Amazon VPC with Chef server in a separate VPC

This week I had to create a separate AWS account for an specific platform - isolated from the Chef server's network, accounting purposes. Since being at it, the new AWS account would have several VPCs with different environments (staging, live).

First complication with this is that the command knife ssh won't work for the servers in the new account. As long as the nodes have internet access they will be able to register into Chef and install the recipes all right, but they will register with the following information:

$ knife node show dev-http-01Node Name:   dev-http-01
Environment: _default
FQDN:   ip-10-0-1-89.us-west-2.compute.internal  <---****
IP:          10.0.1.89 <---****
Run List:    role[dev]
Roles:       dev
Recipes:     chef-client, keys-us-west-2, autoupdate_apt, ntp, Deploy_package_apache2-latest
Platform:    ubuntu 14.04
Tags:        

With my VPC settings (using amazon DNS and DHCP servers), even tho an elastic IP has been assigned it will register itself with the internal address.

One approach would be create a proxy or vpn connection to the chef server, so it can talk to this internal network. However I just need to knife ssh into a few hosts, so I created this Chef recipe that updates the FQDN with the actual external IP:

$ cat Deploy_script_setIP_VPC/recipes/default.rb #
# Cookbook Name:: Deploy_script_setIP_VPC
# Recipe:: default
#
# No Copyright
# Andres Martin andreu.antonio@gmail.com
template "/etc/init.d/if-config" do
 source "if-config.erb"
 owner "root"
 group "root"
 mode "754"
end
service "if-config" do
      supports :restart => true, :start => true, :stop => true, :reload => true
      action [ :enable, :start]
    end

$ cat Deploy_script_setIP_VPC/templates/default/if-config.erb
#!/bin/sh
case $1 in
        start)
        URL="http://ifconfig.me/"
        IP=`curl $URL`
        if [ -n "`nslookup $IP`" ]; then
                echo "IP resolved to $IP, setting hostname..."
                name=`nslookup $IP | awk '{ print $4 }' | grep amazonaws.com | cut -d "." -f 1`
                hostname $name
                fi
        ;;
        stop)
        echo "this won't work..."
        ;;
        *)
        echo "Only for start"
        ;;
esac

This script relies on the public service ifconfig.me (thanks guys for this website). The output should change as soon as the Chef client contacts Chef again:

$ knife node show dev-http-01Node Name:   dev-http-01
Environment: _default
FQDN:  ec2-XX-XX-XX-XX.us-west-2.compute.amazonaws.comIP:          10.0.1.89
Run List:    role[dev]
Roles:       dev
Recipes:     chef-client, keys-us-west-2, autoupdate_apt, ntp, Deploy_package_apache2-latest
Platform:    ubuntu 14.04
Tags:      

This script shouldn't be used in critical services tho - is not foolproof, just a quick fix for a certain scenario.