← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1817082] Re: [RFE] Please add encrypted_data_bag_secret to client.rb.tmpl in cc_chef

 

This bug is believed to be fixed in cloud-init in version 19.1. If this
is still a problem for you, please make a comment and set the state back
to New

Thank you.

** Changed in: cloud-init
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to cloud-init.
https://bugs.launchpad.net/bugs/1817082

Title:
  [RFE] Please add encrypted_data_bag_secret to client.rb.tmpl in
  cc_chef

Status in cloud-init:
  Fix Released

Bug description:
  This is a request to add support for the client configuration option
  "encrypted_data_bag_secret" in `chef_client.rb.tmpl` and the `chef`
  configuration block.

  Use Case:

  Enable cloud-init to manage Chef deployments where encrypted data bags
  are in use. The path to the secrets can be configured with Cloud init,
  while the secrets files themselves can be supplied via an external
  facility (e.g., Barbican, Vault).

  Example:

  # cloud-init
  chef:
     install_type: "packages"
     server_url: https://api.opscode.com/organizations/myorg
     environment: dev
     validation_name: dev-validator
     validation_cert: dev-validator.pem
     run_list: role[db]
     encrypted_data_bag_secret: /etc/chef/encrypted_data_bag_secret

  =>

  # /etc/chef/client.rb
  log_level              :info
  log_location           "/var/log/chef/client.log"
  ssl_verify_mode        :verify_none
  validation_client_name "dev-validator"
  validation_key         "/etc/chef/validation.pem"
  client_key             "/etc/chef/client.pem"
  chef_server_url        "https://api.opscode.com/organizations/myorg";
  environment            "dev"
  node_name              "5a2f89c3-da3a-4c83-85d8-cbc8fa63f429"
  json_attribs           "/etc/chef/firstboot.json"
  file_cache_path        "/var/cache/chef"
  file_backup_path       "/var/backups/chef"
  pid_file               "/var/run/chef/client.pid"
  Chef::Log::Formatter.show_time = true
  encrypted_data_bag_secret "/etc/chef/encrypted_data_bag_secret"

  Thanks,
  Eric

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1817082/+subscriptions


References