cookbook 'privx', '= 0.1.1', :supermarket
privx (4) Versions 0.1.1 Follow0
Installs/Configures PrivX Host
cookbook 'privx', '= 0.1.1'
knife supermarket install privx
knife supermarket download privx
PrivX
This cookbook configures a node to trust PrivX issued OpenSSH user certificates.
Configuration
Attributes
Required attributes under node['privx']:
-
'api_endpoint':https://prefixed hostname for PrivX. -
'api_ca_cert': Trust anchor for PrivX's TLS certificate. -
'roles': JSON array of objects which have key'principal'(str) and'roles'(array).
{
"api_endpoint": "https://privx.example.com",
"api_ca_cert": "-----BEGIN CERTIFICATE-----\nYXNkZmFzZGZhc2Zhc2Zhc2RmYXNkZmFzZGY=\n-----END CERTIFICATE-----",
"principals": [
{
"principal": "root",
"roles": [{"name": "root-everywhere"}, {"name": "dev-admin"}]
}
]
}
Chef-vault
PrivX cookbook expects to find vault with name privx and an databag with name
privx which has following fields:
-
'oauth_client_secret': This value is get from PrivX command line using the command:sudo /opt/privx/bin/keyvault-tool -name privx_auth_client_secret_privx-external get-passphrase -
'api_client_id': Name of the API user -
'api_client_secret': Password for the API user
Such as
knife vault create privx privx '{"oauth_client_secret": "ZGdoZGZ0aGRmZ2hkZ2hibmN2", "api_client_id": "deploy-script", "api_client_secret": "0000000000000"}' --mode client
This vault needs to be exposed to the node at bootstrap with --bootstrap-vault-item 'privx:privx'
Bootstrapping
knife bootstrap ec2-18-194-178-70.eu-central-1.compute.amazonaws.com \
--ssh-user ec2-user \
--sudo \
--identity-file ~/.ssh/aws \
--node-name node1 \
--environment development \
--run-list 'role[system]' \
--bootstrap-vault-item 'privx:privx'
With Openstack nodes --hint openstack is probably required.
Dependent cookbooks
| ntp >= 0.0.0 |
| openssh >= 0.0.0 |
Contingent cookbooks
There are no cookbooks that are contingent upon this one.
Collaborator Number Metric
0.1.1 failed this metric
Failure: Cookbook has 0 collaborators. A cookbook must have at least 2 collaborators to pass this metric.
Contributing File Metric
0.1.1 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
Foodcritic Metric
0.1.1 passed this metric
No Binaries Metric
0.1.1 passed this metric
Publish Metric
0.1.1 passed this metric
Supported Platforms Metric
0.1.1 passed this metric
Testing File Metric
0.1.1 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
0.1.1 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
0.1.1 failed this metric
0.1.1 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
Foodcritic Metric
0.1.1 passed this metric
No Binaries Metric
0.1.1 passed this metric
Publish Metric
0.1.1 passed this metric
Supported Platforms Metric
0.1.1 passed this metric
Testing File Metric
0.1.1 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
0.1.1 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
0.1.1 passed this metric
0.1.1 passed this metric
Publish Metric
0.1.1 passed this metric
Supported Platforms Metric
0.1.1 passed this metric
Testing File Metric
0.1.1 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
0.1.1 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
0.1.1 passed this metric
0.1.1 passed this metric
Testing File Metric
0.1.1 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
0.1.1 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
0.1.1 failed this metric
0.1.1 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
