Getting a chef node to re-register a new identity with the server


I'm using chef-server to manage resources deployed on AWS. But when I want a new node, I don't like waiting the 30+ minutes it takes for a full chef run to install everything. So I've created an AMI with a recent snapshot of the machine after convergence, which avoids 95% of the startup time.

The problem is that the machine's identity gets cached in the AMI. So I end up with multiple physical machines all running as the same "node" in chef. What I'd like is for the new machine to re-register with the chef server once it boots up.

Is there some way I can erase the node's chef-server registration info before snapshotting the AMI such that it will register with the server as a new node once it turns on after cloning the AMI? I know I'll need to leave some set of private keys on there, which I'm fine with, but I'm not sure which ones.


Best Answer

You have to delete /etc/chef/client.pem and remove the node_name method from /etc/chef/client.rb in your template AMI. However, leave /etc/chef/validation.pem in place in order for the new server to be able to register itself.

If you want to immediately register the node in chef after first boot, try adding a script in /etc/rc.local that runs the chef-client and then removes itself from /etc/rc.local.

For clean node registration purposes, either run chef-client in the script with -o to define a custom runlist (and -N, -E to resemble a knife bootstrap provisioning mode) or use /etc/chef/first-boot.json with your runlist such as:

  "run_list": [