I had a requirement where I need to register my node with chef server without bootstrap. In old version of chef I used to copy and paste the validation.pem file in /etc/chef/ folder and used to run chef-client command which registers itself to chef-server. But in new version there is no validation.pem. So is there any alternative for this?
I have not tried this recently, but this was my process for building a base OS image that could I could self register to the chef server.
- Build base OS image
- Install Chef client:
a. As root : curl -L https://omnitruck.chef.io/install.sh | bash
b. Create directory /etc/chef , and /etc/chef/trusted_certs
c. Create file : /etc/client.rb
chef_server_url "https://api.chef.io/organizations/my-org"
validation_client_name "my-org-validator"
validation_key “/etc/chef/my-org-validator.pem”
trusted_certs_dir "/etc/chef/trusted_certs"
3. Copy validator certificate (my-org-validator.pem) to image. Make sure location is correct in client.rb file.
4. Copy server certificates from Chef Server to /etc/chef/trusted_certs
a. For hosted chef server, this would be:
i. DigiCert_SHA2_Secure_Server_CA.crt
ii. wildcard_opscode_com.crt
Registration with Chef Server.
After deployment, a new instance can be registered with the Chef Server in a couple of ways.
- Execute “chef-client” with no parameters.
- Execute “chef-client –r list of roles/recipes
a. For example : chef-client –r recipe[mypgsql::default], role[mylinux]
Hope it helps.
Hello dpeaslee, Thanks for the response. But my concern is about to register client without validation.pem as we don’t get validation.pem for new Chef servers.