Browse By

Backup and restore Chef server 12

Before moving a Chef server into production I needed to make sure that I’m able to perform a backup and restore.

There is a great gem called knife-backup but from what I understand it isn’t able to copy user keys or the validator key so, as long as you don’t mind replacing those when restoring its an easy solution.

There are instructions in the Chef documentation for backup & restoring the server however they leave a few key points out. Below is my working and tested backup and restore procedure using Ubuntu 14.10 but should work for other distros.

Chef Server Backup

This part is easy and pretty much as its described in the documentation but with some modifications to work in a script.

Chef Server Restore

Perform the below commands as root unless otherwise specified

  1. hostname
  2. echo “x.x.x.x chef-server”
  3. dpkg -i chef-server-core_12.0.8-1_amd64.deb
  4. chef-server-ctl reconfigure
  5. chef-server-ctl install opscode-manage
  6. chef-server-ctl stop
  7. export THEDATE=<timestamp-on-backup>
  8. tar xvfzp var-opt-opscode-$THEDATE.tar.gz –exclude=’var/opt/opscode/drbd/data/postgresql_9.2′ -C /
  9. chef-server-ctl start postgresql
  10. su – opscode-pgsql -p
    Ignore “-su: /root/.bash_profile: Permission denied”
  11. gunzip -c /tmp/postgresql-dump-$THEDATE.gz | /opt/opscode/embedded/bin/psql -U “opscode-pgsql” -d postgres
  12. exit (back to root)
  13. mkdir -p /etc/pki/tls/private
  14. copy cer and key files to private directory
  15. configure SSL certificate
    cat >/etc/opscode/chef-server.rb <<EOL
    nginx[‘ssl_certificate’] = “/etc/pki/tls/private/your-signed-certificate.cer”
    nginx[‘ssl_certificate_key’] = “/etc/pki/tls/private/your-certificate-key.key”
    nginx[‘ssl_ciphers’] = “HIGH:MEDIUM:!LOW:!kEDH:!aNULL:!ADH:!eNULL:!EXP:!SSLv2:!SEED:!CAMELLIA:!PSK”
    nginx[‘ssl_protocols’] = “TLSv1 TLSv1.1 TLSv1.2”
  16. chef-server-ctl start
  17. change rabbitmq user passwords
    1. Update the following file /opt/opscode/embedded/bin/rabbitmq-defaults
      replace ERL_DIR= with ERL_DIR=dirname $0/
    2. grep -A 1 -E ‘(user”: “chef”,|actions_user”: “actions”,|jobs_user”: “jobs”,)’ /etc/opscode/chef-server-running.json
    3. run the following command for each user and password outputted from the above command
    4. /opt/opscode/embedded/bin/rabbitmqctl change_password <user> <password>
  18. chef-server-ctl reconfigure
  19. opscode-manage-ctl reconfigure


One thought on “Backup and restore Chef server 12”

  1. Wynn says:

    Thank you for this guide, this saved me hours of frustration!

Leave a Reply

Your email address will not be published. Required fields are marked *