chef - [chef] Re: Migrating chef servers

Subscribers: 1946
Owners
Bryan McLellan
Joshua Timberman
Nathen Harvey
Seth Chisamore
Serdar Sutay

Subscribe
Unsubscribe
Info
Archive

Post

RSS
Shared documents

General discussion about Chef

[chef] Re: Migrating chef servers

From:
To:
Subject: [chef] Re: Migrating chef servers
Date: Tue, 3 Jul 2012 13:56:43 -0700

fyi, there are previous posts on the chef list on this very topic. i had
to go thru this myself. i refer you to previous posts, not as an RTFM-jibe,
but just so you know :>

let's see... some of my notes:

The chef-server uses an RSA keypair. The private portion of this pair
is called the chef-validator and is "validation.pem" which all clients
use. The public portion of the pair is stored as data inside chef-server's
couchdb. This keypair is generated for the first time the first moment
the chef-server starts.

To provide this same keypair to a recovered chef-server, the idea is to load
a dump of the couchdb onto a new server.

1) you must dump the couchdb from the old chef server.
2) you must load that dump on the new chef server AFTER you have deleted
   the brand new chef server's couchdb. like so:

new-chef# curl -XDELETE http://127.0.0.1:5984/chef
new-chef# curl -XPUT http://127.0.0.1:5984/chef
new-chef# couchdb-load --input=chef_couchdb_dump http://127.0.0.1:5984/chef ;
--ignore-errors 1>couchdb-load.stdout 2>couchdb-load.stderr

give that a whirl?

kallen

On Tue, 03 Jul 2012, Kendrick Martin wrote:

> How would I go about retrieving the public key from the db?
>
> From: Ranjib Dey
> [mailto:
> Sent: Tuesday, July 03, 2012 11:11 AM
> To:
>
> Subject: [chef] Re: RE: Re: Migrating chef servers
>
> can u verify  if your old and new couch db has the same public key for the
> apiclient you are using in knife.rb?
>
> On Tue, Jul 3, 2012 at 11:34 PM, Kendrick Martin
> < <mailto: >>
>  wrote:
> I tried tarring the /var/lib/chef, /etc/chef, /etc/couchdb, and
> /var/lib/couchdb  directories on my old server, and replacing them on my
> new server, but I'm getting failed to authenticate errors when using knife
> against the new server.
>
> From: Ranjib Dey
> [mailto: <mailto: >]
> Sent: Tuesday, July 03, 2012 10:53 AM
> To:
> <mailto: >
> Subject: [chef] Re: Migrating chef servers
>
> replicate the couchdb
> On Tue, Jul 3, 2012 at 10:35 PM, Kendrick Martin
> < <mailto: >>
>  wrote:
> Is there an easy way to migrate chef servers without having to re-gen the
> client keys for every node and copy a new validation.pem file?
>
> Kendrick Martin
>
>
> Install Engineer
>
>
> O: +1 503.553.2462
>
>
> webtrends<http://www.webtrends.com/>
>
>
>
> Real -Time Relevance. Remarkable ROI.(tm)
>
>
>
> London | Portland | San Francisco | Melbourne | Tokyo
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>

[chef] Migrating chef servers, Kendrick Martin, 07/03/2012
- [chef] Re: Migrating chef servers, Ranjib Dey, 07/03/2012
  - [chef] Re: Migrating chef servers, Ranjib Dey, 07/03/2012
  - [chef] RE: Re: Migrating chef servers, Kendrick Martin, 07/03/2012
    - [chef] Re: RE: Re: Migrating chef servers, Ranjib Dey, 07/03/2012
      - [chef] RE: Re: RE: Re: Migrating chef servers, Kendrick Martin, 07/03/2012
        
        [chef] Re: Migrating chef servers, kallen, 07/03/2012
        
        [chef] Re: RE: Re: RE: Re: Migrating chef servers, Ranjib Dey, 07/03/2012