Creating new client with public key


#1

All,

We have one chef server per Google Compute region. We’d like to share the
validation key between them. If we don’t share the validation key, we’ll
need to create one O/S image (with a baked in validation key) per region,
which we’d rather not do.

For the initial chef server, I have the private key (the validation key),
and the public key, obtainable via the Chef UI. I’d like to upload the
public key to the second chef server. The chef API apparently supports
this, and it looks like knife does too.

When I enter ‘knife client create foo’, the editor comes up and the
public_key field is null. I’ve tried placing the public key of the first
chef server in there in multiple formats. but none seem to work. What is
the correct format?

Thanks,
Doug


#2

you can share the same validation key across multiple chef server.
validation key is just a special flag that you need to turn on in client
metadata (validator: true). You can create a using the knife raw plugin

knife client show foo -Fj > foo.json

will be an example json

knife raw /clients -m POST -i foo.json

will create the client, just set validation to true

cheers

On Tue, Feb 11, 2014 at 3:20 PM, Douglas Garstang
doug.garstang@gmail.comwrote:

All,

We have one chef server per Google Compute region. We’d like to share the
validation key between them. If we don’t share the validation key, we’ll
need to create one O/S image (with a baked in validation key) per region,
which we’d rather not do.

For the initial chef server, I have the private key (the validation key),
and the public key, obtainable via the Chef UI. I’d like to upload the
public key to the second chef server. The chef API apparently supports
this, and it looks like knife does too.

When I enter ‘knife client create foo’, the editor comes up and the
public_key field is null. I’ve tried placing the public key of the first
chef server in there in multiple formats. but none seem to work. What is
the correct format?

Thanks,
Doug


#3

Another way to do this that may scale better (for example, it will
replicate new clients when you add them):

knife download /clients knife upload /clients

You can do this with other objects as well if you so desire (/cookbooks,
/roles, etc.). In fact, a full replication would be knife download / from
server A, then knife upload / to server B.

On Tue, Feb 11, 2014 at 3:40 PM, Ranjib Dey dey.ranjib@gmail.com wrote:

you can share the same validation key across multiple chef server.
validation key is just a special flag that you need to turn on in client
metadata (validator: true). You can create a using the knife raw plugin

knife client show foo -Fj > foo.json

will be an example json

knife raw /clients -m POST -i foo.json

will create the client, just set validation to true

cheers

On Tue, Feb 11, 2014 at 3:20 PM, Douglas Garstang <doug.garstang@gmail.com

wrote:

All,

We have one chef server per Google Compute region. We’d like to share the
validation key between them. If we don’t share the validation key, we’ll
need to create one O/S image (with a baked in validation key) per region,
which we’d rather not do.

For the initial chef server, I have the private key (the validation key),
and the public key, obtainable via the Chef UI. I’d like to upload the
public key to the second chef server. The chef API apparently supports
this, and it looks like knife does too.

When I enter ‘knife client create foo’, the editor comes up and the
public_key field is null. I’ve tried placing the public key of the first
chef server in there in multiple formats. but none seem to work. What is
the correct format?

Thanks,
Doug


#4

Thanks guys! Perfect!

knife-co1 download /clients && knife-co2 upload /clients

Doug.

On Tue, Feb 11, 2014 at 3:49 PM, John Keiser jkeiser@getchef.com wrote:

Another way to do this that may scale better (for example, it will
replicate new clients when you add them):

knife download /clients knife upload /clients

You can do this with other objects as well if you so desire (/cookbooks,
/roles, etc.). In fact, a full replication would be knife download /from server A, then knife
upload / to server B.

On Tue, Feb 11, 2014 at 3:40 PM, Ranjib Dey dey.ranjib@gmail.com wrote:

you can share the same validation key across multiple chef server.
validation key is just a special flag that you need to turn on in client
metadata (validator: true). You can create a using the knife raw plugin

knife client show foo -Fj > foo.json

will be an example json

knife raw /clients -m POST -i foo.json

will create the client, just set validation to true

cheers

On Tue, Feb 11, 2014 at 3:20 PM, Douglas Garstang <
doug.garstang@gmail.com> wrote:

All,

We have one chef server per Google Compute region. We’d like to share
the validation key between them. If we don’t share the validation key,
we’ll need to create one O/S image (with a baked in validation key) per
region, which we’d rather not do.

For the initial chef server, I have the private key (the validation
key), and the public key, obtainable via the Chef UI. I’d like to upload
the public key to the second chef server. The chef API apparently supports
this, and it looks like knife does too.

When I enter ‘knife client create foo’, the editor comes up and the
public_key field is null. I’ve tried placing the public key of the first
chef server in there in multiple formats. but none seem to work. What is
the correct format?

Thanks,
Doug


Regards,

Douglas Garstang
http://www.linkedin.com/in/garstang
Email: doug.garstang@gmail.com
Cell: +1-805-340-5627