- From: AJ Christensen <
>
- To:
- Subject: [chef] Re: problems specifying validation.pem for restored chef server
- Date: Wed, 8 Feb 2012 11:58:03 +1300
On 8 February 2012 11:27,
<
>
wrote:
>
>
hi
>
>
is there anything special i need to do to get my new chef server to use
>
the validation.pem and webui.pem i "tell" it to use? here's what i'm doing:
>
>
# /etc/init.d/chef-server stop
>
# curl -XDELETE http://127.0.0.1:5984/chef
>
{"ok":true}
>
>
# cp /tmp/validation.pem.from-backup /etc/chef/validation.pem
>
# cp /tmp/webui.pem.from-backup /etc/chef/webui.pem
>
>
# /etc/init.d/chef-server start
>
>
but.. it creates new keys anyway:
>
>
[Tue, 07 Feb 2012 22:19:25 +0000] INFO: Creating validation key...
>
[Tue, 07 Feb 2012 22:19:25 +0000] INFO: Creating new key pair for chef-webui
>
>
what to do?
>
>
my goal is to be able to bring up a chef server from backups in case of
>
emergency.
Yo,
Like I mentioned in IRC, if you want to bring your chef-server back
from a backup, you'll need to have backups of the Chef couchdb
database. Chef stores the public keys in the database as part of the
Authentication system.
Restoring the database before starting the chef-server processes
should cause it to not recreate the webui or validation clients,
allowing you to reuse your old private keys.
It's been years since I've tried to do this, but I'm sure others have
performed the task recently.
--AJ
>
>
kallen
Archive powered by MHonArc 2.6.16.