ChefEncryptedDataBags: Difference between revisions

From DrewWiki
Jump to navigation Jump to search
(Created page with "Raw notes, needs formatting, context... <syntaxhighlight> ​ $ openssl rand -base64 512 | tr -d '\r\n' > ~/encrypted_data_bag_secret $ knife data bag create --editor /usr/bi...")
 
(fix syntax highlight for ChefEncryptedDataBags)
 
(One intermediate revision by the same user not shown)
Line 1: Line 1:
Raw notes, needs formatting, context...
Raw notes, needs formatting, context...


<syntaxhighlight>
=Create data bag=
<syntaxhighlight lang=bash>
$ openssl rand -base64 512 | tr -d '\r\n' > ~/encrypted_data_bag_secret
$ openssl rand -base64 512 | tr -d '\r\n' > ~/encrypted_data_bag_secret
$ knife data bag create --editor /usr/bin/vi --secret-file ./encrypted_data_bag_secret jenkins passwords
$ knife data bag create --editor /usr/bin/vi --secret-file ./encrypted_data_bag_secret jenkins passwords
$ knife data bag edit --editor /usr/bin/vi --secret-file ./encrypted_data_bag_secret jenkins passwords # do not mix up -s and --secret-file
$ knife data bag edit --editor /usr/bin/vi --secret-file ./encrypted_data_bag_secret jenkins passwords # do not mix up -s and --secret-file
</syntaxhighlight>
=Copy encrytped data bag to client=
copy encrypted_data_bag_secret to chef-client:/etc/chef/encrypted_data_bag_secret
copy encrypted_data_bag_secret to chef-client:/etc/chef/encrypted_data_bag_secret


=Example JSON contents=
<syntaxhighlight lang=json>
{   
{   
   "jenkins_invadelabs":{   
   "jenkins_invadelabs":{   
Line 17: Line 22:
   }
   }
}
}
</syntaxhighlight>


=Create / edit data bags=
<syntaxhighlight lang=bash>
knife data bag create --editor /usr/bin/vi --secret-file ./encrypted_data_bag_secret jenkins passwords
knife data bag create --editor /usr/bin/vi --secret-file ./encrypted_data_bag_secret jenkins passwords
knife data bag edit --editor /usr/bin/vi --secret-file ./encrypted_data_bag_secret jenkins passwords
knife data bag edit --editor /usr/bin/vi --secret-file ./encrypted_data_bag_secret jenkins passwords


[2016-08-21T21:41:00-07:00] INFO: template[/apps/jenkins/hudson.plugins.sonar.SonarGlobalConfiguration.xml] sending restart action to service[jenkins] (delayed)
[2016-08-21T21:41:00-07:00] INFO: template[/var/lib/jenkins/hudson.plugins.sonar.SonarGlobalConfiguration.xml] sending restart action to service[jenkins] (delayed)
Recipe: jenkins::_master_package
Recipe: jenkins::_master_package
* service[jenkins] action restart[2016-08-21T21:41:00-07:00] INFO: Processing service[jenkins] action restart (jenkins::_master_package line 74)
* service[jenkins] action restart[2016-08-21T21:41:00-07:00] INFO: Processing service[jenkins] action restart (jenkins::_master_package line 74)
Line 28: Line 36:
[2016-08-21T21:41:00-07:00] DEBUG: service[jenkins] supports status, running
[2016-08-21T21:41:00-07:00] DEBUG: service[jenkins] supports status, running
jenkins (pid 21599) is running...
jenkins (pid 21599) is running...
</syntaxhighlight>
=Add a private key to a databag=
<syntaxhighlight lang=bash>
/usr/local/Cellar/gnu-sed/4.2.2/bin/gsed ':a;N;$!ba;s/\n/\\n/g' jenkins_is_rsa
copy output to knife data bag create <some data bag>
flatten json file
cat inhouse_release_perms.erb | /usr/local/Cellar/gnu-sed/4.2.2/bin/gsed ':a;N;$!ba;s/\n//g'
no more than one space
/usr/local/Cellar/gnu-sed/4.2.2/bin/gsed ':a;N;$!ba;s/\n//g' | sed 's/ */ /g'
replace " with \"
/usr/local/Cellar/gnu-sed/4.2.2/bin/gsed ':a;N;$!ba;s/\n//g' | sed 's/ */ /g' | sed 's/"/\\"/g'
</syntaxhighlight>
</syntaxhighlight>

Latest revision as of 22:52, 24 January 2018

Raw notes, needs formatting, context...

Create data bag

$ openssl rand -base64 512 | tr -d '\r\n' > ~/encrypted_data_bag_secret
$ knife data bag create --editor /usr/bin/vi --secret-file ./encrypted_data_bag_secret jenkins passwords
$ knife data bag edit --editor /usr/bin/vi --secret-file ./encrypted_data_bag_secret jenkins passwords # do not mix up -s and --secret-file

Copy encrytped data bag to client

copy encrypted_data_bag_secret to chef-client:/etc/chef/encrypted_data_bag_secret

Example JSON contents

{  
   "jenkins_invadelabs":{  
      "install_plugins":{  
         "plugins_list":[  
            "git"
         ]
      }
   }
}

Create / edit data bags

knife data bag create --editor /usr/bin/vi --secret-file ./encrypted_data_bag_secret jenkins passwords
knife data bag edit --editor /usr/bin/vi --secret-file ./encrypted_data_bag_secret jenkins passwords

[2016-08-21T21:41:00-07:00] INFO: template[/var/lib/jenkins/hudson.plugins.sonar.SonarGlobalConfiguration.xml] sending restart action to service[jenkins] (delayed)
Recipe: jenkins::_master_package
* service[jenkins] action restart[2016-08-21T21:41:00-07:00] INFO: Processing service[jenkins] action restart (jenkins::_master_package line 74)
[2016-08-21T21:41:00-07:00] DEBUG: Providers for generic service resource enabled on node include: [Chef::Provider::Service::Redhat, Chef::Provider::Service::Init]
[2016-08-21T21:41:00-07:00] DEBUG: Provider for action restart on resource service[jenkins] is Chef::Provider::Service::Redhat
[2016-08-21T21:41:00-07:00] DEBUG: service[jenkins] supports status, running
jenkins (pid 21599) is running...

Add a private key to a databag

/usr/local/Cellar/gnu-sed/4.2.2/bin/gsed ':a;N;$!ba;s/\n/\\n/g' jenkins_is_rsa
copy output to knife data bag create <some data bag>
flatten json file
cat inhouse_release_perms.erb | /usr/local/Cellar/gnu-sed/4.2.2/bin/gsed ':a;N;$!ba;s/\n//g'
no more than one space
/usr/local/Cellar/gnu-sed/4.2.2/bin/gsed ':a;N;$!ba;s/\n//g' | sed 's/ */ /g'
replace " with \"
/usr/local/Cellar/gnu-sed/4.2.2/bin/gsed ':a;N;$!ba;s/\n//g' | sed 's/ */ /g' | sed 's/"/\\"/g'