Add support for Chef encrypted data bags: http://wiki.opscode.com/display/chef/Encrypted+Data+Bags
Add two configuration options to chef_server provision: encrypted_data_bag_secret_key_path - the location of your encrypted secret key on your local machine encrypted_data_bag_secret - the location you wish to place the key on the target machine and the value of Chef::Config[:encrypted_data_bag_secret]. Default value of "/etc/chef/encrypted_data_bag".
This commit is contained in:
parent
096c8b284f
commit
7c89ef3de2
|
@ -15,6 +15,8 @@ module Vagrant
|
|||
attr_accessor :file_cache_path
|
||||
attr_accessor :file_backup_path
|
||||
attr_accessor :environment
|
||||
attr_accessor :encrypted_data_bag_secret_key_path
|
||||
attr_accessor :encrypted_data_bag_secret
|
||||
|
||||
def initialize
|
||||
super
|
||||
|
@ -23,6 +25,8 @@ module Vagrant
|
|||
@client_key_path = "/etc/chef/client.pem"
|
||||
@file_cache_path = "/srv/chef/file_store"
|
||||
@file_backup_path = "/srv/chef/cache"
|
||||
@encrypted_data_bag_secret_key_path = nil
|
||||
@encrypted_data_bag_secret = "/etc/chef/encrypted_data_bag_secret"
|
||||
end
|
||||
|
||||
def validate(errors)
|
||||
|
@ -45,6 +49,7 @@ module Vagrant
|
|||
chown_provisioning_folder
|
||||
create_client_key_folder
|
||||
upload_validation_key
|
||||
upload_encrypted_data_bag_secret if config.encrypted_data_bag_secret_key_path
|
||||
setup_json
|
||||
setup_server_config
|
||||
run_chef_client
|
||||
|
@ -63,6 +68,11 @@ module Vagrant
|
|||
env.ui.info I18n.t("vagrant.provisioners.chef.upload_validation_key")
|
||||
vm.ssh.upload!(validation_key_path, guest_validation_key_path)
|
||||
end
|
||||
|
||||
def upload_encrypted_data_bag_secret
|
||||
env.ui.info I18n.t("vagrant.provisioners.chef.upload_encrypted_data_bag_secret_key")
|
||||
vm.ssh.upload!(encrypted_data_bag_secret_key_path, config.encrypted_data_bag_secret)
|
||||
end
|
||||
|
||||
def setup_server_config
|
||||
setup_config("chef_server_client", "client.rb", {
|
||||
|
@ -73,7 +83,8 @@ module Vagrant
|
|||
:client_key => config.client_key_path,
|
||||
:file_cache_path => config.file_cache_path,
|
||||
:file_backup_path => config.file_backup_path,
|
||||
:environment => config.environment
|
||||
:environment => config.environment,
|
||||
:encrypted_data_bag_secret => config.encrypted_data_bag_secret
|
||||
})
|
||||
end
|
||||
|
||||
|
@ -96,6 +107,10 @@ module Vagrant
|
|||
def validation_key_path
|
||||
File.expand_path(config.validation_key_path, env.root_path)
|
||||
end
|
||||
|
||||
def encrypted_data_bag_secret_key_path
|
||||
File.expand_path(config.encrypted_data_bag_secret_key_path, env.root_path)
|
||||
end
|
||||
|
||||
def guest_validation_key_path
|
||||
File.join(config.provisioning_path, "validation.pem")
|
||||
|
|
|
@ -10,6 +10,8 @@ validation_client_name "<%= validation_client_name %>"
|
|||
validation_key "<%= validation_key %>"
|
||||
client_key "<%= client_key %>"
|
||||
|
||||
encrypted_data_bag_secret "<%= encrypted_data_bag_secret %>"
|
||||
|
||||
<% unless environment.nil? %>
|
||||
environment "<%= environment %>"
|
||||
<% end %>
|
||||
|
|
|
@ -465,6 +465,7 @@ en:
|
|||
json: "Generating chef JSON and uploading..."
|
||||
client_key_folder: "Creating folder to hold client key..."
|
||||
upload_validation_key: "Uploading chef client validation key..."
|
||||
upload_encrypted_data_bag_secret_key: "Uploading chef encrypted data bag secret key..."
|
||||
running_client: "Running chef-client..."
|
||||
running_solo: "Running chef-solo..."
|
||||
invalid_provisioner: "Vagrant::Provisioners::Chef is not a valid provisioner! Use ChefSolo or ChefServer instead."
|
||||
|
|
|
@ -162,7 +162,8 @@ class ChefServerProvisionerTest < Test::Unit::TestCase
|
|||
:client_key => @config.client_key_path,
|
||||
:file_cache_path => @config.file_cache_path,
|
||||
:file_backup_path => @config.file_backup_path,
|
||||
:environment => @config.environment
|
||||
:environment => @config.environment,
|
||||
:encrypted_data_bag_secret => @config.encrypted_data_bag_secret
|
||||
})
|
||||
|
||||
@action.setup_server_config
|
||||
|
|
Loading…
Reference in New Issue