summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLamont Granquist <lamont@scriptkiddie.org>2015-02-17 07:47:03 -0800
committerLamont Granquist <lamont@scriptkiddie.org>2015-02-17 07:47:03 -0800
commit80a506852e4a973d666a03a9647d58ad056eea10 (patch)
tree084391950a4e1b0e06b01d34c64e5bf9fd0d87ed
parent12af45d8c2d9bdc5043d1f92822d23c12e008378 (diff)
downloadchef-80a506852e4a973d666a03a9647d58ad056eea10.tar.gz
forgot my md files for validatorless bootstraps
-rw-r--r--CHANGELOG.md2
-rw-r--r--DOC_CHANGES.md11
-rw-r--r--RELEASE_NOTES.md15
3 files changed, 28 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3d6ab92910..1bbc19c96d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -98,6 +98,8 @@
* Move supermarket.getchef.com to supermarket.chef.io
* Check with AccessCheck for permission to write to directory on Windows
* Add declare_resource/build_resource comments, fix faulty ||=
+* Knife bootstrap creates a client and ships it to the node to implement validatorless bootstraps
+* Knife bootstrap can use the client it creates to setup chef-vault items for the node
## 12.0.3
* [**Phil Dibowitz**](https://github.com/jaymzh):
diff --git a/DOC_CHANGES.md b/DOC_CHANGES.md
index 488adb0daf..cae29adb80 100644
--- a/DOC_CHANGES.md
+++ b/DOC_CHANGES.md
@@ -67,3 +67,14 @@ A documented feature of the yum_package provider was the ability to specify a ve
However, this did not actually work. It has now been fixed, and additionally version requirements are now supported in the `version` attribute
of yum_package as well.
+## Validatorless bootstraps
+
+Validation keys are now optional. If the validation key is simply deleted and does not exist, then knife bootstrap will use the
+user's key to create a client for the node and create the node object and bootstrap the host. Validation keys can continue to be
+used, particularly for autoscaling, but even for that use case a dedicated user for autoscaling would be preferable to the shared
+validation key.
+
+## Bootstrap will create chef-vault items
+
+The --bootstrap-vault-item, --bootstrap-vault-json, and --bootstrap-vault-file arguments have been added to knife bootstrap providing
+three alternative ways to set chef vault items when bootstrapping a host.
diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md
index 58a2b81aad..5f032754bc 100644
--- a/RELEASE_NOTES.md
+++ b/RELEASE_NOTES.md
@@ -586,3 +586,18 @@ inflexible since it cannot handle the case where an admin installs or removes a
handle the case where there may be multiple providers that handle different kinds of services (e.g. Upstart, SysV,
etc). This fixes the Ubuntu 14.04 service resource problems, and can handle arbitrarily complicated future distro
and administrative preferences dynamically.
+
+## Knife Bootstrap Validatorless Bootstraps and Chef Vault integration
+
+The knife bootstrap command now supports validatorless bootstraps. This can be enabled via deleting the validation key.
+When the validation key is not present, knife bootstrap will use the user key in order to create a client for the node
+being bootstrapped. It will also then create a node object and set the environment, run_list, initial attributes, etc (avoiding
+the problem of the first chef-client failing and not saving the node's run_list correctly).
+
+Also knife vault integration has been added so that knife bootstrap can use the client key to add chef vault items to
+the node, reducing the number of steps necessary to bootstrap a node with chef vault.
+
+There is no support for validatorless bootstraps when the node object has been precreated by the user beforehand, as part
+of the process any old node or client will be deleted when doing validatorless bootstraps. The old process with the validation
+key still works for this use case. The setting of the run_list, environment and json attributes first via knife bootstrap
+should mitigate some of the need to precreate the node object by hand first.