cookbook 'privx', '~> 0.2.1'
privx (4) Versions 0.2.1 Follow0
Installs/Configures PrivX Host
cookbook 'privx', '~> 0.2.1', :supermarket
knife supermarket install privx
knife supermarket download privx
PrivX
This cookbook configures a node to trust PrivX issued OpenSSH user certificates.
Configuration
Attributes
Required attributes under node['privx']:
-
'api_endpoint'
:https://
prefixed hostname for PrivX. -
'api_ca_cert'
: Trust anchor for PrivX's TLS certificate. -
'roles'
: JSON array of objects which have key'principal'
(str) and'roles'
(array).
{ "api_endpoint": "https://privx.example.com", "api_ca_cert": "-----BEGIN CERTIFICATE-----\nYXNkZmFzZGZhc2Zhc2Zhc2RmYXNkZmFzZGY=\n-----END CERTIFICATE-----", "principals": [ { "principal": "root", "roles": [{"name": "root-everywhere"}, {"name": "dev-admin"}] } ] }
Chef-vault
PrivX cookbook expects to find vault with name privx
and an databag with name
privx
which has following fields:
-
'oauth_client_secret'
: OAuth client secret -
'api_client_id'
: ID of the API user -
'api_client_secret'
: Password for the API user
These values can be found from Settings -> Deployment -> Deploy and configure SSH target hosts -> Configure using a deployment script.
Add the credentials to chef vault:
knife vault create privx privx '{"oauth_client_secret": "ZGdoZGZ0aGRmZ2hkZ2hibmN2", "api_client_id": "02781968-2a83-4cc2-4790-5f64cab9020c", "api_client_secret": "eRsiGFQJgMw1aKL4JjbBNyDOTsNHJc2zYPLGGgNH+ak="}' --mode client
This vault needs to be exposed to the node at bootstrap with --bootstrap-vault-item 'privx:privx'
Bootstrapping
knife bootstrap ec2-18-194-178-70.eu-central-1.compute.amazonaws.com \ --ssh-user ec2-user \ --sudo \ --identity-file ~/.ssh/aws \ --node-name node1 \ --environment development \ --run-list 'role[system]' \ --bootstrap-vault-item 'privx:privx'
With Openstack nodes --hint openstack
is probably required.
Dependent cookbooks
openssh >= 0.0.0 |
ntp >= 0.0.0 |
Contingent cookbooks
There are no cookbooks that are contingent upon this one.
Collaborator Number Metric
0.2.1 failed this metric
Failure: Cookbook has 1 collaborators. A cookbook must have at least 2 collaborators to pass this metric.
Contributing File Metric
0.2.1 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
Foodcritic Metric
0.2.1 passed this metric
No Binaries Metric
0.2.1 passed this metric
Testing File Metric
0.2.1 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
0.2.1 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
0.2.1 failed this metric
0.2.1 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
Foodcritic Metric
0.2.1 passed this metric
No Binaries Metric
0.2.1 passed this metric
Testing File Metric
0.2.1 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
0.2.1 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
0.2.1 passed this metric
0.2.1 passed this metric
Testing File Metric
0.2.1 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
0.2.1 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
0.2.1 failed this metric
0.2.1 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number