cookbook 'conjur', '~> 0.4.5'
conjur (10) Versions 0.4.5 Follow2
Installs/Configures conjur
cookbook 'conjur', '~> 0.4.5', :supermarket
knife supermarket install conjur
knife supermarket download conjur
conjur
Installs and/or configures Conjur, including Conjur SSH and command-line tools.
This cookbook is composed of several recipes, which can be used at different stages of the continuous delivery lifecycle.
The lifecycle is roughly intended to operate like this:
- A base OS image from the CentOS or Ubuntu LTS family is selected.
- The "foundation" cookbooks run on the base OS image to configure the connection to Conjur (and other desired systems), install packages, and perform static configuration.
- A "foundation" image is captured after the foundation cookbooks have completed.
- Machines are launched from the "foundation" image. Each machine is provided with Conjur identity, then a Chef run finishes the machine configuration (e.g. configure the host credentials for LDAPS connection to Conjur). At this point, Chef (or other configuration management tools) may also install and configure applications on top of the base OS foundation.
Foundation Recipes
These recipes can be used to build a "foundation" image, which is able to create a secure connection to Conjur, and has performed all package installation prior to the machine launch.
- install [required] Installs base packages which are needed for Conjur SSH. All installation and configuration steps performed by this recipe can be built into an image.
- conjurrc [optional] Configures the connection to the Conjur server endpoint and establishes SSL verification. This information can be safely built into an image.
- client [optional] Installs the Conjur command-line tools. This is optional for Conjur SSH functionality. The CLI can be built into an image.
Launch recipes
- configure Applies the Conjur host identity to finish the machine configuration.
Requirements
Platforms
- Amazon Linux
- CentOS 6
- CentOS 7
- Debian 8
- RHEL 6
- RHEL 7
- Ubuntu 12.04 LTS
- Ubuntu 14.04 LTS
Dependency Cookbooks
sshd-service
Attributes
See attributes/default.rb
for defaults and documentation.
Recipes
default
Runs the install
and configure
recipes.
install
Installs packages required for Conjur SSH. Packages install include:
- openssh
- PAM + LDAP
- Conjur
logshipper
, which receivesauth.log
lines fromsyslog
, parses them, and sends them to Conjur aslogin
,logout
, andsudo
records.
This recipe also applies base configuration, such as:
- Conjur
update
permission is mapped to a Unix user group - Conjur
execute
permission is mapped to a Unix user group - By default, the
update
Unix group is granted passwordless sudo access
client
Installs the Conjur command-line tools.
conjurrc
Creates the /etc/conjur.conf
and /etc/conjur-[acct].pem
from Chef attributes.
Tests
This cookbook is verified by both chefspec
and serverspec
tests. Conjur Inc also verifies the correct operation of the SSH functionality on all supported platforms.
Run jenkins.sh
to lint and unit test.
Run jenkins_acceptance.sh
to run EC2 integration tests. By default this script runs
all test-kitchen suites defined in [.kitchen.yml](.kitchen.yml), but you can also pass a specific
suite to run like so: jenkins_acceptance.sh ubuntu-16
.
Offline installation
If the machines you'd like to conjurize with this cookbook are behind a firewall,
please see [OFFLINE.md](OFFLINE.md) for instructions.
0.4.5
- Fix some issues on Ubuntu 16.04 preventing mkhomedir and logshipper from working correctly.
0.4.4
- Change repository addresses to {apt,yum}.conjur.org.
0.4.3
- Added attribute
['conjur']['logshipper']['conjur_repository']
to toggle pulling packages from Conjur repos in [offline scenarios](OFFLINE.md).
0.4.2
- Don't install any packages in the
configure
step.
0.4.1
- On platforms that use systemd, don't try to restart logshipper in conjur::install
0.4.0
- Add automated testing for many more platforms
- Rework testing use a real Conjur appliance
0.3.4
- Fix login on Debian
- Install
conjur_authorized_keys
in/opt/conjur/bin
instead of/usr/local/bin
0.3.3
- Correctly detect systemd on Debian
0.3.2
- Fix for debian (don't install ubuntu-specific package)
0.3.1
- Fix Amazon Linux support
0.3.0
- Systemd support
0.2.3
- Updated EL repository URL
0.2.2
- Add a timeout in pubkey fetcher to prevent lockout when Conjur is unreachable
0.2.1
- Lower nslcd's idle_timelimit to one second
0.2.0
- Configures
nsswitch
to use LDAP for group lookup. This enables the usage of Conjur for secondary groups.
Collaborator Number Metric
0.4.5 failed this metric
Failure: Cookbook has 0 collaborators. A cookbook must have at least 2 collaborators to pass this metric.
Contributing File Metric
0.4.5 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
Foodcritic Metric
0.4.5 failed this metric
FC009: Resource attribute not recognised: conjur/recipes/identity.rb:19
FC064: Ensure issues_url is set in metadata: conjur/metadata.rb:1
FC065: Ensure source_url is set in metadata: conjur/metadata.rb:1
FC066: Ensure chef_version is set in metadata: conjur/metadata.rb:1
FC069: Ensure standardized license defined in metadata: conjur/metadata.rb:1
Run with Foodcritic Version 16.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
No Binaries Metric
0.4.5 failed this metric
Failure: Cookbook should not contain binaries. Found:
conjur/conjur-v0.4.4-5-gf609c12.tar.gz
conjur/files/default/apt.key
conjur/vendor/cookbooks/conjur/files/default/apt.key
Testing File Metric
0.4.5 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
0.4.5 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
0.4.5 failed this metric
0.4.5 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
Foodcritic Metric
0.4.5 failed this metric
FC009: Resource attribute not recognised: conjur/recipes/identity.rb:19
FC064: Ensure issues_url is set in metadata: conjur/metadata.rb:1
FC065: Ensure source_url is set in metadata: conjur/metadata.rb:1
FC066: Ensure chef_version is set in metadata: conjur/metadata.rb:1
FC069: Ensure standardized license defined in metadata: conjur/metadata.rb:1
Run with Foodcritic Version 16.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
No Binaries Metric
0.4.5 failed this metric
Failure: Cookbook should not contain binaries. Found:
conjur/conjur-v0.4.4-5-gf609c12.tar.gz
conjur/files/default/apt.key
conjur/vendor/cookbooks/conjur/files/default/apt.key
Testing File Metric
0.4.5 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
0.4.5 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
0.4.5 failed this metric
FC064: Ensure issues_url is set in metadata: conjur/metadata.rb:1
FC065: Ensure source_url is set in metadata: conjur/metadata.rb:1
FC066: Ensure chef_version is set in metadata: conjur/metadata.rb:1
FC069: Ensure standardized license defined in metadata: conjur/metadata.rb:1
Run with Foodcritic Version 16.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
0.4.5 failed this metric
Failure: Cookbook should not contain binaries. Found:
conjur/conjur-v0.4.4-5-gf609c12.tar.gz
conjur/files/default/apt.key
conjur/vendor/cookbooks/conjur/files/default/apt.key
Testing File Metric
0.4.5 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
0.4.5 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
0.4.5 failed this metric
0.4.5 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number