Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

Select Badges

Select Supported Platforms

Select Status


pki (3) Versions 0.0.1

Installs/Configures pki

cookbook 'pki', '= 0.0.1', :supermarket
cookbook 'pki', '= 0.0.1'
knife supermarket install pki
knife supermarket download pki
Quality -%


Proof of concept PKI implementation, powered by inter-node convergence and stateful resource providers.


RHEL6/Centos6 or higher
hostname resolution taken care of earlier in the runlist (dns, etchosts)

Bootstrapped with
-r 'recipe[selinux::disabled],recipe[yum::epel],recipe[etchosts],recipe[pki::server]'
-r 'recipe[selinux::disabled],recipe[yum::epel],recipe[etchosts],recipe[pki::client]'




Clients check to see if they have an SSL keypair for their FQDN.
If not, pki_servercert is called, which generates a private key and a CSR.
The node then posts it's CSR as a node attribute

When the server side runs, it searches for a list of clients with the pki csr attribute
set. When it finds a CSR, it signs it and places the resulting public key in a directory exposed by rsync.
Since these are public keys, there are no security concerns here.

When a client is satisfied about its certificate, it will remove the attribute.

Dependent cookbooks

This cookbook has no specified dependencies.

Contingent cookbooks

There are no cookbooks that are contingent upon this one.

No quality metric results found