search

chef-boneyard / knife-rackspace

Chef knife plug-in for Rackspace
https://github.com/chef/knife-rackspace
Apache License 2.0
153 stars 114 forks source link

how to set the databag secret file to upload ? #88

Closed paulczar closed 8 years ago

paulczar commented 10 years ago

Having trouble working out how to get knife rackspace to automatically upload my databag secret file on server creation. here's my knife config:

current_dir = File.dirname(__FILE__)

user = ENV["CHEF_USER"]
OS_PASSWORD = ENV["OS_PASSWORD"] || 'nopass'
OS_USERNAME = ENV["OS_USERNAME"] || 'nopass'
OS_REGION_NAME = ENV["OS_REGION_NAME"] || 'dfw'

cookbook_path ["#{current_dir}/cookbooks"]
node_path "#{current_dir}/nodes"
role_path "#{current_dir}/roles"
environment_path "#{current_dir}/environments"
data_bag_path "#{current_dir}/data_bags"
client_key "~/.chef/#{user}.pem"
knife[:berkshelf_path] = "#{current_dir}/cookbooks"

log_level                :info
log_location             STDOUT
node_name                user
validation_client_name   "lolomg-validator"
validation_key           "~/.chef/lolomg-validator.pem"
chef_server_url          "https://api.opscode.com/organizations/lolomg"
cache_type               "BasicFile"
cache_options( :path => "#{ENV["HOME"]}/.chef/checksums" )

encrypted_data_bag_secret '~/.chef/lolomgdbsecret'

knife[:rackspace_api_username] = OS_USERNAME
knife[:rackspace_api_key] = OS_PASSWORD
knife[:rackspace_region] = OS_REGION_NAME.to_sym
knife[:secret_file] = '~/.chef/lolomgdbsecret'
paulczar commented 10 years ago 
knife rackspace server create -r 'recipe[lolomg::default]' --server-name \
 test --node-name test --image '255df5fb-e3d4-45a3-9a07-c976debf7c14' \
 --flavor 'performance1-2' --environment 'testing' —network 'lolomg_network'
martinb3 commented 10 years ago

Hi @paulczar,

I'd remove the tilde in the path. I'm not sure that works. You can also try one of these arguments (from knife help bootstrap) which should do the same thing:

       --secret SECRET
              The encryption key that is used for values contained within a data bag item.

       --secret-file FILE
              The path to the file that contains the encryption key.

Hope this helps,

@martinb3

paulczar commented 10 years ago

the only setting that works for me is this depreciated setting in my knife.rb: encrypted_data_bag_secret "#{ENV["HOME"]}/.chef/lol_secret"

using --secret-file doesn't upload the file for me.

vikramgorla commented 9 years ago

--secret-key works for me. P.S: secret file passed using this attribute will be copied to default encrypted_data_bag_secret location on server (/etc/chef/encrypted_data_bag_secret ).