Hello everyone,
I am currently running a Chef HA cluster that is utilizing private DNS/hostnames (ex. nonfqdndomain.private). My goal is to update the Chef cluster's hostname to a fully qualified public domain name (so I can issue a valid vendor SSL certificate). So from "nonfqdndnomain.private" to "mypublicdomain.com". My cluster is in AWS and the EC2 instances have the standard AWS EC2 hostname (user@ip-xxx-xx-xx-xx:). To top that up, I am using a classic AWS load balancer to distribute traffic to the frontend nodes that I have.
From my understanding/research, the following has to be done.
- Update the "/etc/opscode/chef-server.rb" file with the following entry on each frontend node.
nginx['server_name']=" mypublicdomain.com "
- Also update the "/etc/opscode/chef-server.rb" file to include the new vendor issued SSL cert.
nginx['ssl_certificate'] = "/etc/pki/tls/certs/your-host.crt"
nginx['ssl_certificate_key'] = "/etc/pki/tls/private/your-host.key"
-
Run the "sudo chef-server-ctl reconfigure" command to update the frontend nodes configuration.
-
Push the new vendor issued SSL certificate to the AWS load balancer.
-
Update each existing bootstrapped node's client.rb file to match the new chef server hostname.
chef_server_url " [mypublicdomain.com](https://mypublicdomain.com) "
Does this seem right? Any precautions to take or possible risks in doing this?
Your help is appreciated.
Thank you!