Chef server rebuild?


#1

I’m new to chef, but looking at setting up a chef server for serving cookbooks
to a few dozen nodes.

I’ve been through the tutorials, but have started to wonder about the chef
server.

For example, If I have 20+ nodes connected to the chef server, all those nodes
were set up via knife bootstrap, specifying a “node” name, “websrv01” or
"dbsrv03"… Chef server crashes, and needs to be rebuilt. I reinstall the OS
on the server, put on chef server, put on the run lists and put all the
cookbooks back.

How does the chef server identify some server running chef-client as node
“websrv04"? How can I save away and restore that node information?


#2

On the Chef server side, you back up chef-server data repositories
(PostgreSQL stores private keys for nodes, users, clients, etc; Solr stores
search index; Bookshelf stores cookbooks, data bags, etc). On the node
side, you back up /etc/chef/client.pem and /etc/chef/client.rb, the files
chef-client uses to identify itself and locate Chef server.

On Tue, Jul 1, 2014 at 11:46 AM, markhaja@us.ibm.com wrote:

I’m new to chef, but looking at setting up a chef server for serving
cookbooks
to a few dozen nodes.

I’ve been through the tutorials, but have started to wonder about the chef
server.

For example, If I have 20+ nodes connected to the chef server, all those
nodes
were set up via knife bootstrap, specifying a “node” name, “websrv01” or
"dbsrv03"… Chef server crashes, and needs to be rebuilt. I reinstall the
OS
on the server, put on chef server, put on the run lists and put all the
cookbooks back.

How does the chef server identify some server running chef-client as node
“websrv04"? How can I save away and restore that node information?


Best regards, Dmitriy V.


#3

When a node is added to chef, a public/private pair is created. The public key is stored on chef server and the private key is stored on the node. When the node communicates with the Chef servers, it signs a set of httpd headers with its private key and the chef server decrypts those headers with the node’s public key:

http://docs.opscode.com/chef_private_keys.html#how-keys-are-used

This means that you will have to ensure that you have a back of the node’s public key (which is only stored on Chef server and nowhere else). If you lose it, the Chef server will not be able to decrypt the headers and thereby will not be able to authenticate the client.

So backup your Chef server. For older Chef servers, you find this informative:

https://wiki.opscode.com/display/chef/Backing+Up+Chef+Server

For current releases, this may be useful:

Rilindo Foster
Cloud Optimization Engineer

-----Original Message-----
From: markhaja@us.ibm.com [mailto:markhaja@us.ibm.com]
Sent: Tuesday, July 01, 2014 1:47 PM
To: chef@lists.opscode.com
Subject: [chef] chef server rebuild?

I’m new to chef, but looking at setting up a chef server for serving cookbooks to a few dozen nodes.

I’ve been through the tutorials, but have started to wonder about the chef server.

For example, If I have 20+ nodes connected to the chef server, all those nodes were set up via knife bootstrap, specifying a “node” name, “websrv01” or “dbsrv03”… Chef server crashes, and needs to be rebuilt. I reinstall the OS on the server, put on chef server, put on the run lists and put all the cookbooks back.

How does the chef server identify some server running chef-client as node “websrv04"? How can I save away and restore that node information?