I am currently running a Chef HA cluster that is utilizing private DNS/hostnames (ex. nonfqdndomain.private). My goal is to update the Chef cluster's hostname to a fully qualified public domain name (so I can issue a valid vendor SSL certificate). So from "nonfqdndnomain.private" to "mypublicdomain.com". My cluster is in AWS and the EC2 instances have the standard AWS EC2 hostname (user@ip-xxx-xx-xx-xx:). To top that up, I am using a classic AWS load balancer to distribute traffic to the frontend nodes that I have.
From my understanding/research, the following has to be done.
- Update the "/etc/opscode/chef-server.rb" file with the following entry on each frontend node.
- Also update the "/etc/opscode/chef-server.rb" file to include the new vendor issued SSL cert.
nginx['ssl_certificate'] = "/etc/pki/tls/certs/your-host.crt"
nginx['ssl_certificate_key'] = "/etc/pki/tls/private/your-host.key"
Run the "sudo chef-server-ctl reconfigure" command to update the frontend nodes configuration.
Push the new vendor issued SSL certificate to the AWS load balancer.
Update each existing bootstrapped node's client.rb file to match the new chef server hostname.
chef_server_url " [mypublicdomain.com
Does this seem right? Any precautions to take or possible risks in doing this?
Your help is appreciated.