What is the best way to run a particular command in Chef only when the node is bootstrapped, but not during subsequent Chef runs? For example, if I wanted to run apt-get upgrade when an Ubuntu node is first bootstrapped, what is the simplest way to accomplish that?
One solution might be to write to a file after the task has been completed, and run the task only_if that file doesn't exist - but this has the downside of running the task for existing nodes that already have this recipe. Would the only option involve overriding the default bootstrap template?
In general you would probably use the file idempotence, but you could also check a node attribute. For this case in particular you would probably want to touch the tracking file on all existing nodes, knife ssh '*:*' 'touch /whatever'.