Add command to add client to clients list by name (not requiring search).

[timbrown5]

Would it be possible to add a command to and a client name to to a vault item (even if that client doesn't exist yet). This would allow me to add the credentials of a user I want services to run as before bootstrapping the node, and get these services setup on bootstrap.

The alternative I have is just to store these in a node attribute, which is insecure.

[EmFl]

Not sure you still have that issue but I think the only way to proceed with this is to add the vault attributes to your bootsrap command =>

knife bootstrap Options

Use the following options with a validatorless bootstrap to specify items that are stored in chef-vault:

--bootstrap-vault-file VAULT_FILE The path to a JSON file that contains a list of vaults and items to be updated. --bootstrap-vault-item VAULT_ITEM A single vault and item to update as vault:item. --bootstrap-vault-json VAULT_JSON

A JSON string that contains a list of vaults and items to be updated.

For example:

--bootstrap-vault-json '{ "vault1": ["item1", "item2"], "vault2": "item2" }'

source : https://docs.chef.io/install_bootstrap.html

[timbrown5]

Hi, Sorry just got round to trying this. I have having problems making this work in Client mode (the vault item), and can't see any flags in bootstrap to specify the mode. Thanks for your help, Tim

[EmFl]

I think using this in the bootstrap command is automatically done on the chef server, there is no distinction between client or local mode. Maybe post your commands/logs if you still have issues ?

[timbrown5]

I have a vault called credentials that has an item for each chef node, that in turn contains user, password and domain. I think my previous problem was that I wasn't specifying the vault name and item name (just supplying the JSON I would pass to: knife vault create credentials -f JSON When trying to set this using the '--bootstrap-vault-json' option I get knife vault create credentials "%CHEF_NODENAME%" '{"user": "%CHEF_USER%", "password": "%CHEF_USER_PASS%", "domain":"%CHEF_USER_DOMAIN%"}' -M client -F JSON -S "role:*" -u "********"

Now when specifing the vault and item, as below: --bootstrap-vault-json '{"credentials": {"%CHEF_NODENAME%": {"user": "%CHEF_USER%", "password": "%CHEF_USER_PASS%", "domain":"%CHEF_USER_DOMAIN%"}}}'

I get: ERROR: URI::InvalidURIError: bad URI(is not URI?): https://pdgt-chef-server/organizations/snsystems/data/credentials/{"*****_"=>{"user"=>"**_**_", "password"=>"_**", "domain"=>"domain"}}_keys

Which looks like it's not parsing the JSON correctly (just seeing the item as a string).

Note: I am using Windows bootstrap and chef SDK v0.18.26.

[timbrown5]

Not sure if it helps but here is the debug log: DEBUG: Initiating POST to https://########/nodes DEBUG: ---- HTTP Request Header Data: ---- DEBUG: Content-Type: application/json DEBUG: Accept: application/json DEBUG: Accept-Encoding: gzip;q=1.0,deflate;q=0.6,identity;q=0.3 DEBUG: X-Ops-Server-API-Version: 1 DEBUG: X-OPS-SIGN: algorithm=sha1;version=1.1; DEBUG: X-OPS-USERID: ######## DEBUG: X-OPS-TIMESTAMP: 2016-09-23T13:02:00Z DEBUG: X-OPS-CONTENT-HASH: ############################################################ DEBUG: X-OPS-AUTHORIZATION-1: ############################################################ DEBUG: X-OPS-AUTHORIZATION-2: ############################################################ DEBUG: X-OPS-AUTHORIZATION-3: ############################################################ DEBUG: X-OPS-AUTHORIZATION-4: ############################################################ DEBUG: X-OPS-AUTHORIZATION-5: ############################################################ DEBUG: X-OPS-AUTHORIZATION-6: ############################################################ DEBUG: HOST: ########:443 DEBUG: X-REMOTE-REQUEST-ID: ######## DEBUG: Content-Length: 352 DEBUG: ---- End HTTP Request Header Data ---- DEBUG: ---- HTTP Status and Header Data: ---- DEBUG: HTTP 1.1 201 Created DEBUG: server: openresty/1.9.7.2 DEBUG: date: Fri, 23 Sep 2016 13:02:27 GMT DEBUG: content-type: application/json DEBUG: content-length: 78 DEBUG: connection: close DEBUG: x-ops-server-api-version: {"min_version":"0","max_version":"1","request_version":"1","response_version":"1"} DEBUG: x-ops-api-info: ######## DEBUG: location: https://########/nodes/######## DEBUG: ---- End HTTP Status/Header Data ---- DEBUG: Chef::HTTP calling Chef::HTTP::ValidateContentLength#handle_response DEBUG: Content-Length validated correctly. DEBUG: Chef::HTTP calling Chef::HTTP::RemoteRequestID#handle_response DEBUG: Chef::HTTP calling Chef::HTTP::Authenticator#handle_response DEBUG: Chef::HTTP calling Chef::HTTP::Decompressor#handle_response DEBUG: Chef::HTTP calling Chef::HTTP::CookieManager#handle_response DEBUG: Chef::HTTP calling Chef::HTTP::JSONOutput#handle_response DEBUG: Chef::HTTP calling Chef::HTTP::JSONInput#handle_response C:/opscode/chefdk/embedded/lib/ruby/2.3.0/uri/rfc3986_parser.rb:67:in `split': bad URI(is not URI?): https://########/data/credentials/{"########"=>{"user"=>"########", "password"=>"########", "domain"=>"########"}}_keys (URI::InvalidURIError)

[thommay]

This looks like a powershell quoting problem, and is definitely not an issue with the chef-vault cookbook. If you're still having problems, I'd recommend posting about the problem to https://discourse.chef.io or to stack overflow, or asking on slack via https://community-slack.chef.io .