Migrate your data off of Hosted Chef to a private Chef server

There are various assumptions made here, please carefully take these into account as this may not be a one-size-fits-all.

• This is migrating Basic data only (cookbooks, environments, roles, data_bags, nodes, clients, acls)
  • containers, cookbook_artifacts, groups, policies, policy_groups are not included in this document
• You utilize an admin user with full privileges on both Chef servers
• The end goal is to only have to change chef_server_url in each node's client.rb - keeping existing client certificates.
• You are prepared to be responsible for your own organization's Chef Server. That server is already monitored (OS + Chef services), backed up, you have ensured network routing from clients -> your Chef Server works, you can manage a linux system, capacity is appropriately planned and accounted for, and it is tuned for the number of clients you're migrating to it.

chef generate repo migration-repo

Reference an admin user with full privileges.

cd migration-repo

cat <<EOF> knife_src_server.rb
current_dir = File.dirname(__FILE__)
chef_server_url          "https://manage.chef.io/organizations/jeremyinc"
node_name                "jmillerv2"
client_key               "#{current_dir}/jmillerv2.pem"
versioned_cookbooks true

EOF

cat <<EOF> knife_dst_server.rb
current_dir = File.dirname(__FILE__)
chef_server_url          "https://my.company.com/organizations/lob1"
node_name                "jmex2"
client_key               "#{current_dir}/jmex2.pem"
versioned_cookbooks true

EOF

Take care to reference the chef-repo-path created above.

knife download --chef-repo-path ~/Devel/ChefProject/migration-repo -c knife_src_server.rb /

knife upload --chef-repo-path ~/Devel/ChefProject/migration-repo -c knife_dst_server.rb /cookbooks
knife upload --chef-repo-path ~/Devel/ChefProject/migration-repo -c knife_dst_server.rb /data_bags
knife upload --chef-repo-path ~/Devel/ChefProject/migration-repo -c knife_dst_server.rb /environments
knife upload --chef-repo-path ~/Devel/ChefProject/migration-repo -c knife_dst_server.rb /roles
knife upload --chef-repo-path ~/Devel/ChefProject/migration-repo -c knife_dst_server.rb /nodes
knife upload --chef-repo-path ~/Devel/ChefProject/migration-repo -c knife_dst_server.rb /clients
knife upload --chef-repo-path ~/Devel/ChefProject/migration-repo -c knife_dst_server.rb /acls

At this stage, you should have all the base data on the target Chef Server. Take one node from your fleet that you are comfortable testing with and change chef_server_url in the client.rb file, pointing it at the new target Chef Server.

Trigger a chef-client run on that node - it should converge without issue. If it is successful, make the client.rb change on the rest of your fleet in stages (via cookbook_file, template_file or chef-client cookbook) - ensuring that nodes are checking in on schedule.