Export not backing up client public keys

[devryan]

When doing an export, the "public_key" value is null. Why is this? After I imported back to my new server, none of my original clients could check in

[pmoosh]

@devryan can add more information how you use it. which chef versions etc. Users are a bit tricky.

[devryan]

Sure, this is how I backed the clients + other up:

$ knife backup export roles nodes environments data_bags users clients -D /repo/www/chef-repo/backups/03-17-2016/ -c /home/osimage/local_chef/knife.rb

This is the JSON data for one of the clients (they're all like this):

$ cat /repo/www/chef-repo/backups/03-17-2016/clients/omitted.com.json
{"name":"omitted.com","public_key":null,"validator":false,"admin":false,"json_class":"Chef::ApiClient","chef_type":"client"}[osimage@omitted local_chef]$

The knife config is an admin user, so I am not sure why it doesn't have the public key.

Chef client is 11.18.x on RedHat 6.6.

[pmoosh]

@devryan thx - the server version would be helpful too.

[devryan]

Note that I just tried the very same from latest git with the same issue.

Server version is private-chef-11.2.5-1.el6.x86_64

{
"name": "omitted.com",
"public_key": null,
"validator": false,
"admin": false,
"json_class": "Chef::ApiClient",
"chef_type": "client"
}{
"name": "omitted.com",
"public_key": null,
"validator": false,
"admin": false,
"json_class": "Chef::ApiClient",
"chef_type": "client"
}

[pmoosh]

thx for the update will look into it. Might take a while though.

[devryan]

Ok, any chance I am just using it wrong? What chef server/clients version is this mainly tested on?

Thanks for the quick answers :)

[pmoosh]

@devryan - need to look into this one. Sorry

[pmoosh]

@devryan I toyed around with it. The Server Version is 11.1.6 (a container image I found).
client version was 12.8 so I need to change the code so it would. run. And it worked for me.
I guess I need to get closer to the version you are using ...

And I assume the knife users show command works.

[devryan]

I upgraded the Client to 12, with the server still on 11 to try that. Same issue, the public key is null.

Client version: 12.8.1

Did you mean "knife user list"? Yes that works, as does "knife client list"

[pmoosh]

@devryan hmm... very busy at the moment.
So with knife user/client show you see the key?

[devryan]

No, no keys show up. I can't get it to show me any public keys for the clients. Do you happen to know another way of getting them?

Since clients are the only part not working, if I could export them some other way, that would be fine for me.

[pmoosh]

You should see the public keys with simple knife user commands. As for Chef 12 there is a knife osc_user sub command.

[devryan]

But we're not talking about users, we're talking about clients right? As for the clients I cannot see any public keys at all with any knife client commands.

[devryan]

Okay, I got word back from Chef support on how to get the client keys. They said it's normal behavior for the public key not to be listed in "knife client show ". Maybe this is why knife-backup cannot get the keys. Was it ever able to get client keys?

They say the following is a way of getting the keys out of Postgres (I tested, it works). Maybe this could be incorporated into the plugin? It'd have to be a side script though, since it'd need to be run directly on the chef server where Postgres runs.

sudo su - opscode-pgsql
bash
psql opscode_chef

\d clients

\x

select name,public_key from clients;
\q

[pmoosh]

@devryan - so this gem is basically in maintenance mode, as knife-ed-backup is more powerful and supports ChefServer 12.

As far as the client keys - I am still very confused. I checked a backup I did last year and the client keys are there..... I am just very busy at the moment.

[buererra]

Any update on the client keys? Running chef-server 12.11.1