Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

Select Badges

Select Supported Platforms


cobbpass (4) Versions 1.0.3

Manages local alternative root recovery passwords

cookbook 'cobbpass', '~> 1.0.3'
cookbook 'cobbpass', '~> 1.0.3', :supermarket
knife supermarket install cobbpass
knife supermarket download cobbpass
Quality 63%

cobbpass Cookbook

This cookbook creates a local user and applies a random password to it. The user has root permissions and works as a fallback user.

The user password can be automatically changed every day or on every chef run. This way if the remote user is unavailable (e.g. when a LDAP server is malfunctioning), the administrator can lookup the password and login into the server.

The random password is stored using chef-vault, and only the actual node and the administrators can see the encrypted passwords inside it.



The following cookbooks are dependencies for this:

  • sudo - sets the root permissions for the user
  • chef-vault - for encrypting and storing passwords


The following platforms are supported and tested:

  • CentOS 6.7
  • CentOS 7.2

Chef Server

The recommended chef version is at least >= 12.5

Databag setup

Create the data bag in which you will store the passwords:

knife data bag create cobbpass

Clients (nodes) must be able to create, update and read databag items:

knife acl add group clients data cobbpass read,update,create


To use the cookbook, you can just add the default recipe to the run_list. It will setup the user and its random password. By default, on every chef run, the password will be changed.

If you don't want to change the password on every chef run, remove from the run_list and add a cron entry to run only this recipe:

chef-client -o 'recipe[cobbpass]'

It will create the vault item under cobbpass/<node> and the username on the server will be cobbpass.

Currently, chef doesn't allow node clients to see user public keys, so we can't specify any admin on the vault. Instead, we can create a dummy client and and allow all other clients to see it:

knife client create cobbpass
knife acl add group clients clients cobbpass read
knife node create cobbpass
knife acl add group clients nodes cobbpass read

This way you can specify pseudo-admins using their clients names on the attribute.


Attributes are documented on attributes/default.rb file. This way I don't need to duplicate definitions here and there :)

License and Author

Copyright 2017, Movile

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Dependent cookbooks

chef-vault >= 0.0.0
sudo >= 0.0.0

Contingent cookbooks

There are no cookbooks that are contingent upon this one.

cobbpass CHANGELOG

This file is used to list changes made in each version of the cobbpass cookbook.


  • Use 'sensitive' for hiding raw_data information from the chef-client log


  • Added last_edited field to the data bag showing when the password was last changed


  • manage_home enabled on user, for creating a home using skel


  • Initial release of cobbpass

Collaborator Number Metric

1.0.3 failed this metric

Failure: Cookbook has 0 collaborators. A cookbook must have at least 2 collaborators to pass this metric.

Contributing File Metric

1.0.3 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of, and your repo must contain a file

Foodcritic Metric

1.0.3 passed this metric

No Binaries Metric

1.0.3 passed this metric

Publish Metric

1.0.3 passed this metric

Supported Platforms Metric

1.0.3 passed this metric

Testing File Metric

1.0.3 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of, and your repo must contain a file

Version Tag Metric

1.0.3 passed this metric