yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #77140
[Bug 1817082] [NEW] [RFE] Please add encrypted_data_bag_secret to client.rb.tmpl in cc_chef
Public bug reported:
This is a request to add support for the client configuration option
"encrypted_data_bag_secret" in `chef_client.rb.tmpl` and the `chef`
configuration block.
Use Case:
Enable cloud-init to manage Chef deployments where encrypted data bags
are in use. The path to the secrets can be configured with Cloud init,
while the secrets files themselves can be supplied via an external
facility (e.g., Barbican, Vault).
Example:
# cloud-init
chef:
install_type: "packages"
server_url: https://api.opscode.com/organizations/myorg
environment: dev
validation_name: dev-validator
validation_cert: dev-validator.pem
run_list: role[db]
encrypted_data_bag_secret: /etc/chef/encrypted_data_bag_secret
=>
# /etc/chef/client.rb
log_level :info
log_location "/var/log/chef/client.log"
ssl_verify_mode :verify_none
validation_client_name "dev-validator"
validation_key "/etc/chef/validation.pem"
client_key "/etc/chef/client.pem"
chef_server_url "https://api.opscode.com/organizations/myorg"
environment "dev"
node_name "5a2f89c3-da3a-4c83-85d8-cbc8fa63f429"
json_attribs "/etc/chef/firstboot.json"
file_cache_path "/var/cache/chef"
file_backup_path "/var/backups/chef"
pid_file "/var/run/chef/client.pid"
Chef::Log::Formatter.show_time = true
encrypted_data_bag_secret "encrypted_data_bag_secret"
Thanks,
Eric
** Affects: cloud-init
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to cloud-init.
https://bugs.launchpad.net/bugs/1817082
Title:
[RFE] Please add encrypted_data_bag_secret to client.rb.tmpl in
cc_chef
Status in cloud-init:
New
Bug description:
This is a request to add support for the client configuration option
"encrypted_data_bag_secret" in `chef_client.rb.tmpl` and the `chef`
configuration block.
Use Case:
Enable cloud-init to manage Chef deployments where encrypted data bags
are in use. The path to the secrets can be configured with Cloud init,
while the secrets files themselves can be supplied via an external
facility (e.g., Barbican, Vault).
Example:
# cloud-init
chef:
install_type: "packages"
server_url: https://api.opscode.com/organizations/myorg
environment: dev
validation_name: dev-validator
validation_cert: dev-validator.pem
run_list: role[db]
encrypted_data_bag_secret: /etc/chef/encrypted_data_bag_secret
=>
# /etc/chef/client.rb
log_level :info
log_location "/var/log/chef/client.log"
ssl_verify_mode :verify_none
validation_client_name "dev-validator"
validation_key "/etc/chef/validation.pem"
client_key "/etc/chef/client.pem"
chef_server_url "https://api.opscode.com/organizations/myorg"
environment "dev"
node_name "5a2f89c3-da3a-4c83-85d8-cbc8fa63f429"
json_attribs "/etc/chef/firstboot.json"
file_cache_path "/var/cache/chef"
file_backup_path "/var/backups/chef"
pid_file "/var/run/chef/client.pid"
Chef::Log::Formatter.show_time = true
encrypted_data_bag_secret "encrypted_data_bag_secret"
Thanks,
Eric
To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1817082/+subscriptions
Follow ups