This is the way recommended in the Chef Fast Start tutorial:
knife ssh name:mynode -a ipaddress -x ubuntu -i mycredentials.pem "sudo chef-client"
This is really clumsy. Is there really not a better way, or is the idea that in a real production environment, you'll have nodes auto-updating anyway?
You could use knife ssh to run chef-client on all boxes that contain a certain role or recipe:
knife ssh "role:web" "sudo chef-client" -x ubuntu --sudo
Or if you're in EC2:
knife ssh "role:web" "sudo chef-client" -x ubuntu -a ec2.public_hostname
That'd pretty much how you get things started to begin with, but it only needs to be done once. The initial run of chef-client typically enables and starts the chef-client daemon as an init.d service.
If you really wanted to do it more elegantly, you could ditch knife-ssh and run ssh directly:
ssh ubuntu@ipadddress -i mycredentials.pem sudo chef-client
that will probably be faster, as knife-ssh does a search against the Chef server to fetch nodes matching the search term (in this case name:dynode), which you don't strictly need to do if you already know the IP address.
You could use ansible to deploy and run chef-client.
$ ansible -i hosts all -a 'chef-client'
ansible is easily installed with pip:
pip install ansible
Your inventory file (in the example, named "hosts") might look like this:
[all]
host1.example.com ansible_user=root
host2.example.com ansible_user=root
host3.example.com ansibel_user=root
(notice "all" is the name of the grouping in the configuration file for our example - this is arbitrary and can be anything. Your inventory file can also include other groupings as well, eg [web_wervers], [database_servers], [chef_servers], etc.)
So,again, putting it all together:
> ansible -i hosts all -a 'chef-client'
or maybe:
> ansible -i hosts all -a 'systemctl status'
I use Jenkins CI to manage the runs. Linux server is set up as a workstation and has Jenkins installed on it. So I can bootstrap the nodes with modified run_list. The bootstrapping process, anyway, runs chef-client at the end.
For the adhoc execution, the Jenkins job executes knife commands to modify the run_list for a node and to use the SSH plugin to execute chef-client on the desired node.
It's a pity that to dispatch a command to chef client we have to use ssh underline.
It seems that although every chef client has set up a secure connection with chef server, but chef server does not provide a command multiplexer over that secure connection, why?
There is a new command chef-run in Chef Workstation:
chef-run server_name resource_name
It will install chef-client if not present and run the resource or cookbook you specify.
