When a node is added to chef, a public/private pair is created. The public key is stored on chef server and the private key is stored on the node. When the node communicates with the Chef servers, it signs a set of httpd headers with its private key and the chef server decrypts those headers with the node’s public key:
http://docs.opscode.com/chef_private_keys.html#how-keys-are-used
This means that you will have to ensure that you have a back of the node’s public key (which is only stored on Chef server and nowhere else). If you lose it, the Chef server will not be able to decrypt the headers and thereby will not be able to authenticate the client.
So backup your Chef server. For older Chef servers, you find this informative:
https://wiki.opscode.com/display/chef/Backing+Up+Chef+Server
For current releases, this may be useful:
Rilindo Foster
Cloud Optimization Engineer
-----Original Message-----
From: markhaja@us.ibm.com [mailto:markhaja@us.ibm.com]
Sent: Tuesday, July 01, 2014 1:47 PM
To: chef@lists.opscode.com
Subject: [chef] chef server rebuild?
I’m new to chef, but looking at setting up a chef server for serving cookbooks to a few dozen nodes.
I’ve been through the tutorials, but have started to wonder about the chef server.
For example, If I have 20+ nodes connected to the chef server, all those nodes were set up via knife bootstrap, specifying a “node” name, “websrv01” or “dbsrv03”… Chef server crashes, and needs to be rebuilt. I reinstall the OS on the server, put on chef server, put on the run lists and put all the cookbooks back.
How does the chef server identify some server running chef-client as node “websrv04"? How can I save away and restore that node information?