Menu

Chef Supermarket

Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

View our collection of guides, documentation, and articles

Cookbooks
Advanced Options

Select Badges

Select Supported Platforms

RSS

privx (4) Versions 0.1.0

Installs/Configures PrivX Host

Berkshelf
Policyfile
Knife 
cookbook 'privx', '= 0.1.0'
cookbook 'privx', '= 0.1.0', :supermarket
knife supermarket install privx
knife supermarket download privx
README
Dependencies
Quality 25%

PrivX

This cookbook configures a node to trust PrivX issued OpenSSH user certificates.

Configuration

Attributes

Required attributes under node['privx']:

  • 'api_endpoint': https:// prefixed hostname for PrivX.
  • 'api_ca_cert': Trust anchor for PrivX's TLS certificate.
  • 'roles': JSON array of objects which have key 'principal' (str) and 'roles' (array).
{
    "api_endpoint": "https://privx.example.com",
    "api_ca_cert": "-----BEGIN CERTIFICATE-----\nYXNkZmFzZGZhc2Zhc2Zhc2RmYXNkZmFzZGY=\n-----END CERTIFICATE-----",
    "principals": [
        {
          "principal": "root",
          "roles": [{"name": "root-everywhere"}, {"name": "dev-admin"}]
        }
      ]
}

Chef-vault

PrivX cookbook expects to find vault with name privx and an databag with name privx which has following fields:

  • 'oauth_client_secret': This value is get from PrivX command line using the command: sudo /opt/privx/bin/keyvault-tool -name privx_auth_client_secret_privx-external get-passphrase
  • 'api_client_id': Name of the API user
  • 'api_client_secret': Password for the API user

Such as

knife vault create privx privx '{"oauth_client_secret": "ZGdoZGZ0aGRmZ2hkZ2hibmN2", "api_client_id": "deploy-script", "api_client_secret": "0000000000000"}' --mode client

This vault needs to be exposed to the node at bootstrap with --bootstrap-vault-item 'privx:privx'

Bootstrapping

knife bootstrap ec2-18-194-178-70.eu-central-1.compute.amazonaws.com \
                --ssh-user ec2-user \
                --sudo \
                --identity-file ~/.ssh/aws \
                --node-name node1 \
                --environment development \
                --run-list 'role[system]' \
                --bootstrap-vault-item 'privx:privx'

With Openstack nodes --hint openstack is probably required.

Dependent cookbooks

ntp >= 0.0.0
openssh >= 0.0.0

Contingent cookbooks

There are no cookbooks that are contingent upon this one.

Collaborator Number Metric 
            
0.1.0 failed this metric
Failure: Cookbook has 0 collaborators. A cookbook must have at least 2 collaborators to pass this metric.

Contributing File Metric 
            
0.1.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file

Foodcritic Metric 
            
0.1.0 failed this metric
FC064: Ensure issues_url is set in metadata: privx/metadata.rb:1
FC065: Ensure source_url is set in metadata: privx/metadata.rb:1
FC067: Ensure at least one platform supported in metadata: privx/metadata.rb:1
Run with Foodcritic Version 14.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any

No Binaries Metric 
            
0.1.0 passed this metric

Publish Metric 
            
0.1.0 passed this metric

Supported Platforms Metric 
            
0.1.0 failed this metric
privx should declare what platform(s) it supports.

Testing File Metric 
            
0.1.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file

Version Tag Metric 
            
0.1.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number

SSH IT SSH IT
Jukka-Pekka Virtanen

Details

View Source View Issues

Updated May 15, 2019 Created on

Platforms

License

All Rights Reserved

Chef Versions

(>= 12.1)

Download Cookbook