Information Technology Reference
In-Depth Information
Right now, if you run
knife client list
, note that
devhost
isn't in our list of clients.
Chef Server doesn't know it has a client key that allows it to store data on the server from its
chef-client
runs nor does it know that
devhost
is a node. Both of these conditions are re-
quired for a node to access encrypted data with
chef-vault
:
$
knife client list
chef-validator
chef-webui
$
knife node list
NOTE
The node list must be blank for this exercise to work, as the fake nodes we created in
Chapter 11
do not have accompanying client keys. If you see nodes listed, start and stop
the
chef-zero
server to clear them out.
Generate a new private/public client key pair for your Development Workstation, which we
call
devhost
in
chef-playground/.chef/knife.rb
. Since
chef-zero
doesn't check the contents
of the
chef-playground/.chef/devhost.pem
file, it doesn't matter if we regenerate it. However,
when we regenerate the client key, it ensures that a matching public key is stored on Chef
Server, which does matter. Run the following command to regenerate the client key.
$
knife client create devhost --admin --disable-editing --file .chef/devhost.pem
Created client[devhost]
The
--admin
option lets the client run the APIs behind the
knife client show
and
knife
node commands
on other nodes besides its own node. By default,
knife client create
displays the client info in an editor to allow tweaking before a
client.pem
is generated. In our
case, however, the defaults are fine, so we just pass in
--disable-editing
. The
--file
op-
tion writes the
client.pem
out to the specified filename:
Now if you run
knife client list
, the
devhost
machine shows up:
$
knife client list
chef-validator