chef-client node name must be identical to client name?

Question

i am able to run "chef-client" command to my hosted chef server using the following command:

sudo chef-client -c /etc/chef/knife.rb -o 'role[webserver]'

and this knife.rb file:

 node_name                "my_client_name"  
 client_key               "#{current_dir}/my_client_name.pem"
 validation_client_name   "XXXXX-validator"
 validation_key           "#{current_dir}/XXXXX-validator.pem"  
 chef_server_url          "https://api.opscode.com/organizations/XXXXX"

BUT, when I am trying to use a different node name in the file or by using the -N in the command I get:

Chef encountered an error attempting to load the node data for "aaaa" Failed to authenticate to the chef server (http 401).
Invalid signature for user or client 'aaaa'

seems that only when the node name is identical to the client name the command runs successfully.

I guess I am missing something but I would like to have the NODE name to be the $HOSTNAME or any name other than the client name. what am I missing?

Thanks, Amos

Answer 1

When you bootstrap new node on hosted chef, you basically creates client and node.

By official documentation node is:

any physical, virtual, or cloud machine that is configured to be maintained by a chef-client

And client is used for authentication with chef server (its represented with RSA public key-pairs).

So by default client and node names are the same, and because of that you can't change name name on fly.

To change it you must destroy current node and create a new one, with bootstrap command, or manually create node and client with:

  knife client create #{name} --file client_keys/#{name}.pem -d
  knife node create #{name} -u #{name} -k client_keys/#{name}.pem -d

For more info check official docs:

• Clinet https://docs.getchef.com/knife_client.html
• Node https://docs.getchef.com/knife_node.html