Backup and restore Chef server 12
Before moving a Chef server into production I needed to make sure that I’m able to perform a backup and restore.
There is a great gem called knife-backup but from what I understand it isn’t able to copy user keys or the validator key so, as long as you don’t mind replacing those when restoring its an easy solution.
There are instructions in the Chef documentation for backup & restoring the server however they leave a few key points out. Below is my working and tested backup and restore procedure using Ubuntu 14.10 but should work for other distros.
Chef Server Backup
This part is easy and pretty much as its described in the documentation but with some modifications to work in a script.
1 2 3 4 5 6 7 8 9 10 11 |
#!/bin/bash export DATETIME=`date '+%Y-%m-%d-%H-%M-%S'` # Dump postgres database su - opscode-pgsql -m -s /bin/bash -c "/opt/opscode/embedded/bin/pg_dumpall -c | gzip --fast > /tmp/postgresql-dump-$DATETIME.gz" # Sync data to make sure everything in memory is written to disk # Tar up the relevant chef directories /etc/opscode, /var/opt/opscode and include the postgres backup sync sudo tar cvzfp /tmp/var-opt-opscode-$DATETIME.tar.gz /etc/opscode /var/opt/opscode /tmp/postgresql-dump-$DATETIME.gz |
Chef Server Restore
Perform the below commands as root unless otherwise specified
- hostname chef-server.your-domain.com
- echo “x.x.x.x chef-server.your-domain.com chef-server”
- dpkg -i chef-server-core_12.0.8-1_amd64.deb
- chef-server-ctl reconfigure
- chef-server-ctl install opscode-manage
- chef-server-ctl stop
- export THEDATE=<timestamp-on-backup>
- tar xvfzp var-opt-opscode-$THEDATE.tar.gz –exclude=’var/opt/opscode/drbd/data/postgresql_9.2′ -C /
- chef-server-ctl start postgresql
- su – opscode-pgsql -p
Ignore “-su: /root/.bash_profile: Permission denied” - gunzip -c /tmp/postgresql-dump-$THEDATE.gz | /opt/opscode/embedded/bin/psql -U “opscode-pgsql” -d postgres
- exit (back to root)
- mkdir -p /etc/pki/tls/private
- copy cer and key files to private directory
- configure SSL certificate
cat >/etc/opscode/chef-server.rb <<EOL
nginx[‘ssl_certificate’] = “/etc/pki/tls/private/your-signed-certificate.cer”
nginx[‘ssl_certificate_key’] = “/etc/pki/tls/private/your-certificate-key.key”
nginx[‘ssl_ciphers’] = “HIGH:MEDIUM:!LOW:!kEDH:!aNULL:!ADH:!eNULL:!EXP:!SSLv2:!SEED:!CAMELLIA:!PSK”
nginx[‘ssl_protocols’] = “TLSv1 TLSv1.1 TLSv1.2”
EOL - chef-server-ctl start
- change rabbitmq user passwords
- Update the following file /opt/opscode/embedded/bin/rabbitmq-defaults
replaceERL_DIR=
with ERL_DIR=dirname $0
/ - grep -A 1 -E ‘(user”: “chef”,|actions_user”: “actions”,|jobs_user”: “jobs”,)’ /etc/opscode/chef-server-running.json
- run the following command for each user and password outputted from the above command
- /opt/opscode/embedded/bin/rabbitmqctl change_password <user> <password>
- Update the following file /opt/opscode/embedded/bin/rabbitmq-defaults
- chef-server-ctl reconfigure
- opscode-manage-ctl reconfigure
Done!
Thank you for this guide, this saved me hours of frustration!