← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1817082] [NEW] [RFE] Please add encrypted_data_bag_secret to client.rb.tmpl in cc_chef

 

Public bug reported:

This is a request to add support for the client configuration option
"encrypted_data_bag_secret" in `chef_client.rb.tmpl` and the `chef`
configuration block.

Use Case:

Enable cloud-init to manage Chef deployments where encrypted data bags
are in use. The path to the secrets can be configured with Cloud init,
while the secrets files themselves can be supplied via an external
facility (e.g., Barbican, Vault).

Example:

# cloud-init
chef:
   install_type: "packages"
   server_url: https://api.opscode.com/organizations/myorg
   environment: dev
   validation_name: dev-validator
   validation_cert: dev-validator.pem
   run_list: role[db]
   encrypted_data_bag_secret: /etc/chef/encrypted_data_bag_secret

=>

# /etc/chef/client.rb
log_level              :info
log_location           "/var/log/chef/client.log"
ssl_verify_mode        :verify_none
validation_client_name "dev-validator"
validation_key         "/etc/chef/validation.pem"
client_key             "/etc/chef/client.pem"
chef_server_url        "https://api.opscode.com/organizations/myorg";
environment            "dev"
node_name              "5a2f89c3-da3a-4c83-85d8-cbc8fa63f429"
json_attribs           "/etc/chef/firstboot.json"
file_cache_path        "/var/cache/chef"
file_backup_path       "/var/backups/chef"
pid_file               "/var/run/chef/client.pid"
Chef::Log::Formatter.show_time = true
encrypted_data_bag_secret "encrypted_data_bag_secret"

Thanks,
Eric

** Affects: cloud-init
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to cloud-init.
https://bugs.launchpad.net/bugs/1817082

Title:
  [RFE] Please add encrypted_data_bag_secret to client.rb.tmpl in
  cc_chef

Status in cloud-init:
  New

Bug description:
  This is a request to add support for the client configuration option
  "encrypted_data_bag_secret" in `chef_client.rb.tmpl` and the `chef`
  configuration block.

  Use Case:

  Enable cloud-init to manage Chef deployments where encrypted data bags
  are in use. The path to the secrets can be configured with Cloud init,
  while the secrets files themselves can be supplied via an external
  facility (e.g., Barbican, Vault).

  Example:

  # cloud-init
  chef:
     install_type: "packages"
     server_url: https://api.opscode.com/organizations/myorg
     environment: dev
     validation_name: dev-validator
     validation_cert: dev-validator.pem
     run_list: role[db]
     encrypted_data_bag_secret: /etc/chef/encrypted_data_bag_secret

  =>

  # /etc/chef/client.rb
  log_level              :info
  log_location           "/var/log/chef/client.log"
  ssl_verify_mode        :verify_none
  validation_client_name "dev-validator"
  validation_key         "/etc/chef/validation.pem"
  client_key             "/etc/chef/client.pem"
  chef_server_url        "https://api.opscode.com/organizations/myorg";
  environment            "dev"
  node_name              "5a2f89c3-da3a-4c83-85d8-cbc8fa63f429"
  json_attribs           "/etc/chef/firstboot.json"
  file_cache_path        "/var/cache/chef"
  file_backup_path       "/var/backups/chef"
  pid_file               "/var/run/chef/client.pid"
  Chef::Log::Formatter.show_time = true
  encrypted_data_bag_secret "encrypted_data_bag_secret"

  Thanks,
  Eric

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1817082/+subscriptions


Follow ups