Before Chef 12 (when I was running OS Chef 11), I had only an admin
client.pem that I used with knife and berkshelf to managing
cookbooks/nodes/etc. Now with Chef 12 I needed to create a user.pem to
upload cookbooks and such.
What is the recommended way to manage these keys? Do I not need a
client.pem for my workstation anymore? Is there any way to specify the
private key from my old client as the private key to use for my new user?
The chef-server-ctl commands will let you set keys for your users and
clients. With Chef 12 you can specify multiple keys and/or add and remove
keys asynchronously, so key management is greatly enhanced.
You can check out the chef-server-populator cookbook to manage this with
Chef via data bags. The Chef 12 branch is currently stable, and we'll be
pushing a new release this week:
https://github.com/hw-cookbooks/chef-server-populator/tree/feature/chef-12/recipes
--
Michael F. Weinberg | Director of Operations
http://heavywaterops.com | @heavywaterops
On Mon, Mar 16, 2015 at 9:55 AM, tayworm . tayworm@gmail.com wrote:
Before Chef 12 (when I was running OS Chef 11), I had only an admin
client.pem that I used with knife and berkshelf to managing
cookbooks/nodes/etc. Now with Chef 12 I needed to create a user.pem to
upload cookbooks and such.What is the recommended way to manage these keys? Do I not need a
client.pem for my workstation anymore? Is there any way to specify the
private key from my old client as the private key to use for my new user?
Along these same lines, I'm having issues with groups after my upgrade.
When I try to use knife from my workstation, I get this error:
'you are not authorized for this action
Response: missing create permission'
How can I manage these permissions?
On Mon, Mar 16, 2015 at 10:01 AM, Michael Weinberg michael@hw-ops.com
wrote:
The chef-server-ctl commands will let you set keys for your users and
clients. With Chef 12 you can specify multiple keys and/or add and remove
keys asynchronously, so key management is greatly enhanced.You can check out the chef-server-populator cookbook to manage this with
Chef via data bags. The Chef 12 branch is currently stable, and we'll be
pushing a new release this week:https://github.com/hw-cookbooks/chef-server-populator/tree/feature/chef-12/recipes
--
Michael F. Weinberg | Director of Operations
http://heavywaterops.com | @heavywateropsOn Mon, Mar 16, 2015 at 9:55 AM, tayworm . tayworm@gmail.com wrote:
Before Chef 12 (when I was running OS Chef 11), I had only an admin
client.pem that I used with knife and berkshelf to managing
cookbooks/nodes/etc. Now with Chef 12 I needed to create a user.pem to
upload cookbooks and such.What is the recommended way to manage these keys? Do I not need a
client.pem for my workstation anymore? Is there any way to specify the
private key from my old client as the private key to use for my new user?