On 7/13/2015 4:41:03 PM, o haya < > wrote:
Hi,
Once I had clicked that starter kit button, did generate some new key or keys inside the Chef server itself, so the PEMs that were on the workstation before that are all invalidated at that point?
What about the Chef nodes? Are there keys/PEMs that need to be replaced on all the nodes now also? I think that when I tried a chef-client run after I did the starter kit button that I was getting 401 errors also, so I guess there must be something on the nodes that needs to be replaced?
Jim
--------------------------------------------
On Mon, 7/13/15, Galen Emery < > wrote:
Subject: Re: [chef] Re: Re: HELP! I think that I really messed up Chef configuration :(!!
To: "o haya" < >
Cc: , "Galen Emery" < >, "Steven Murawski" < >
Date: Monday, July 13, 2015, 5:22 PM
In short,
yes.
The key piece is that
knife looks for a .chef folder and a knife.rb inside of it,
that tells it which server to talk to and what user to
authenticate as.
You can
either generate new ones, or copy/move your repository from
one workstation to another.
On Mon, Jul 13, 2015 at
2:13 PM, o haya < >
wrote:
Hi,
Thanks.
As I said in the 2nd msg (or 3rd) I think that conceptually,
I thought that "oh, I want a new/different
workstation", so I basically just followed the steps
that I did when I did the initial workstation (including
creating the new starter kit). I didn't realize that
in doing that, I was basically wiping out the original
configuration (if I'm understanding what you and Steven
are trying to explain).
Is that correct?
Going back, I wasn't necessarily looking for a new
workstation.. it was more that I just wanted the workstation
to be on a different machine, because of some reasons I had
in my testing.
Given all that, could I just have move the whole chef-repo
directory from the original machine to the new (the AD
machine) machine instead of generating the new starter,
etc., or instead of doing generating a new knife.rb, and the
other two PEMs?
In other words, could I just have:
- Ran the ChefDK installer on the AD machine, then
- Copied the c:\users\Administrator\chef-repo
directory from the original Chef workstation to the
c:\user\Admiistrator\chef-repo directory on the
AD machine?
Thanks,
Jim
--------------------------------------------
On Mon, 7/13/15, Galen Emery < >
wrote:
Subject: [chef] Re: Re: HELP! I think that I really messed
up Chef configuration :(!!
To:
Cc: "Steven Murawski" < >,
Date: Monday, July 13, 2015, 5:04 PM
Jim,
To create a new Chef
Workstation there's a couple different options
rather
than using the starter kit.
At the end of the day, the workstation needs
these things inside a .chef folder:
1) knife.rb file with the correct user and
server to talk to.
2) user.pem for that
user.3*) organization-validator.pem (for
old-style
bootstraps)
You can generate the knife.rb file from the
Manage UI, or just copy it from your current
workstation.
You can
either copy your pem file around, or create a new user
for
your separate workstation. To create a new
user: 1. Go to the signup page (http://chefserver/signup)
and create a new user.
2. Sign in as your
other user and invite the new one to the organization
and
assign whatever rights you wish.
3. Log in
as new user and accept the invite.
4.
Generate key-pair for new user and stick in the .chef
directory.
To create a new
validator key (If you don't use the validator-style
bootstraps, then you don't need to do this), go into
the
Manage UI > Policy > Clients > Create New
(Select
Validation Client). This will give you a new
validator
client to work with.
Hope
that helps!
On Mon, Jul 13, 2015 at
1:51 PM, o haya < >
wrote:
Hi,
Also, from some reading, it seems like, with regards to
the
keys, I should not have clicked that starter kit button
and
gotten a new ZIP file?
So what SHOULD I have done when I wanted to create the
"new" Chef workstation?
Thanks again,
Jim
--------------------------------------------
On Mon, 7/13/15, o haya < >
wrote:
Subject: Re: [chef] HELP! I think that I really
messed
up Chef configuration :(!!
To: ,
"Steven Murawski" < >
Cc:
Date: Monday, July 13, 2015, 4:41 PM
Hi Steven,
Wow! Thanks - I think this
was very helpful (but still not sure):
Re. the knife:
The original one, that is kind of working
still, but broken now:
PS
C:\Users\Administrator\chef-repo>
get-command knife |
format-list *
HelpUri :
FileVersionInfo : File:
C:\opscode\chefdk\bin\knife.bat
InternalName:
OriginalFilename:
FileVersion:
FileDescription:
Product:
ProductVersion:
Debug: False
Patched: False
PreRelease: False
PrivateBuild: False
SpecialBuild: False
Language:
Path :
C:\opscode\chefdk\bin\knife.bat
Extension
: .bat
Definition
:
C:\opscode\chefdk\bin\knife.bat
Visibility : Public
OutputType :
{System.String}
Name
: knife.bat
CommandType
: Application
ModuleName
:
Module
:
RemotingCapability :
PowerShell
Parameters
:
ParameterSets :
The new one, which doesn't work at all:
C:\Users\Administrator\chef-repo>exit
PS C:\Users\Administrator\chef-repo>
get-command knife | format-list *
HelpUri :
FileVersionInfo : File:
c:\opscode\chef\bin\knife.bat
InternalName:
OriginalFilename:
FileVersion:
FileDescription:
Product:
ProductVersion:
Debug: False
Patched: False
PreRelease: False
PrivateBuild: False
SpecialBuild: False
Language:
Path :
c:\opscode\chef\bin\knife.bat
Extension
: .bat
Definition
: c:\opscode\chef\bin\knife.bat
Visibility : Public
OutputType :
{System.String}
Name
: knife.bat
CommandType
: Application
ModuleName
:
Module
:
RemotingCapability :
PowerShell
Parameters
:
ParameterSets :
So it does look like on the "new"
one, I'm picking up the knife from a Chef client,
and
not from the Chef DK?
Is
that correct?
How can I fix that? Should I just uninstall
the Chef client from that machine (this is the AD
machine,
which did have a Chef client on it originally)?
Re. the PEMS, can you clarify
what you meant when you said:
"so you'll need to replace those
with
the ones from the most recent starter
kit"
Which are "those" and where do I get
"the ones from the most recent starter kit"
(specifically)?
Thanks again!
Jim
--------------------------------------------
On Mon, 7/13/15, Steven Murawski < >
wrote:
Subject: Re: [chef]
HELP! I think that I really messed up Chef
configuration
:(!!
To:
Cc: "o haya" < >
Date: Monday, July 13, 2015, 4:05 PM
So, when you requested the
starter kit, your previous user pem and
validation.pem
were invalidated, so you'll need to
replace those with
the ones from the most
recent starter kit.
The second part could
be a couple of
things. Do you have
another install of Chef on the system?
If
you have a Chef Client install as well, you may be
resolving knife from that install rather than
ChefDK. (and
each will have their own
copy of the various gems). You
can test
that from PowerShell by using Get-Command knife |
format-list * and checking out the path it is
coming
from.
Steve
Steven MurawskiCommunity Software Development
Engineer @
ChefMicrosoft MVP -
PowerShell
http://stevenmurawski.com
On 7/13/2015 2:52:27
PM, o haya
< >
wrote:Hi,
I originally had the
following
configuration:
Chef
Server (CENTOS 6.6)
Chef
Workstation (Windows 2008 w/ChefDK
installed)
Test AD
(Windows 2008)
Test Nodes
(Windows 2008)
..
..
I
(probably stupidly) decided that I want
to
put the Chef Workstation on the Test AD machine.
I'll try to describe what I've done,
but things are
so messed up at this point,
I'm not sure exactly
what's going
on or what I did.
So, I ran the ChefDK
installer on the AD
machine. Then, I
think I got the quickstart ZIP from the
Chef server, and I unzipped in in the chef-repo
directory
on
the AD machine.
After
that, basically nothing worked.
The first
thing I ran into was that the
Chef-client
(the nodes) could not register anymore, getting
401 errors when i try to run chef-client on
them.
So then, I thought I should try to
re-bootstrap the nodes but I can't seem to
get the
knife-windows to work on the new
Chef workstation.
I run "chef gem
install
knife-windows" in the
chef-repo directory, but then
when I try to
run "knife bootstrap windows winrm "
it says that the host I'm trying to
bootstrap is
"windows".
I think that I have some OVAs that I backed
up from earlier, so I'm going to try to
see if I can
restore them, but can anyone
tell me or point me to what
went wrong?
Is there just no way to "move" the
Chef Workstation or make a 2nd instance once
it's
installed? It seems like all the
pieces (the nodes, the
Chef server and the
workstation) are permanently linked
together?
Thanks,
Jim
--
Galen
Emery
> > > > > > > > > > > > >
Archive powered by MHonArc 2.6.16.