[chef] Re: Re: Creating new client with public key


Chronological Thread 
  • From: John Keiser < >
  • To:
  • Subject: [chef] Re: Re: Creating new client with public key
  • Date: Tue, 11 Feb 2014 15:49:12 -0800

Another way to do this that may scale better (for example, it will replicate new clients when you add them):

<from server A>
knife download /clients

<to server B>
knife upload /clients

You can do this with other objects as well if you so desire (/cookbooks, /roles, etc.).  In fact, a full replication would be knife download / from server A, then knife upload / to server B.


On Tue, Feb 11, 2014 at 3:40 PM, Ranjib Dey < " target="_blank"> > wrote:
you can share the same validation key across multiple chef server. validation key is just a special flag that you need to turn on in client metadata (validator:  true). You can create a using the knife raw plugin


knife client show foo -Fj > foo.json  

will be an example json

knife raw /clients -m POST -i foo.json

will create the client, just set validation to true

cheers



On Tue, Feb 11, 2014 at 3:20 PM, Douglas Garstang < " target="_blank"> > wrote:
All,

We have one chef server per Google Compute region. We'd like to share the validation key between them. If we don't share the validation key, we'll need to create one O/S image (with a baked in validation key) per region, which we'd rather not do.

For the initial chef server, I have the private key (the validation key), and the public key, obtainable via the Chef UI. I'd like to upload the public key to the second chef server. The chef API apparently supports this, and it looks like knife does too.

When I enter 'knife client create foo', the editor comes up and the public_key field is null. I've tried placing the public key of the first chef server in there in multiple formats. but none seem to work. What is the correct format?

Thanks,
Doug






Archive powered by MHonArc 2.6.16.

§