[chef] RE: chef server rebuild?

[Rilindo Foster < >]

When a node is added to chef, a public/private pair is created. The public 
key is stored on chef server and the private key is stored on the node. When 
the node communicates with the Chef servers, it signs a set of httpd headers 
with its private key and the chef server decrypts those headers with the 
node's public key:

http://docs.opscode.com/chef_private_keys.html#how-keys-are-used


This means that you will have to ensure that you have a back of the node's 
public key (which is only stored on Chef server and nowhere else). If you 
lose it, the Chef server will not be able to decrypt the headers and thereby 
will not be able to authenticate the client.

So backup your Chef server. For older Chef servers, you find this informative:

https://wiki.opscode.com/display/chef/Backing+Up+Chef+Server

For current releases, this may be useful:

http://developer.rackspace.com/blog/chef-server-backups.html


Rilindo Foster
Cloud Optimization Engineer

-----Original Message-----
From: 

 
 
[mailto:
 
 
Sent: Tuesday, July 01, 2014 1:47 PM
To: 

 
Subject: [chef] chef server rebuild?

I'm new to chef, but looking at setting up a chef server for serving 
cookbooks to a few dozen nodes. 

I've been through the tutorials, but have started to wonder about the chef 
server.

For example, If I have 20+ nodes connected to the chef server, all those 
nodes were set up via knife bootstrap, specifying a “node” name, "websrv01" 
or "dbsrv03"... Chef server crashes, and needs to be rebuilt. I reinstall the 
OS on the server, put on chef server, put on the run lists and put all the 
cookbooks back. 

How does the chef server identify some server running chef-client as node 
“websrv04"? How can I save away and restore that node information?