Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

Select Badges

Select Supported Platforms

Select Status

RSS

cobbpass (4) Versions 1.0.3

Manages local alternative root recovery passwords

Policyfile
Berkshelf
Knife
cookbook 'cobbpass', '~> 1.0.3', :supermarket
cookbook 'cobbpass', '~> 1.0.3'
knife supermarket install cobbpass
knife supermarket download cobbpass
README
Dependencies
Changelog
Quality 33%

cobbpass Cookbook

This cookbook creates a local user and applies a random password to it. The
user has root permissions and works as a fallback user.

The user password can be automatically changed every day or on every chef
run. This way if the remote user is unavailable (e.g. when a LDAP server
is malfunctioning), the administrator can lookup the password and login
into the server.

The random password is stored using chef-vault, and only the actual node
and the administrators can see the encrypted passwords inside it.

Requirements

Cookbooks

The following cookbooks are dependencies for this:

  • sudo - sets the root permissions for the user
  • chef-vault - for encrypting and storing passwords

Platform

The following platforms are supported and tested:

  • CentOS 6.7
  • CentOS 7.2

Chef Server

The recommended chef version is at least >= 12.5

Databag setup

Create the data bag in which you will store the passwords:

knife data bag create cobbpass

Clients (nodes) must be able to create, update and read databag items:

knife acl add group clients data cobbpass read,update,create

Usage

To use the cookbook, you can just add the default recipe to the run_list. It
will setup the user and its random password. By default, on every chef run, the
password will be changed.

If you don't want to change the password on every chef run, remove from the
run_list and add a cron entry to run only this recipe:

chef-client -o 'recipe[cobbpass]'

It will create the vault item under cobbpass/<node> and the username on the
server will be cobbpass.

Currently, chef doesn't allow node clients to see user public keys, so we
can't specify any admin on the vault. Instead, we can create a dummy client
and and allow all other clients to see it:

knife client create cobbpass
knife acl add group clients clients cobbpass read
knife node create cobbpass
knife acl add group clients nodes cobbpass read

This way you can specify pseudo-admins using their clients names on the
attribute.

Attributes

Attributes are documented on attributes/default.rb file. This way I don't need
to duplicate definitions here and there :)

License and Author

Copyright 2017, Movile

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

Dependent cookbooks

sudo >= 0.0.0
chef-vault >= 0.0.0

Contingent cookbooks

There are no cookbooks that are contingent upon this one.

cobbpass CHANGELOG

This file is used to list changes made in each version of the cobbpass cookbook.

1.0.3

  • Use 'sensitive' for hiding raw_data information from the chef-client log

1.0.2

  • Added last_edited field to the data bag showing when the password was last changed

1.0.1

  • manage_home enabled on user, for creating a home using skel

1.0.0

  • Initial release of cobbpass

Collaborator Number Metric
            

1.0.3 failed this metric

Failure: Cookbook has 0 collaborators. A cookbook must have at least 2 collaborators to pass this metric.

Contributing File Metric
            

1.0.3 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file

Foodcritic Metric
            

1.0.3 passed this metric

No Binaries Metric
            

1.0.3 passed this metric

Testing File Metric
            

1.0.3 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file

Version Tag Metric
            

1.0.3 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number