- From:
- To:
- Subject: [chef] Re: Migrating chef servers
- Date: Tue, 3 Jul 2012 13:56:43 -0700
fyi, there are previous posts on the chef list on this very topic. i had
to go thru this myself. i refer you to previous posts, not as an RTFM-jibe,
but just so you know :>
let's see... some of my notes:
The chef-server uses an RSA keypair. The private portion of this pair
is called the chef-validator and is "validation.pem" which all clients
use. The public portion of the pair is stored as data inside chef-server's
couchdb. This keypair is generated for the first time the first moment
the chef-server starts.
To provide this same keypair to a recovered chef-server, the idea is to load
a dump of the couchdb onto a new server.
1) you must dump the couchdb from the old chef server.
2) you must load that dump on the new chef server AFTER you have deleted
the brand new chef server's couchdb. like so:
new-chef# curl -XDELETE
http://127.0.0.1:5984/chef
new-chef# curl -XPUT
http://127.0.0.1:5984/chef
new-chef# couchdb-load --input=chef_couchdb_dump
http://127.0.0.1:5984/chef
--ignore-errors 1>couchdb-load.stdout 2>couchdb-load.stderr
give that a whirl?
kallen
On Tue, 03 Jul 2012, Kendrick Martin wrote:
>
How would I go about retrieving the public key from the db?
>
>
From: Ranjib Dey
>
[mailto:
>
Sent: Tuesday, July 03, 2012 11:11 AM
>
To:
>
>
Subject: [chef] Re: RE: Re: Migrating chef servers
>
>
can u verify if your old and new couch db has the same public key for the
>
apiclient you are using in knife.rb?
>
>
On Tue, Jul 3, 2012 at 11:34 PM, Kendrick Martin
>
<
<mailto:
>>
>
wrote:
>
I tried tarring the /var/lib/chef, /etc/chef, /etc/couchdb, and
>
/var/lib/couchdb directories on my old server, and replacing them on my
>
new server, but I'm getting failed to authenticate errors when using knife
>
against the new server.
>
>
From: Ranjib Dey
>
[mailto:
<mailto:
>]
>
Sent: Tuesday, July 03, 2012 10:53 AM
>
To:
>
<mailto:
>
>
Subject: [chef] Re: Migrating chef servers
>
>
replicate the couchdb
>
On Tue, Jul 3, 2012 at 10:35 PM, Kendrick Martin
>
<
<mailto:
>>
>
wrote:
>
Is there an easy way to migrate chef servers without having to re-gen the
>
client keys for every node and copy a new validation.pem file?
>
>
Kendrick Martin
>
>
>
Install Engineer
>
>
>
O: +1 503.553.2462
>
>
>
webtrends<http://www.webtrends.com/>
>
>
>
>
Real -Time Relevance. Remarkable ROI.(tm)
>
>
>
>
London | Portland | San Francisco | Melbourne | Tokyo
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
Archive powered by MHonArc 2.6.16.