Does chef knife ever need to directly access a node?

Question

Does knife ever access nodes directly, for example, during bootstrapping? Or does bootstrapping (and other access) all go via the chef server?

I'm wondering whether I can get away with configuring firewalls in AWS so that only the chef server can access the WinRM ports on the node (rather than the wide world where my workstation lives).

score 3 · Accepted Answer · answered Apr 25 '17 at 23:57

3

Knife bootstrap, and knife ssh both access directly, but both can take a flag for a jump box. I believe -G is the one. Of course, that jump box would need to be accessible from your workstation

answered Apr 25 '17 at 23:57

Tejay Cardon

379
1
4

Is that jump box usually/necessarily a chef server? – Jordan Morris Apr 26 '17 at 21:21
It certainly doesn't have to be. And I'd say it's probably better if it isn't. – Tejay Cardon Apr 30 '17 at 23:18

Does chef knife ever need to directly access a node?

1 Answers1