I have a vault item defined as the following in my recipe
item = ChefVault::Item.load("user","password")
How do i call this this in my template.erb? I tried the following which isn't working
ROOTPASSWORD= <%= #node["testcookbook"]["user"]["password"] %>
My vault item looks like this:
$ knife vault show user password
id: password
pass: xxxxxxxxxx
username: chefuser
I generally do something like this within a recipe
ROOTPASSWORD #{item['pass']}
however I don't think that would work within a template.
There are two options to solve that problem though the second one should be preferred as that keeps your sensitive data private.
Suppose, if your vault look like this:
knife vault show user password
id: password
pass: xxxxxxxxxx
username: chefuser
Then, you can approach like following:
Save as Node Attribute
First, if you want to set the password on node object and make it visible, then
you can do something like below:
In recipe:
node.default["testcookbook"]["user"]["password"] = ChefVault::Item.load("user","password")['pass']
template '/tmp/template' do
source 'template.erb'
owner 'root'
group 'root'
mode '0644'
end
In Template:
ROOTPASSWORD= <%= node["testcookbook"]["user"]["password"] %>
Pass Data to the Template using variables
Second, if you don't want to set the password on node object and let it visible in chef run logs, then you can do something like below:-
template '/tmp/template' do
source 'template.erb'
owner 'root'
group 'root'
mode '0644'
sensitive true
variables( {:password => ChefVault::Item.load("user","password")['pass']})
end
In Template:
ROOTPASSWORD= <%= #password %>
Related
I have a kubernetes template yaml file that has the following
{{ when get "db" false }}
- name: DB_PASSWORD
value: {{ .password }}
- name: DB_USERNAME
value: {{ .username }}
{{ end }}
It gets the db, password, and username from a file that looks like
db:
password: "password"
username: "username"
I understand with is changing the scope and get is a method that has 2 parameters
the dictionary to read from
the key to get the value of
I'm totally new to GO and can't find anywhere in the documentation of Helm or Sprig to explain why using a key of false works to get the password and username. I'm guessing it has to do with how go parses the yaml and assigns a key value pair of "false": interface{}.
Can anyone point me to the right place or help me understand why this works?
I am trying to use whitespace arrays in chef template, like below and when I run the chef-client to execute the recipe getting an error saying: option variables must be a kind of [Hash]! below is recipe file
abc = node['abc']
def1 = node['def']
abc_sit = abc['sit']
def_sit = def1['sit']
%w{abc_sit def_sit}.each do | client |
template "/etc/#{client}.sh" do
source 'tunnel.erb'
owner 'root'
group 'root'
variables ("#{client}") --> At this line I am getting error
end
end
The error I am getting when I run the chef-client:
option variables must be a kind of [Hash]! You passed "abc_sit"
As it says, you have to pass in a Hash. Perhaps something like variables myclient: client and then <%= #myclient %> in the template.
Sorry about my English.
Here is a ./recipes/default.rb
node['client-name'].each do |crontab|
item = data_bag_item('bag_name', "#{crontab}")
node.default[:client_timezone] = "#{item['timezone']}"
node.default[:client_name] = "#{crontab}"
template "crontab" do
path "/etc/cron.d/#{deploy}"
source "default.erb"
owner "root"
group "root"
mode "0644"
end
end
The ./attributes/default.rb looks like this:
default['version'] = "1.0.0"
default['client-name'] = ['company_1','company_2']
The templates/crontab.erb looks like this:
30 04 * * * java -Duser.timezone=<%= node[:timezone] %> -jar /var/www/app-<%= node[:version] %>.jar /var/www/<%= node[:client_name] %>/config/spring/job.xml
My recipe puts two similar crontab files (company_1 and company_2) to /etc/cron.d/, but only for the last one attributes' value (company_2). Can you please tell me, where am i wrong?
You need to use the variables section of the template resource to assign the client_name and the timezone explicitly. The recipe might look like this:
node['client-name'].each do |client_name|
item = data_bag_item('bag_name', "#{client_name}")
template "crontab" do
path "/etc/cron.d/#{deploy}"
source "default.erb"
owner "root"
group "root"
mode "0644"
variables ({
:client_name => item['client_name'], # Don't you have this already?
:client_timezone => item['client_timezone']
})
end
end
Your crontab.erb should look like this:
30 04 * * * java -Duser.timezone=<%= #client_timezone %> -jar /var/www/app-<%= node[:version] %>.jar /var/www/<%= #client_name %>/config/spring/job.xml
I'm having some issues with passing a hash from hiera through to a resource creation.
vhosts:
project_1:
name: project_1
project_name: project_1
project_2:
name: project_2
project_name: project_2
$vhosts = hiera('vhosts', [])
create_resources(project_vhosts::vhosts, $vhosts)
Ignore the hidden project names :) but you get the gist. My resource looks like this:
define project_vhosts::vhosts(
$vhosts = []
){
notice($vhosts)
}
I get these errors after my puppet run
Error: Invalid parameter project_name on project_vhosts::Vhosts[project_1] on node *
Wrapped exception:
Invalid parameter project_name
Error: Invalid parameter project_name on project_vhosts::Vhosts[project_1] on *
I get that it wants me to implement the parameters directly into the class. However what I really want is the hash available as a whole to me in the resource. What am I doing wrong here?
First off, please don't use [] to denote an empty hash. It's not. [] is the empty array, and {} is the empty hash.
To do what you want, your data just need one more layer of hashing.
vhost_data:
vhosts:
project_1:
name: project_1
project_name: project_1
project_2:
name: project_2
project_name: project_2
Then
$data = hiera('vhost_data', {})
create_resources(project_vhosts::vhosts, $vhosts)
Of course, there is yet a simpler way to do all of that with your data.
project_vhosts::vhosts {
'meaningless-resource-title':
vhosts => hiera('vhosts', {})
}
I try to create a chef cookbook to launch multiple mpd instances in my vagrant virtual box (using chef-solo).
I want to configure each instance in my Vagrantfile like this:
mpd: {
channels: {
mix: {
name: 'mpd_mix',
bind: '0.0.0.0',
socket: '/home/vagrant/.mpd/socket/mix',
port: '6600'
},
tech: {
name: 'mpd_tech',
bind: '0.0.0.0',
socket: '/home/vagrant/.mpd/socket/tech',
port: '6601'
}
}
}
So the recipe should take these settings and loop through them (creating an mpd instance for each channel).
This is what I currently have as a recipe:
package "mpd"
node.normal[:mpd][:channels].each_value do |channel|
# create socket
file channel[:socket] do
action :touch
end
# trying to set the attributes for the config file and the service
node.set[:mpd][:port] = channel[:port]
node.set[:mpd][:db_file] = "/var/lib/mpd/tag_cache_" + channel[:name]
node.set[:mpd][:bind_2] = channel[:socket]
node.set[:mpd][:icecast_mountpoint] = "/" + channel[:name] + ".mp3"
node.set[:mpd][:channel_name] = channel[:name]
# create service
service channel[:name] do
service_name "mpd" # linux service command
action :enable
end
# create the corresponding config file
config_filename = "/etc/" + channel[:name] + ".conf"
template config_filename do
source "mpd.conf.erb"
mode "0644"
notifies :restart, resources(:service => channel[:name])
end
end
I have several Problems with this:
Ist does not create a system service for each mpd instance, so I can do sudo service mpd_mix start. Why?
It does not use the /etc/mpd_mix.conf config file when launching mpd, because it still calls /etc/init.d/mpd start which uses /etc/mpd.conf. How can I change that, so it uses the correct config file for each mpd instance?
Adjusting the attributes for the creation of the config files does not work as expected (see the node.set part in the code above). Both config files, /etc/mpd_tech.conf and /etc/mpd_mix.conf use the tech channel attributes. Looks like the mix settings get overwritten somehow? How can I fix that?
I'd really appreciate some help on this as I am quite new to chef cookbooks.
I figured out how to do it. Here is the relevant code part:
node[:mpd][:channels].each_value do |channel|
# create socket
file channel[:socket] do
action :touch
end
# create init file
init_filename = "/etc/init.d/" + channel[:name]
template init_filename do
variables :channel => channel
source "mpd.init.erb"
mode "0755"
end
# create service
service channel[:name] do
service_name channel[:name] # linux service command
action :enable
end
# create config file
config_filename = "/etc/" + channel[:name] + ".conf"
template config_filename do
variables :channel => channel
source "mpd.conf.erb"
mode "0644"
notifies :restart, resources(:service => channel[:name])
end
end
If you want to take a closer look, take a look at the complete cookbook repository on github: https://github.com/i42n/chef-cookbook-mpd/blob/master/recipes/default.rb