Skip to content

Instantly share code, notes, and snippets.

@slyness

slyness/rename_node.md

Last active November 11, 2023 18:09
Show Gist options
  • Star 5 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save slyness/1011cf679e6fe5eb32da to your computer and use it in GitHub Desktop.
Save slyness/1011cf679e6fe5eb32da to your computer and use it in GitHub Desktop.
Download ZIP
Rename a Chef Node
Raw
rename_node.md

How to rename a chef node

  1. Edit existing node name. Update name and save. Chef will copy the node and create a new client entry.
knife node edit oldnode
  1. ssh to node
  2. Change hostname and dns information
  3. stop chef-client sudo service chef-client stop
  4. Change to /etc/chef cd /etc/chef
  5. mv existing client.pem file to client-oldnode.pem
  6. make sure validation.pem file exists for chef organization
  7. edit client.rb update node_name "newnode"
  8. run chef sudo chef-client
  9. "Net::HTTPServerException: 403 "Forbidden"" I had to log into manage and check mark the permission to let clients update. Permissions
  10. run chef sudo chef-client
Chef Client Finished
  1. restart chef-client sudo service chef-client restart
  2. Delete original node
chef-repo ‹master*› » knife node delete db02 -y; knife client delete db02 -y;
Deleted node[db02]
Deleted client[db02]
@ColdPain
Copy link

  1. "Net::HTTPServerException: 403 "Forbidden"" :
  • knife show acls/nodes/<new_node_name> to show node permissions.

Output example (where vandis_w is the chef user I used to rename the Chef node):

[...]
"update": {
    "actors": [
      "pivotal",
      "vandis_w"
    ],
    "groups": [
      "admins",
      "users"
    ]
  },
[...]

You must replace all the vandis_woccurrences with the new node name.
To do so, use the command knife edit acls/nodes/<new_node_name>.

You can check old/other node(s) permissions (knife show acls/nodes/<old_node_name>) to be sure.

I hope this will help some people.

@feld
Copy link

feld commented Nov 11, 2023

There's an easier way that doesn't require a new key for the client and you keep all the old node attributes etc.

  1. Make a copy of the node with the new name: knife node edit OLD_NODE. Rename the node here and save. This makes a copy of the original node.
  2. Backup original client's public key knife client key show OLD_NODE default -F json | jq -r ."public_key" > OLD_NODE.pem
  3. Generate a new client with that public key: knife client create -p ./OLD_NODE.pem NEW_NODE
  4. Update ACL for the new client: knife acl add group clients nodes NEW_NODE update,read
  5. Update /etc/chef/client.rb to specify the new node name
  6. Now chef-client runs as normal, the node has been renamed.

Feel free to delete the old client and node at your leisure.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment