cookbook 'packer_chef_integration', '~> 0.1.5'
packer_chef_integration (6) Versions 0.1.5 Follow1
Installs/Configures packer_chef_integration
cookbook 'packer_chef_integration', '~> 0.1.5', :supermarket
knife supermarket install packer_chef_integration
knife supermarket download packer_chef_integration
packer_chef_integration
PCI is a very, very simple cookbook that is meant to be included in a Packer chef-client provisioner's run list. It is meant to be ran while Packer is building an EBS backed AMI - it will copy the used validation key into /etc/chef, setup Chef to be ran at boot, and then remove itself from the node's run list. The init script that converges chef-client when the node comes up removes the validation key. However, the validation key is baked into the image so, uh, there is that.
If you mean to keep the validation key secret from anybody who has access to the generated image then you'll have to wrap this cookbook aaaaand then remove the resource that copies the key. This means that you'll have to be responsible for another method of key distribution. Like Vault, maybe!
Note: this was written for Ubuntu 16.04 but any distribution that uses SystemD will work just fine... probably.
Example:
"provisioners": [
{
"type": "chef-client",
"server_url": "https://chef.foobar.com/organizations/foobar",
"run_list": [
"recipe[my_service]",
"recipe[chef-client]",
"recipe[packer_chef_integration]"
],
"json": {
"packer_chef_integration": {
"chef_server_url": "https://foobar.thislife.com/organizations/foobar",
"validation_client_name": "howdoicomputer"
}
},
"validation_key_path": "/home/howdoicomputer/.chef/validation.pem",
"validation_client_name": "howdoicomputer",
"ssl_verify_mode": "verify_none"
}
]
Here is, like, the attributes needed:
default['packer_chef_integration'].tap do |pci|
pci['chef_server_url'] = nil
pci['validation_client_name'] = nil
pci['ssl_verify'] = false
pci['packer_staging_dir'] = '/tmp/packer-chef-client'
end
Made with :heart:
Dependent cookbooks
This cookbook has no specified dependencies.
Contingent cookbooks
There are no cookbooks that are contingent upon this one.
Collaborator Number Metric
0.1.5 failed this metric
Failure: Cookbook has 0 collaborators. A cookbook must have at least 2 collaborators to pass this metric.
Contributing File Metric
0.1.5 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
Foodcritic Metric
0.1.5 passed this metric
No Binaries Metric
0.1.5 passed this metric
Testing File Metric
0.1.5 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
0.1.5 passed this metric
0.1.5 failed this metric
0.1.5 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
Foodcritic Metric
0.1.5 passed this metric
No Binaries Metric
0.1.5 passed this metric
Testing File Metric
0.1.5 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
0.1.5 passed this metric
0.1.5 passed this metric
0.1.5 passed this metric
Testing File Metric
0.1.5 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
0.1.5 passed this metric
0.1.5 failed this metric
0.1.5 passed this metric