cookbook 'chef-server-populator', '~> 2.0.2'
chef-server-populator
(17) Versions
2.0.2
-
Follow3
Populate chef server with stuff you want
cookbook 'chef-server-populator', '~> 2.0.2', :supermarket
knife supermarket install chef-server-populator
knife supermarket download chef-server-populator
Chef Server Populator
Creates orgs, clients, and admin users and installs provided public keys. Simplifies managing and
recreating Chef Server nodes. Provides backup and restore recipes for
complete Chef Server recovery.
New Chef 12 Support
Chef 12 is supported in version 1.0 and above. If you need Chef 11
support, please pin your environment to version 0.4.0.
Usage
When bootstrapping with the chef-server cookbook and chef-solo:
- Download and unpack chef-server, chef-server-ingredient, packagecloud, and chef-server-populator cookbooks
- Upload public keys to be used by users, org-validator, and clients (optionally)
- Create json for organization, user, and (optionally) client(s)
- Run chef-solo
See the default[:chef_server_populator][:solo_org]
and
default[:chef_server_populator][:solo_org_user]
attribute hashes in
attributes/default.rb
for the required attribute structure.
When converging with chef-client:
- Create data bag to hold data bag items with user, org, and client information
- Create data bag items with user, org, and client information
- Set data bag related attributes
Applicable attributes:
-
node[:chef_server_populator][:databag]
- name of the data bag
Structure of the data bag item:
User:
json
{
"id": "user_name",
"chef_server": {
"full_name": "User Name",
"email": "name@domain.tld",
"client_key": "public key contents",
"type": [
"user"
],
"orgs": {
"organization": {
"enabled": true,
"admin": true
}
}
}
}
Note: While users can belong to multiple organizations, and the above
hash structure allows you to define multiple associations, the
chef-server-populator currently only supports the first organization
that is defined in the data bag.
Client:
json
{
"id": "client_name",
"chef_server": {
"client_key": "public key contents",
"type": [
"client"
],
"orgs": [ "organization" ]
}
}
Note: If no organization is specified for a client, it will be added
to the default organization. The client enabled
and admin
settings
can be set at the top level of the chef_server
hash or in and orgs
hash as in the User example.
Org:
json
{
"id": "org_name",
"chef_server": {
"full_name": "Organization Name",
"client_key": "public key contents",
"type": [
"org"
],
"enabled": true
}
}
Note: Creating the org will create a client called <org>-validator
which uses the public key specified when
creating the org.
In addition, there is currently a bug in Chef server 12.1 which means only the first word in
the full name will be used, as the option is not parsed correctly
Restoring from a backup:
- Set path to restore file with node[:chef_server_populator][:restore][:file]
- The restore recipe is run if a restore file is set
- The restore file can be remote or local
When enabling backups:
- Include chef-server-populator::restore recipe
- Set backup cron interval with node[:chef_server_populator][:schedule]
- Optionally set a remote storage location with node[:chef_server_populator][:backup][:remote][:connection]
- Backups include both a pg_dump of the entire chef database and a tarball of the Chef data directory
Public Key Format
The format of the public key specified with the json object needs to be a single line string with new lines
represented with the \n character
You can use one of the below commands to convert your public key file into the correct string format (credit
to the certificates cookbook for these)
cat <filename> | sed s/$/\\\\n/ | tr -d '\n'
-OR-
/usr/bin/env ruby -e 'p ARGF.read' <filename>
-OR-
perl -pe 's!(\x0d)?\x0a!\\n!g' <filename>
If you need to obtain the public key string for your private key first, then run the following on the .pem
file containing the private key
openssl rsa -in <path_to_keyfile>.pem -pubout
Extras
Need to use the IP address of the node for a bit, or another name instead of
having node[:fqdn]
?
node[:chef_server_populator][:servername_override]
Keep chef server configured via chef client:
node[:chef_server_populator][:chef_server]
If the hash is non-empty, it will write the chef-server dna.json
and trigger a
reconfigure
when ever the attributes are updated.
Known Issues
- As mentioned above, user and client data bag items currently only support the first organization provided. Multi-org support is forthcoming.
Examples
Take a look in the examples
directory for basic bootstrap templates that will
build a new erchef server, using existing keys and client, and
register itself, or restore an existing chef server from a backup.
Info
- Repository: https://github.com/hw-cookbooks/chef-server-populator
- IRC: Freenode @ #heavywater
Dependent cookbooks
chef-server ~> 5.0 |
Contingent cookbooks
There are no cookbooks that are contingent upon this one.
chef-server-populator CHANGELOG
Unreleased changes
v2.0.2
- Configure $PATH to fix backups unit test
- Don't create users if no public key is set
- Use correct client-key flag when no version is set
- Update chef-server dependency b/c packagecloud repos are gone
- Add Nellie for CI
v2.0.0
- Support chef-server 4.x versions
- Make chef-server constraint tighter to prevent breakage
- Remove resource notifications to resources outside our recipes
- Refactor configuration setup to support hash style attribute and auto-convert to string
v1.2.2
- Adds test for user key
- Fixes org recipe user key in 12.1.x
v1.2.0
- Adds support for both 12.0.x and 12.1.x versions, client key commands got a new flag which broke things.
- Prevents randomly generated passwords from starting with a '-' which will register as a flag and cause an error.
- Fixes backup recipe when using remote backups
- Fixes backup recipe when running as cron
- Updates and extends the integration tests to cover backups
v1.1.4
- Fixes all users created as admins
- Updates user creation to require explicit enabled setting
- Updates client admin to default to false
v1.1.2
- Adds myriad unit tests.
- Fixes issue #23 where users were not assigned to orgs.
- Fixes issue #22 where client recipe failed if no chef_server hash set.
v1.1.0
- Fixes and loosens idempotency tests to account for Chef Server version differences
- Updates Client recipe to create orgs, then users, then clients
- Fixes non-existent org attribute in solo recipe
- Fixes missing user keys in test suite
- Moves common org/user/client creation specs to the spec helper
- Refactors Backup/Restore to work with Chef 12. Uses Miasma rather than Fog.
v1.0.2
- Org recipe only included for solo run, since client run expects data bag items.
v1.0.0
- Updates to support Chef 12
- Removes support for Chef 11
- Adds support for organization creation in solo and client contexts
- Updates backup/restore recipes for new psql path and new table & field names. (Not fully tested)
- Replaces many knife and psql commands with native chef-server-clt management commands
v0.4.0
- Allow for creation of clients, users, or both
- Store backup configuration in separate JSON file
- Provide proper retries to account for temporary server unavailability
- Include full server restart on restore from backup
- Provide 'latest' backup files along with named files
- Convert backup script from template to cookbook file
- Make service restarts more consistent
v0.3.2
- Add client creation retries to stabilize initial bootstrap
- Updates to example bootstrap script
- Add support for backup/restore (thanks @luckymike!)
v0.3.0
- Include chef-server dependency
- Update configuration overrides for chef-server
- Use
:endpoint
attribute for custom hostname/ip
v0.2.0
- Provide distinct solo vs. client recipes
- Client recipe configures dna.json and uses ctl for reconfigure
Collaborator Number Metric
2.0.2 passed this metric
Contributing File Metric
2.0.2 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
Foodcritic Metric
2.0.2 failed this metric
FC064: Ensure issues_url is set in metadata: chef-server-populator/metadata.rb:1
FC065: Ensure source_url is set in metadata: chef-server-populator/metadata.rb:1
FC066: Ensure chef_version is set in metadata: chef-server-populator/metadata.rb:1
FC067: Ensure at least one platform supported in metadata: chef-server-populator/metadata.rb:1
FC068: Ensure license is set in metadata: chef-server-populator/metadata.rb:1
FC069: Ensure standardized license defined in metadata: chef-server-populator/metadata.rb:1
Run with Foodcritic Version 16.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
No Binaries Metric
2.0.2 passed this metric
Testing File Metric
2.0.2 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
2.0.2 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
2.0.2 passed this metric
2.0.2 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
Foodcritic Metric
2.0.2 failed this metric
FC064: Ensure issues_url is set in metadata: chef-server-populator/metadata.rb:1
FC065: Ensure source_url is set in metadata: chef-server-populator/metadata.rb:1
FC066: Ensure chef_version is set in metadata: chef-server-populator/metadata.rb:1
FC067: Ensure at least one platform supported in metadata: chef-server-populator/metadata.rb:1
FC068: Ensure license is set in metadata: chef-server-populator/metadata.rb:1
FC069: Ensure standardized license defined in metadata: chef-server-populator/metadata.rb:1
Run with Foodcritic Version 16.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
No Binaries Metric
2.0.2 passed this metric
Testing File Metric
2.0.2 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
2.0.2 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
2.0.2 failed this metric
FC065: Ensure source_url is set in metadata: chef-server-populator/metadata.rb:1
FC066: Ensure chef_version is set in metadata: chef-server-populator/metadata.rb:1
FC067: Ensure at least one platform supported in metadata: chef-server-populator/metadata.rb:1
FC068: Ensure license is set in metadata: chef-server-populator/metadata.rb:1
FC069: Ensure standardized license defined in metadata: chef-server-populator/metadata.rb:1
Run with Foodcritic Version 16.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
2.0.2 passed this metric
Testing File Metric
2.0.2 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
2.0.2 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
2.0.2 failed this metric
2.0.2 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number