I'm using chef-server to manage resources deployed on AWS. But when I want a new node, I don't like waiting the 30+ minutes it takes for a full chef run to install everything. So I've created an AMI with a recent snapshot of the machine after convergence, which avoids 95% of the startup time.
The problem is that the machine's identity gets cached in the AMI. So I end up with multiple physical machines all running as the same "node" in chef. What I'd like is for the new machine to re-register with the chef server once it boots up.
Is there some way I can erase the node's chef-server registration info before snapshotting the AMI such that it will register with the server as a new node once it turns on after cloning the AMI? I know I'll need to leave some set of private keys on there, which I'm fine with, but I'm not sure which ones.
Thanks!
Best Answer
You have to delete
/etc/chef/client.pem
and remove the node_name method from/etc/chef/client.rb
in your template AMI. However, leave/etc/chef/validation.pem
in place in order for the new server to be able to register itself.If you want to immediately register the node in chef after first boot, try adding a script in
/etc/rc.local
that runs thechef-client
and then removes itself from/etc/rc.local
.For clean node registration purposes, either run chef-client in the script with -o to define a custom runlist (and -N, -E to resemble a knife bootstrap provisioning mode) or use
/etc/chef/first-boot.json
with your runlist such as: