open the /home/oracle/.che/client.rb file and add the following lines:
cache_path "/home/oracle/.chef"
client_key "/home/oracle/.chef/client.pem"
If you don't specify cache_path, you will get the error:
Unable to access cache at /var/chef. Switching cache to /home/oracle/.chef
whenever you run the chef-client as oracle user.
If you don't specify the client_key location, chef-client will look at /etc/chef/client.pem file, if the file is not readable (by default it won't), the client will error out with
Private Key Not Found:
----------------------
Your private key could not be loaded. If the key file exists, ensure that it is
readable by chef-client.
Relevant Config Settings:
-------------------------
validation_key "/etc/chef/validation.pem"
Step 3:
Now, run the chef-client with the following arguments:
chef-client -o recipe[
No comments:
Post a Comment