docwhat's avatardocwhat's blog

How to rename a Chef node

In Chef the node_name is for human usage. By default it is set to the fqdn. Which is annoying for typing.

In my network, all hosts have the same domain name. However, we knife bootstraped this one system without setting the node name with the -N flag.

Therefore I wanted to rename the nodes. With some experimentation, I figured it out.

Example

Let’s say I have a node called george.example.com but I want to change the node name to just george.

  1. knife node edit 'george.example.com'

    • Change the node_name to george (deleting the .example.com)
    • When you’re done, knife will say it is making a copy.
  2. knife node delete 'george.example.com'
  3. knife client delete 'george.example.com'
  4. knife client create -d 'george'

    • Copy the newly created private key.
  5. Connect to george.example.com as root/Administrator.
  6. Paste the new private key into /etc/chef/client.pem.
  7. Edit /etc/chef/client.rb

    • Either add or edit the node_name line exists, changing it to node_name "george"
    • Alternatively, if you use the chef-client cookbook (recommended!) run chef-client -N george and it’ll update client.rb for you.
  8. If you use the chef-client daemon, restart it: /etc/init.d/chef-client restart

That’s it!

It’s important to understand that nodes and clients are tied together only via their names. The node contains the status, etc. The client only contains the public key that is needed for communicating.

You can’t rename or copy clients. So you have to delete it and recreate it with a new name. knife client create command generates a new private and public key. You have to save private key and put it on the client server because the chef-server doesn’t store it.

If you ever lose the private key for a client, you can use knife client reregister to regenerate the private key again.

Ciao!

Comments

Gravatar for alex varju
Alex Varju

Very helpful, thank you. In my case, I ran into a permission error after the rename. I fixed this by grabbing the permissions from the old node before deleting (knife show /acl/nodes/george.example.com) and then setting the permissions afterwards (knife edit /acl/nodes/george).

Gravatar for docwhat
docwhat

Yeah, the new Chef 12 stuff has new ACL stuff that doesn’t play as well with the command line tools anymore. :-( I’m hoping they sort it out. Thanks for the info!

Gravatar for jesse
jesse

On chef 12, you can copy the new client key into place on the target node, then run the knife node edit / rename on the target node, then the new node gets created with the right permissions

Gravatar for andrius
Andrius

Thanks for the post!

If you are using ACL and want to automate this:

  1. Create new client and upload certificate to the server knife client create -d george

  2. Upload certificate to the george server “/etc/chef/client.pem”

  3. Run script: for ss in george; do knife download “nodes/${ss}.example.com.json” [ $? -eq 0 ] && sed -i “/”name”: ”/ s/${ss}.example.com/${ss}/g” “nodes/${ss}.example.com.json” [ $? -eq 0 ] && mv “nodes/${ss}.example.com.json” “nodes/${ss}.json” [ $? -eq 0 ] && knife upload “nodes/${ss}.json” [ $? -eq 0 ] && knife node delete ${ss}.example.com -y [ $? -eq 0 ] && knife client delete ${ss}.example.com -y done

Submit a Comment

docwhat

The personal blog of Christian Höltje.
docwhat docwhat contact