Reputation: 85
Is there a non-interactive way to regenerate OSS chef 11 validator key?
I'm working on a method of periodically re-generating the chef-validator key from an OSS chef installation so I can upload it to an AWS bucket I'm setting up for CloudFormation bootstrapping of new Chef clients.
I'd like to write some small (ideally) bash script which I can run via cron or on demand, or if a key compromise is suspected, to do the following: 1. Re-generate the chef-validator key 2. Upload the new validator to an S3 bucket for use by new clients when I bootstrap them via a custom CloudFormation UserData script
I can trigger the creation of a new validator from this URL, I think, interactively:
https://chef.example.com/clients/chef-validator/edit
where I can check the box to regenerate the private key.
Is there a way to do this via an API call which can be wrapped in a bash script, so it can run non-interactively in a cron-driven script? Would love to see code if anyone's done this.
Thanks!
Upvotes: 2
Views: 137
Answers (1)
Reputation: 7585
Try knife client reregister chef-validator -f validator.pem. It will regenerate the private and public key of the chef client chef-validator and store the private key to file validator.pem.
See knife client reference for details.
Upvotes: 1
Related Questions
- Chef clients and validators
- Can we automate updating the chef node attributes?
- How to rerun a recipe when something is changed in data bag without logging in to chef-client machine
- Any way to generate and get validation key from chef server?
- OpsWorks for Chef Automate and Chef validator-key
- chef refresh automatic attribute without a chef-client run
- Chef server password reset
- Validatorless Bootstraps in chef 12.2.0
- Chef vault refresh all
- Chef 11 Regenerate validation key