knife-backup icon indicating copy to clipboard operation
knife-backup copied to clipboard

Export not backing up client public keys

Open devryan opened this issue 8 years ago • 16 comments

When doing an export, the "public_key" value is null. Why is this? After I imported back to my new server, none of my original clients could check in

devryan avatar Mar 21 '16 22:03 devryan

@devryan can add more information how you use it. which chef versions etc. Users are a bit tricky.

pmoosh avatar Mar 21 '16 22:03 pmoosh

Sure, this is how I backed the clients + other up:

$ knife backup export roles nodes environments data_bags users clients -D /repo/www/chef-repo/backups/03-17-2016/ -c /home/osimage/local_chef/knife.rb

This is the JSON data for one of the clients (they're all like this):

$ cat /repo/www/chef-repo/backups/03-17-2016/clients/omitted.com.json {"name":"omitted.com","public_key":null,"validator":false,"admin":false,"json_class":"Chef::ApiClient","chef_type":"client"}[osimage@omitted local_chef]$

The knife config is an admin user, so I am not sure why it doesn't have the public key.

Chef client is 11.18.x on RedHat 6.6.

devryan avatar Mar 22 '16 00:03 devryan

@devryan thx - the server version would be helpful too.

pmoosh avatar Mar 22 '16 01:03 pmoosh

Note that I just tried the very same from latest git with the same issue.

Server version is private-chef-11.2.5-1.el6.x86_64

{ "name": "omitted.com", "public_key": null, "validator": false, "admin": false, "json_class": "Chef::ApiClient", "chef_type": "client" }{ "name": "omitted.com", "public_key": null, "validator": false, "admin": false, "json_class": "Chef::ApiClient", "chef_type": "client" }

devryan avatar Mar 22 '16 01:03 devryan

thx for the update will look into it. Might take a while though.

pmoosh avatar Mar 22 '16 05:03 pmoosh

Ok, any chance I am just using it wrong? What chef server/clients version is this mainly tested on?

Thanks for the quick answers :)

devryan avatar Mar 22 '16 18:03 devryan

@devryan - need to look into this one. Sorry

pmoosh avatar Mar 22 '16 18:03 pmoosh

@devryan I toyed around with it. The Server Version is 11.1.6 (a container image I found). client version was 12.8 so I need to change the code so it would. run. And it worked for me. I guess I need to get closer to the version you are using ...

And I assume the knife users show command works.

pmoosh avatar Mar 28 '16 23:03 pmoosh

I upgraded the Client to 12, with the server still on 11 to try that. Same issue, the public key is null.

Client version: 12.8.1

Did you mean "knife user list"? Yes that works, as does "knife client list"

devryan avatar Mar 29 '16 18:03 devryan

@devryan hmm... very busy at the moment. So with knife user/client show you see the key?

pmoosh avatar Mar 29 '16 18:03 pmoosh

No, no keys show up. I can't get it to show me any public keys for the clients. Do you happen to know another way of getting them?

Since clients are the only part not working, if I could export them some other way, that would be fine for me.

devryan avatar Mar 29 '16 18:03 devryan

You should see the public keys with simple knife user commands. As for Chef 12 there is a knife osc_user sub command.

pmoosh avatar Mar 29 '16 19:03 pmoosh

But we're not talking about users, we're talking about clients right? As for the clients I cannot see any public keys at all with any knife client commands.

devryan avatar Apr 01 '16 17:04 devryan

Okay, I got word back from Chef support on how to get the client keys. They said it's normal behavior for the public key not to be listed in "knife client show ". Maybe this is why knife-backup cannot get the keys. Was it ever able to get client keys?

They say the following is a way of getting the keys out of Postgres (I tested, it works). Maybe this could be incorporated into the plugin? It'd have to be a side script though, since it'd need to be run directly on the chef server where Postgres runs.

sudo su - opscode-pgsql bash psql opscode_chef

\d clients

\x

select name,public_key from clients; \q

devryan avatar Apr 04 '16 20:04 devryan

@devryan - so this gem is basically in maintenance mode, as knife-ed-backup is more powerful and supports ChefServer 12.

As far as the client keys - I am still very confused. I checked a backup I did last year and the client keys are there..... I am just very busy at the moment.

pmoosh avatar Apr 05 '16 15:04 pmoosh

Any update on the client keys? Running chef-server 12.11.1

buererra avatar Jan 06 '17 22:01 buererra