fyi, there are previous posts on the chef list on this very topic. i had
to go thru this myself. i refer you to previous posts, not as an RTFM-jibe,
but just so you know :>
let’s see… some of my notes:
The chef-server uses an RSA keypair. The private portion of this pair
is called the chef-validator and is “validation.pem” which all clients
use. The public portion of the pair is stored as data inside chef-server’s
couchdb. This keypair is generated for the first time the first moment
the chef-server starts.
To provide this same keypair to a recovered chef-server, the idea is to load
a dump of the couchdb onto a new server.
- you must dump the couchdb from the old chef server.
- you must load that dump on the new chef server AFTER you have deleted
the brand new chef server’s couchdb. like so:
new-chef# curl -XDELETE http://127.0.0.1:5984/chef
new-chef# curl -XPUT http://127.0.0.1:5984/chef
new-chef# couchdb-load --input=chef_couchdb_dump http://127.0.0.1:5984/chef --ignore-errors 1>couchdb-load.stdout 2>couchdb-load.stderr
give that a whirl?
On Tue, 03 Jul 2012, Kendrick Martin wrote:
How would I go about retrieving the public key from the db?
From: Ranjib Dey [mailto:firstname.lastname@example.org]
Sent: Tuesday, July 03, 2012 11:11 AM
Subject: [chef] Re: RE: Re: Migrating chef servers
can u verify if your old and new couch db has the same public key for the apiclient you are using in knife.rb?
On Tue, Jul 3, 2012 at 11:34 PM, Kendrick Martin <Kendrick.Martin@webtrends.commailto:Kendrick.Martin@webtrends.com> wrote:
I tried tarring the /var/lib/chef, /etc/chef, /etc/couchdb, and /var/lib/couchdb directories on my old server, and replacing them on my new server, but I’m getting failed to authenticate errors when using knife against the new server.
From: Ranjib Dey [mailto:email@example.com:firstname.lastname@example.org]
Sent: Tuesday, July 03, 2012 10:53 AM
Subject: [chef] Re: Migrating chef servers
replicate the couchdb
On Tue, Jul 3, 2012 at 10:35 PM, Kendrick Martin <Kendrick.Martin@webtrends.commailto:Kendrick.Martin@webtrends.com> wrote:
Is there an easy way to migrate chef servers without having to re-gen the client keys for every node and copy a new validation.pem file?
O: +1 503.553.2462
Real -Time Relevance. Remarkable ROI.™
London | Portland | San Francisco | Melbourne | Tokyo