cookbook 'privx', '= 0.1.0'
privx (4) Versions 0.1.0 Follow0
Installs/Configures PrivX Host
cookbook 'privx', '= 0.1.0', :supermarket
knife supermarket install privx
knife supermarket download privx
PrivX
This cookbook configures a node to trust PrivX issued OpenSSH user certificates.
Configuration
Attributes
Required attributes under node['privx']:
-
'api_endpoint':https://prefixed hostname for PrivX. -
'api_ca_cert': Trust anchor for PrivX's TLS certificate. -
'roles': JSON array of objects which have key'principal'(str) and'roles'(array).
{
"api_endpoint": "https://privx.example.com",
"api_ca_cert": "-----BEGIN CERTIFICATE-----\nYXNkZmFzZGZhc2Zhc2Zhc2RmYXNkZmFzZGY=\n-----END CERTIFICATE-----",
"principals": [
{
"principal": "root",
"roles": [{"name": "root-everywhere"}, {"name": "dev-admin"}]
}
]
}
Chef-vault
PrivX cookbook expects to find vault with name privx and an databag with name
privx which has following fields:
-
'oauth_client_secret': This value is get from PrivX command line using the command:sudo /opt/privx/bin/keyvault-tool -name privx_auth_client_secret_privx-external get-passphrase -
'api_client_id': Name of the API user -
'api_client_secret': Password for the API user
Such as
knife vault create privx privx '{"oauth_client_secret": "ZGdoZGZ0aGRmZ2hkZ2hibmN2", "api_client_id": "deploy-script", "api_client_secret": "0000000000000"}' --mode client
This vault needs to be exposed to the node at bootstrap with --bootstrap-vault-item 'privx:privx'
Bootstrapping
knife bootstrap ec2-18-194-178-70.eu-central-1.compute.amazonaws.com \
--ssh-user ec2-user \
--sudo \
--identity-file ~/.ssh/aws \
--node-name node1 \
--environment development \
--run-list 'role[system]' \
--bootstrap-vault-item 'privx:privx'
With Openstack nodes --hint openstack is probably required.
Dependent cookbooks
| openssh >= 0.0.0 |
| ntp >= 0.0.0 |
Contingent cookbooks
There are no cookbooks that are contingent upon this one.
Collaborator Number Metric
0.1.0 failed this metric
Failure: Cookbook has 0 collaborators. A cookbook must have at least 2 collaborators to pass this metric.
Contributing File Metric
0.1.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
Foodcritic Metric
0.1.0 failed this metric
FC064: Ensure issues_url is set in metadata: privx/metadata.rb:1
FC065: Ensure source_url is set in metadata: privx/metadata.rb:1
FC067: Ensure at least one platform supported in metadata: privx/metadata.rb:1
Run with Foodcritic Version 14.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
No Binaries Metric
0.1.0 passed this metric
Testing File Metric
0.1.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
0.1.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
0.1.0 failed this metric
0.1.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
Foodcritic Metric
0.1.0 failed this metric
FC064: Ensure issues_url is set in metadata: privx/metadata.rb:1
FC065: Ensure source_url is set in metadata: privx/metadata.rb:1
FC067: Ensure at least one platform supported in metadata: privx/metadata.rb:1
Run with Foodcritic Version 14.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
No Binaries Metric
0.1.0 passed this metric
Testing File Metric
0.1.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
0.1.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
0.1.0 failed this metric
FC065: Ensure source_url is set in metadata: privx/metadata.rb:1
FC067: Ensure at least one platform supported in metadata: privx/metadata.rb:1
Run with Foodcritic Version 14.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
0.1.0 passed this metric
Testing File Metric
0.1.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
0.1.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
0.1.0 failed this metric
0.1.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
