Changing Chef HA Cluster hostname best practices?


#1

Hello everyone,

I am currently running a Chef HA cluster that is utilizing private DNS/hostnames (ex. nonfqdndomain.private). My goal is to update the Chef cluster's hostname to a fully qualified public domain name (so I can issue a valid vendor SSL certificate). So from "nonfqdndnomain.private" to "mypublicdomain.com". My cluster is in AWS and the EC2 instances have the standard AWS EC2 hostname (user@ip-xxx-xx-xx-xx:). To top that up, I am using a classic AWS load balancer to distribute traffic to the frontend nodes that I have.

From my understanding/research, the following has to be done.

  • Update the "/etc/opscode/chef-server.rb" file with the following entry on each frontend node.

nginx['server_name']=" mypublicdomain.com "

  • Also update the "/etc/opscode/chef-server.rb" file to include the new vendor issued SSL cert.

nginx['ssl_certificate'] = "/etc/pki/tls/certs/your-host.crt"

nginx['ssl_certificate_key'] = "/etc/pki/tls/private/your-host.key"

  • Run the "sudo chef-server-ctl reconfigure" command to update the frontend nodes configuration.

  • Push the new vendor issued SSL certificate to the AWS load balancer.

  • Update each existing bootstrapped node's client.rb file to match the new chef server hostname.

chef_server_url " [mypublicdomain.com](https://mypublicdomain.com) "

Does this seem right? Any precautions to take or possible risks in doing this?

Your help is appreciated.

Thank you!


#2

Hi,

If you have a loadbalancer then you can think about the next:

  • import the right ssl to AWS loadbalancer
  • configure the Chef front-end servers to listen on non-ssl

The rest of steps look good.

Mihaly