Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

Select Badges

Select Supported Platforms

RSS

supermarket-omnibus-ya (1) Versions 0.1.0

Installs/Configures supermarket-omnibus-ya

Berkshelf/Librarian
Policyfile
Knife
cookbook 'supermarket-omnibus-ya', '~> 0.1.0'
cookbook 'supermarket-omnibus-ya', '~> 0.1.0', :supermarket
knife cookbook site install supermarket-omnibus-ya
knife cookbook site download supermarket-omnibus-ya
README
Dependencies
Changelog
Quality 33%

supermarket-omnibus-ya Cookbook

This is Yet Another supermarket-omnibus-cookbook cookbook. This cookbook provides the following extra features to the original cookbook.

  • SSL server key pair deployment by the Chef Vault.
  • oc-id setup by the Chef Vault.

Contents

Requirements

packages

  • supermarket-omnibus-cookbook - the original cookbook.
  • ssl_cert

Attributes

Key Type Description, example Default
['supermarket-omnibus-ya']['with_ssl_cert_cookbook'] Boolean Deploy SSL server key pair by the ssl_cert cookbook. false
['supermarket-omnibus-ya']['ssl_cert']['common_name'] String Common name for TLS node['fqdn']
['supermarket-omnibus-ya']['chef_oauth2_app_id_vault_item'] Hash Chef Vault item configurations for oc-id app. id. See attributes/default.rb. {}
['supermarket-omnibus-ya']['chef_oauth2_secret_vault_item'] Hash Chef Vault item configurations for oc-id secret. See attributes/default.rb. {}

Usage

Recipes

supermarket-omnibus-ya::default

This recipe sets up a Chef Supermarket server.

Role Examples

  • roles/supermarket.rb
name 'supermarket'
description 'Chef Supermarket'

run_list(
  'recipe[ssl_cert::server_key_pairs]',
  'recipe[supermarket-omnibus-ya::default]',
)

#env_run_lists()

#default_attributes()

cn = 'supermarket.io.example.com'
chef_cn = 'chef.io.example.com'

override_attributes(
  'ssl_cert' => {
    'common_names' => [
      cn,
    ],
  },
  'supermarket_omnibus' => {
    'with_ssl_cert_cookbook' => true,
    'ssl_cert' => {
      'common_name' => cn,
    },
    'config' => {
      'fqdn' => cn,
    },
    'chef_server_url' => "https://#{chef_cn}",
    'chef_oauth2_url' => "https://#{chef_cn}",
    'chef_oauth2_verify_ssl' => false,
    # Not recommended: instead use the `['supermarket_omnibus']['chef_oauth2_app_id_vault_item']` attribute.
    #'chef_oauth2_app_id' => '<supermarket_uid>',
    'chef_oauth2_app_id_vault_item' => {
      'vault' => 'supermarket',
      'name' => 'chef_oauth2_app_id',
      # single app_id or nested hash app_id path delimited by slash
      'env_context' => false,
      'key' => 'app_id',  # real hash path: "/app_id", Note: do not use `id`, which is preserved by Chef Vault.
      # or nested hash id path delimited by slash
      #'env_context' => true,
      #'key' => 'hash/path/to/app_id',  # real hash path: "/#{node.chef_environment}/hash/path/to/app_id"
    },
    # Not recommended: instead use the `['supermarket_omnibus']['chef_oauth2_secret_vault_item']` attribute.
    #'chef_oauth2_secret' => '<supermarket_secret>',
    'chef_oauth2_secret_vault_item' => {
      'vault' => 'supermarket',
      'name' => 'chef_oauth2_secret',
      # single secret or nested hash secret path delimited by slash
      'env_context' => false,
      'key' => 'secret',  # real hash path: "/secret"
      # or nested hash secret path delimited by slash
      #'env_context' => true,
      #'key' => 'hash/path/to/secret',  # real hash path: "/#{node.chef_environment}/hash/path/to/secret"
    },
  },
)

SSL server keys and certificates management by ssl_cert cookbook

  • create vault items.
$ ruby -rjson -e 'puts JSON.generate({"private" => File.read("supermarket_io_example_com.prod.key")})' \
> > ~/tmp/supermarket_io_example_com.prod.key.json

$ ruby -rjson -e 'puts JSON.generate({"public" => File.read("supermarket_io_example_com.prod.crt")})' \
> > ~/tmp/supermarket_io_example_com.prod.crt.json

$ cd $CHEF_REPO_PATH

$ knife vault create ssl_server_keys supermarket.io.example.com.prod \
> --json ~/tmp/supermarket_io_example_com.prod.key.json

$ knife vault create ssl_server_certs supermarket.io.example.com.prod \
> --json ~/tmp/supermarket_io_example_com.prod.crt.json
  • grant reference permission to the supermarket host
$ knife vault update ssl_server_keys  supermarket.io.example.com.prod -S 'name:supermarket*.io.example.com'
$ knife vault update ssl_server_certs supermarket.io.example.com.prod -S 'name:supermarket*.io.example.com'
  • modify run_list and attributes
run_list(
  'recipe[ssl_cert::server_key_pairs]',
  'recipe[supermarket-omnibus-ya::default]',
)

override_attributes(
  'ssl_cert' => {
    'common_names' => [
      'supermarket.io.example.com',
    ],
  },
  'supermarket_omnibus' => {
    'with_ssl_cert_cookbook' => true,
    'ssl_cert' => {
      'common_name' => 'supermarket.io.example.com',
    },
    # ...
  },
)

oc-id app ID and secret management by Chef Vault

  • create vault items.
$ cat ~/tmp/supermarket_chef_oauth2_app_id.json
{"app_id":"***************************************************************"}
$ cat ~/tmp/supermarket_chef_oauth2_secret.json
{"secret":"***************************************************************"}

$ knife vault create supermarket chef_oauth2_app_id --json ~/tmp/supermarket_chef_oauth2_app_id.json
$ knife vault create supermarket chef_oauth2_secret --json ~/tmp/supermarket_chef_oauth2_secret.json
  • grant reference permission to the Supermarket host
$ knife vault update supermarket chef_oauth2_app_id -S 'name:supermarket*.io.example.com'
$ knife vault update supermarket chef_oauth2_secret -S 'name:supermarket*.io.example.com'
  • modify attributes
override_attributes(
  'supermarket_omnibus' => {
    'chef_oauth2_app_id_vault_item' => {
      'vault' => 'supermarket',
      'name' => 'chef_oauth2_app_id',
      'env_context' => false,
      'key' => 'app_id',
    },
    'chef_oauth2_secret_vault_item' => {
      'vault' => 'supermarket',
      'name' => 'chef_oauth2_secret',
      'env_context' => false,
      'key' => 'secret',
    },
    # ...
  },
)

License and Authors

  • Author:: whitestar at osdn.jp
Copyright 2016-2017, whitestar

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

Dependent cookbooks

ssl_cert >= 0.3.7
supermarket-omnibus-cookbook >= 0.0.0

Contingent cookbooks

There are no cookbooks that are contingent upon this one.

supermarket-omnibus-ya CHANGELOG

0.1.0

  • Initial release of supermarket-omnibus-ya

Collaborator Number Metric
            

0.1.0 failed this metric

Failure: Cookbook has 0 collaborators. A cookbook must have at least 2 collaborators to pass this metric.

Contributing File Metric
            

0.1.0 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file

Foodcritic Metric
            

0.1.0 failed this metric

FC066: Ensure chef_version is set in metadata: supermarket-omnibus-ya/metadata.rb:1
FC067: Ensure at least one platform supported in metadata: supermarket-omnibus-ya/metadata.rb:1
FC069: Ensure standardized license defined in metadata: supermarket-omnibus-ya/metadata.rb:1
Run with Foodcritic Version 12.2.1 with tags metadata,correctness ~FC031 ~FC045 and failure tags any

License Metric
            

0.1.0 passed this metric

No Binaries Metric
            

0.1.0 passed this metric

Publish Metric
            

0.1.0 passed this metric

Supported Platforms Metric
            

0.1.0 failed this metric

supermarket-omnibus-ya should declare what platform(s) it supports.

Testing File Metric
            

0.1.0 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file

Version Tag Metric
            

0.1.0 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number