Chef Node is any physical, virtual or cloud MACHINE configured by Chef Client and managed by Chef Server. A “chef-client run” is used to describe a SERIES of steps the chef-client performs when it is configuring a node. During a chef-client run, the specified node is registered with Chef Server. This is done to AVOID unwanted requests to be sent to Chef Server from chef-clients. Every request initiated by chef-client is authenticated USING Chef Server API and a private key stored in “/etc/chef/client.pem” FILE in Chef Node.

During the first chef-client run on any node, the node won’t have the private key hence private key specified in the chef-validator placed in “/etc/chef/validation.pem” file is used. If chef-validator is unable to send an authenticated request to Chef Server the chef-client run will fail. After the node gets registered with the Chef Server chef-client attains a “client.pem” private key which will be used for all future authentication requests to the Chef server.chef-validator is not used after the initial chef-client run and hence could be deleted.