cloud-init

[RFE] Please add encrypted_data_bag_secret to client.rb.tmpl in cc_chef

Bug #1817082 reported by Eric Williams
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
cloud-init
Fix Released
Wishlist
Eric Williams

Bug Description

This is a request to add support for the client configuration option "encrypted_data_bag_secret" in `chef_client.rb.tmpl` and the `chef` configuration block.

Use Case:

Enable cloud-init to manage Chef deployments where encrypted data bags are in use. The path to the secrets can be configured with Cloud init, while the secrets files themselves can be supplied via an external facility (e.g., Barbican, Vault).

Example:

# cloud-init
chef:
   install_type: "packages"
   server_url: https://api.opscode.com/organizations/myorg
   environment: dev
   validation_name: dev-validator
   validation_cert: dev-validator.pem
   run_list: role[db]
   encrypted_data_bag_secret: /etc/chef/encrypted_data_bag_secret

=>

# /etc/chef/client.rb
log_level :info
log_location "/var/log/chef/client.log"
ssl_verify_mode :verify_none
validation_client_name "dev-validator"
validation_key "/etc/chef/validation.pem"
client_key "/etc/chef/client.pem"
chef_server_url "https://api.opscode.com/organizations/myorg"
environment "dev"
node_name "5a2f89c3-da3a-4c83-85d8-cbc8fa63f429"
json_attribs "/etc/chef/firstboot.json"
file_cache_path "/var/cache/chef"
file_backup_path "/var/backups/chef"
pid_file "/var/run/chef/client.pid"
Chef::Log::Formatter.show_time = true
encrypted_data_bag_secret "/etc/chef/encrypted_data_bag_secret"

Thanks,
Eric

See original description
Revision history for this message
Dan Watkins (oddbloke) wrote :

Hi Eric,

Thanks for filing this feature request! Is this something you would be interested in contributing a fix for?

Thanks!

Dan

Changed in cloud-init:
status: New → Triaged
importance: Undecided → Wishlist
Revision history for this message
Eric Williams (eric-canonical) wrote :

@Dan

I'll give it a shot; I've assigned it to myself.

Thanks,
Eric

Changed in cloud-init:
assignee: nobody → Eric Williams (eric-canonical)
Revision history for this message
Dan Watkins (oddbloke) wrote :

Great, thanks!

Eric Williams (eric-canonical)
description: updated
Revision history for this message
Server Team CI bot (server-team-bot) wrote :

This bug is fixed with commit 8cfcc28d to cloud-init on branch master.
To view that commit see the following URL:
https://git.launchpad.net/cloud-init/commit/?id=8cfcc28d

Changed in cloud-init:
status: Triaged → Fix Committed
Revision history for this message
Chad Smith (chad.smith) wrote : Fixed in cloud-init version 19.1.

This bug is believed to be fixed in cloud-init in version 19.1. If this is still a problem for you, please make a comment and set the state back to New

Thank you.

Changed in cloud-init:
status: Fix Committed → Fix Released
Revision history for this message
James Falcon (falcojr) wrote :

Tracked in Github Issues as https://github.com/canonical/cloud-init/issues/3338

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.