Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

Select Badges

Select Supported Platforms

RSS

ssl (9) Versions 1.1.1

Sets up SSL certs and keys from an encrypted data bag

Berkshelf/Librarian
Policyfile
Knife
cookbook 'ssl', '~> 1.1.1'
cookbook 'ssl', '~> 1.1.1', :supermarket
knife cookbook site install ssl
knife cookbook site download ssl
README
Dependencies
Quality

DESCRIPTION

A recipe for setting up system-wide SSL certs on Ubuntu / Debian systems.

REQUIREMENTS

Ubuntu or Debian Linux system and an encrypted data bag named "ssl".

ATTRIBUTES

node['ssl']['certs_dir'] = '/etc/ssl/certs'
node['ssl']['keys_dir']  = '/etc/ssl/keys'
node['ssl']['group']     = 'ssl-cert'
node['ssl']['domain']     = '*'

USAGE

The certs and keys are retrieved from an encrypted data bag named "ssl". Inside the data bag, the cert should be in a key named "cert", the domain name should be in the "id" key, with periods replaced by underscores (i.e. foo.com -> foo_com), the cert's key should be in "key", and if you have a chain of certs to validate your domain's cert, put them in an array under "chain" and the recipe will set them up for you. If you have a local CA, you can store that in a key named "ca", and the recipe will install and symlink it in the certs_dir.

NOTE: The certs and keys should all be on one line, with their newlines replaced by "\n". They will be stored correctly once placed on the server.

Sample way to generate the data bag:

bundle exec knife solo data bag create ssl -d --data-bag-path data_bags -j '{"id":"caregeneral_com", "key":"private_key_of_caregeneral","cert":"certificate","chain":["cert", "cert"]}'

A sample data bag options data_bags\keys\domain_com.json:

{
  "name":"data_bag_item_ssl_domain_com",
  "json_class":"Chef::DataBagItem",
  "chef_type":"data_bag_item",
  "data_bag":"ssl",
  "raw_data":
  {
    "id":"domain_com_staging",
    "key":"-----BEGIN RSA PRIVATE KEY-----\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n-----END RSA PRIVATE KEY-----",
    "cert":"-----BEGIN CERTIFICATE-----\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n-----END CERTIFICATE-----",
    "chain":[
      "-----BEGIN CERTIFICATE-----\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n-----END CERTIFICATE-----",
      "-----BEGIN CERTIFICATE-----\nBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB\nBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB\nBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB\nBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB\nBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB\n-----END CERTIFICATE-----"
    ]
  }
}

After running the default recipe, your certs will be in /etc/ssl/certs/{domain.name}.crt, and the keys will be in /etc/ssl/private/{domain.name}.key. Any chain certs will be combined into /etc/ssl/certs/{domain.name}.chain.crt and the whole cert chain will be put into /etc/ssl/certs/{domain.name}.combined.crt. The separate chain cert is for Apache, and the combined one is for Nginx. A CA cert will be stored as /etc/ssl/certs/{domain.name}-ca.crt, however you can put the CA in a data bag of it's own if you'd prefer a different prefix than domain.name.

Dependent cookbooks

This cookbook has no specified dependencies.

Contingent cookbooks

lamp_role Applicable Versions

Collaborator Number Metric
            

1.1.1 failed this metric

Failure: Cookbook has 0 collaborators. A cookbook must have at least 2 collaborators to pass this metric.

Contributing File Metric
            

1.1.1 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file

Foodcritic Metric
            

1.1.1 failed this metric

FC064: Ensure issues_url is set in metadata: ssl/metadata.rb:1
FC065: Ensure source_url is set in metadata: ssl/metadata.rb:1
FC066: Ensure chef_version is set in metadata: ssl/metadata.rb:1
FC069: Ensure standardized license defined in metadata: ssl/metadata.rb:1
Run with Foodcritic Version 11.1.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any

License Metric
            

1.1.1 passed this metric

No Binaries Metric
            

1.1.1 passed this metric

Publish Metric
            

1.1.1 passed this metric

Supported Platforms Metric
            

1.1.1 passed this metric

Testing File Metric
            

1.1.1 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file

Version Tag Metric
            

1.1.1 passed this metric