[chef] Re: Re: Re: Re: renaming a node

[John Merrells < >]

On Apr 2, 2010, at 10:46 AM, Joshua Timberman wrote:

> On Apr 2, 2010, at 11:42 AM, John Merrells wrote:
> 
>> The other thing I don't grok yet is the relationship between the client 
>> name,
>> the node name, and the hostname. When chef client registers itself it 
>> creates
>> a client and a node with the hostname for their name and creates a 
>> certificate
>> for the client.... but.... if i change the hostname of the machine is it 
>> going to
>> break the authentication of the client using the client certificate? Hmm...
>> thinking out load really.
> 
> 
> Chef uses the "node_name" value for the "client_name" when it registers the 
> new client with the API.
> 
> By default, the "node_name" comes from the FQDN as detected by ohai (via 
> hostname -f). You can override this setting in the client.rb by setting 
> node_name explicitly:
> 
> % grep node_name /etc/chef/client.rb
> node_name "web1prod.example.com"
> 
> This isn't easily managable or scalable but for a one-off system it's okay.


I'm still stuck with this.

If the machine starts with fqdn A and the chef client registers a new node on 
the chef server with name A, then the client starts fine. If I then create a 
chef server node named B, with the webui, and then change the hostname of the 
machine from A to B, in /etc/hosts and /etc/hostnames and reboot, then the 
client silently fails to connect to the server. If I then go into client.rb 
and set node_name=A then all is happy again. If I go `ohai | grep fqdn` then 
I do get back B..... 

The only thing I can think of is that the silence is a feature of the 
security system.... so the client cert is now busted in some way... so the 
client cert must be connected to the hostname somehow?

John 

-- 
John Merrells
http://johnmerrells.com
+1.415.244.5808