Managing client and user pems


#1

Before Chef 12 (when I was running OS Chef 11), I had only an admin
client.pem that I used with knife and berkshelf to managing
cookbooks/nodes/etc. Now with Chef 12 I needed to create a user.pem to
upload cookbooks and such.

What is the recommended way to manage these keys? Do I not need a
client.pem for my workstation anymore? Is there any way to specify the
private key from my old client as the private key to use for my new user?


#2

The chef-server-ctl commands will let you set keys for your users and
clients. With Chef 12 you can specify multiple keys and/or add and remove
keys asynchronously, so key management is greatly enhanced.

You can check out the chef-server-populator cookbook to manage this with
Chef via data bags. The Chef 12 branch is currently stable, and we’ll be
pushing a new release this week:

https://github.com/hw-cookbooks/chef-server-populator/tree/feature/chef-12/recipes


Michael F. Weinberg | Director of Operations
http://heavywaterops.com | @heavywaterops

On Mon, Mar 16, 2015 at 9:55 AM, tayworm . tayworm@gmail.com wrote:

Before Chef 12 (when I was running OS Chef 11), I had only an admin
client.pem that I used with knife and berkshelf to managing
cookbooks/nodes/etc. Now with Chef 12 I needed to create a user.pem to
upload cookbooks and such.

What is the recommended way to manage these keys? Do I not need a
client.pem for my workstation anymore? Is there any way to specify the
private key from my old client as the private key to use for my new user?


#3

Along these same lines, I’m having issues with groups after my upgrade.
When I try to use knife from my workstation, I get this error:

‘you are not authorized for this action
Response: missing create permission’

How can I manage these permissions?

On Mon, Mar 16, 2015 at 10:01 AM, Michael Weinberg michael@hw-ops.com
wrote:

The chef-server-ctl commands will let you set keys for your users and
clients. With Chef 12 you can specify multiple keys and/or add and remove
keys asynchronously, so key management is greatly enhanced.

You can check out the chef-server-populator cookbook to manage this with
Chef via data bags. The Chef 12 branch is currently stable, and we’ll be
pushing a new release this week:

https://github.com/hw-cookbooks/chef-server-populator/tree/feature/chef-12/recipes


Michael F. Weinberg | Director of Operations
http://heavywaterops.com | @heavywaterops

On Mon, Mar 16, 2015 at 9:55 AM, tayworm . tayworm@gmail.com wrote:

Before Chef 12 (when I was running OS Chef 11), I had only an admin
client.pem that I used with knife and berkshelf to managing
cookbooks/nodes/etc. Now with Chef 12 I needed to create a user.pem to
upload cookbooks and such.

What is the recommended way to manage these keys? Do I not need a
client.pem for my workstation anymore? Is there any way to specify the
private key from my old client as the private key to use for my new user?