Information Technology Reference
In-Depth Information
Right now, if you run knife client list , note that devhost isn't in our list of clients.
Chef Server doesn't know it has a client key that allows it to store data on the server from its
chef-client runs nor does it know that devhost is a node. Both of these conditions are re-
quired for a node to access encrypted data with chef-vault :
$ knife client list
chef-validator
chef-webui
$ knife node list
NOTE
The node list must be blank for this exercise to work, as the fake nodes we created in
Chapter 11 do not have accompanying client keys. If you see nodes listed, start and stop
the chef-zero server to clear them out.
Generate a new private/public client key pair for your Development Workstation, which we
call devhost in chef-playground/.chef/knife.rb . Since chef-zero doesn't check the contents
of the chef-playground/.chef/devhost.pem file, it doesn't matter if we regenerate it. However,
when we regenerate the client key, it ensures that a matching public key is stored on Chef
Server, which does matter. Run the following command to regenerate the client key.
$ knife client create devhost --admin --disable-editing --file .chef/devhost.pem
Created client[devhost]
The --admin option lets the client run the APIs behind the knife client show and knife
node commands on other nodes besides its own node. By default, knife client create
displays the client info in an editor to allow tweaking before a client.pem is generated. In our
case, however, the defaults are fine, so we just pass in --disable-editing . The --file op-
tion writes the client.pem out to the specified filename:
Now if you run knife client list , the devhost machine shows up:
$ knife client list
chef-validator
Search WWH ::




Custom Search