I Want to Update Existing Node Data Using New Clients

Sean Horn -

Sometimes, it is more convenient to be able to update nodes using non-original clients.
This document shows how to set the permissions on node objects to allow any client the ability to update any node. After these changes are made, you will be able to delete the client for a given node, then run chef-client on the node and the new client will able to update the node's data object on the Chef Server.

WARNING: Making these changes in the ACLs is a security risk, as any client will be able to update any node.

Install the knife-acl plugin on your workstation.

    
    chef gem install knife-acl

Then add the "clients" group to the "update" permission on the "nodes" container endpoint. This handles nodes created from this point on.

    
    knife acl add group clients containers nodes update

To allow existing nodes to be modified by new clients of the same name, you must also run the following command.

    knife acl bulk add group clients nodes '.*' update

 

Have more questions? Submit a request

Comments

Powered by Zendesk