I’ve been fighting to get chef-sync replication working for a few days. Currently I’m stuck unable to create a proper ec_sync_user on the replication server. This command works from both replication and master servers:
sudo /opt/chef/embedded/bin/knife node list -s https://<MASTER_IP>/organizations/<ORG_NAME> -u ec_sync_user -k /etc/chef-sync/ec_sync_user.pem
This command, however fails when run from either server:
sudo /opt/chef/embedded/bin/knife node list -s https://<REPLICATION_IP>/organizations/<ORG_NAME> -u ec_sync_user -k /etc/chef-sync/ec_sync_user.pem
I get this error:
“ERROR: Failed to authenticate to https://<REPLICATION_IP>/organizations/<ORG_NAME> as ec_sync_user with key /etc/chef-sync/ec_sync_user.pem”
“Response: Invalid signature for user or client ‘ec_sync_user’”
I’ve deleted and remade the ec_sync_user on the replication user over and over. I can’t seem to get it to work tho. Anyone have any idea? Or even just a good resource/tutorial for installing and configuring chef-sync? It doesn’t seem to be a heavily used feature.
I’ve answered my own question by discussing chef-sync in a few other places. The reason chef-sync does not work is because it is a half-assed non-product that Chef is too lazy to remove from their website. It is flagged to be deprecated and has only been used in production by a small number of customers that have enterprise support agreements. DO NOT attempt to use chef-sync AKA chef replication. I repeat - DO NOT USE - it does not work and you will go insane trying to figure it out. I hope this helps saves someone some time. Don’t lose 3+ days fighting with this like I did. Super miffed at Chef right now and I’m taking a hard look at Salt/Ansible.
You’re correct that Chef-sync never made it to 1.0. While we recognize that synchronizing the data sets of multiple chef servers is a problem that people would like to solve, after consideration we decided that Chef-sync could not be the right solution to that problem for the majority of our subscribers. As such we decided to no longer make chef-sync available to new users.
Several months ago all mention of Chef-sync was removed from our websites and our sales materials, and it is no longer available via the automatic add-on downloader in newer releases of the Chef server. Chef-sync does remain available in the package system and documentation, for people who have support for Chef-sync covered under existing agreements. We will continue to support chef-sync for these subscribers. Chef subscribers should contact Chef’s support department directly for assistance with Chef-sync.
If you’d like to talk with us about how we can more clearly communicate the status of this product to avoid similar situations in the future, we’d love to hear from you.