We have one chef server per Google Compute region. We’d like to share the
validation key between them. If we don’t share the validation key, we’ll
need to create one O/S image (with a baked in validation key) per region,
which we’d rather not do.
For the initial chef server, I have the private key (the validation key),
and the public key, obtainable via the Chef UI. I’d like to upload the
public key to the second chef server. The chef API apparently supports
this, and it looks like knife does too.
When I enter ‘knife client create foo’, the editor comes up and the
public_key field is null. I’ve tried placing the public key of the first
chef server in there in multiple formats. but none seem to work. What is
the correct format?
you can share the same validation key across multiple chef server.
validation key is just a special flag that you need to turn on in client
metadata (validator: true). You can create a using the knife raw plugin
knife client show foo -Fj > foo.json
will be an example json
knife raw /clients -m POST -i foo.json
will create the client, just set validation to true
We have one chef server per Google Compute region. We'd like to share the
validation key between them. If we don't share the validation key, we'll
need to create one O/S image (with a baked in validation key) per region,
which we'd rather not do.
For the initial chef server, I have the private key (the validation key),
and the public key, obtainable via the Chef UI. I'd like to upload the
public key to the second chef server. The chef API apparently supports
this, and it looks like knife does too.
When I enter 'knife client create foo', the editor comes up and the
public_key field is null. I've tried placing the public key of the first
chef server in there in multiple formats. but none seem to work. What is
the correct format?
Another way to do this that may scale better (for example, it will
replicate new clients when you add them):
knife download /clients
knife upload /clients
You can do this with other objects as well if you so desire (/cookbooks,
/roles, etc.). In fact, a full replication would be knife download / from
server A, then knife upload / to server B.
you can share the same validation key across multiple chef server.
validation key is just a special flag that you need to turn on in client
metadata (validator: true). You can create a using the knife raw plugin
knife client show foo -Fj > foo.json
will be an example json
knife raw /clients -m POST -i foo.json
will create the client, just set validation to true
We have one chef server per Google Compute region. We'd like to share the
validation key between them. If we don't share the validation key, we'll
need to create one O/S image (with a baked in validation key) per region,
which we'd rather not do.
For the initial chef server, I have the private key (the validation key),
and the public key, obtainable via the Chef UI. I'd like to upload the
public key to the second chef server. The chef API apparently supports
this, and it looks like knife does too.
When I enter 'knife client create foo', the editor comes up and the
public_key field is null. I've tried placing the public key of the first
chef server in there in multiple formats. but none seem to work. What is
the correct format?
Another way to do this that may scale better (for example, it will
replicate new clients when you add them):
knife download /clients
knife upload /clients
You can do this with other objects as well if you so desire (/cookbooks,
/roles, etc.). In fact, a full replication would be knife download /from server A, then knife
upload / to server B.
you can share the same validation key across multiple chef server.
validation key is just a special flag that you need to turn on in client
metadata (validator: true). You can create a using the knife raw plugin
knife client show foo -Fj > foo.json
will be an example json
knife raw /clients -m POST -i foo.json
will create the client, just set validation to true
We have one chef server per Google Compute region. We'd like to share
the validation key between them. If we don't share the validation key,
we'll need to create one O/S image (with a baked in validation key) per
region, which we'd rather not do.
For the initial chef server, I have the private key (the validation
key), and the public key, obtainable via the Chef UI. I'd like to upload
the public key to the second chef server. The chef API apparently supports
this, and it looks like knife does too.
When I enter 'knife client create foo', the editor comes up and the
public_key field is null. I've tried placing the public key of the first
chef server in there in multiple formats. but none seem to work. What is
the correct format?