Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

Select Badges

Select Supported Platforms

Select Status

RSS

chef_vault_users (5) Versions 0.3.0

Installs/Configures chef_vault_users

Policyfile
Berkshelf
Knife
cookbook 'chef_vault_users', '= 0.3.0', :supermarket
cookbook 'chef_vault_users', '= 0.3.0'
knife supermarket install chef_vault_users
knife supermarket download chef_vault_users
README
Dependencies
Quality 0%

chef_vault_users cookbook

Manage systems users with credentials stored in chef-vault.

Requirements

Uses the [http://community.opscode.com/cookbooks/chef-vault](chef-vault) cookbook.

It also requires the following gems (installed automatically by chef):

  • ruby-shadow
  • unix-crypt

Usage

Chef-vault

The best way of using this cookbook is by storing user credentials securely using chef-vault.

Firstly, create an encrypted data bag using chef vault:

$ knife vault blah

chef_vault_users looks at the users attribute for a hash of which users to manage. This means the chef-vault databag can be reused as it only stores username/password combinations.

The simplest usage uses all defaults

override['users']['a_user']['password'] = true

This will read the password from the chef-vault databag with all attributes set to default values (see below).

For more control you can also define a user using attributes:

override['chef_vault_users']['users']['a_user'] = { 
  'password' => true,
  'password_is_plain' => true,
  'uid' => 1005,
  'gid' => 1005
}

In this case, we will get a plaintext password from chef-vault which will then be hashed using UnixCrypt::SHA512.build().

If you omit 'password_is_plain' attribute, or set it to false, then we will expect to find a hashed password.

Plain text password

Instead of using chef-vault, you can also specify the password directly.

override['chef_vault_users']['users']['a_user']['password'] = 'mypassword'

Password hash

You can also put a password hash directly in the attributes:

override['chef_vault_users']['users']['a_user']['password'] = '$6$xxxxxxxxx$yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy'

Attributes

See attributes/default.rb for default values.

Main attributes:

  • node['users'] - The hash of users
  • node['chef_vault_users']['default_shell'] - The default shell for users
  • node['chef_vault_users']['databag'] - Name of the default chef-vault data bag

You can add your user's ssh public keys to an array in:

  • node['users'][USERNAME]['ssh_keys']

The following attributes are mapped onto the standard chef user resource:

  • node['users'][USERNAME]['comment']
  • node['users'][USERNAME]['uid']
  • node['users'][USERNAME]['gid']
  • node['users'][USERNAME]['home']
  • node['users'][USERNAME]['shell']
  • node['users'][USERNAME]['system']
  • node['users'][USERNAME]['action']
  • node['users'][USERNAME]['manage_home']

If you want to reuse the user configuration, consider putting it in a role or a users cookbook.

Dependent cookbooks

chef-vault >= 0.0.0

Contingent cookbooks

There are no cookbooks that are contingent upon this one.

Foodcritic Metric
            

0.3.0 failed this metric

FC019: Access node attributes in a consistent manner: /tmp/cook/9224d37e1465a0b0eaf60998/chef_vault_users/recipes/users.rb:63
FC046: Attribute assignment uses assign unless nil: /tmp/cook/9224d37e1465a0b0eaf60998/chef_vault_users/attributes/default.rb:4
FC046: Attribute assignment uses assign unless nil: /tmp/cook/9224d37e1465a0b0eaf60998/chef_vault_users/attributes/default.rb:5