[RFE] Please add encrypted_data_bag_secret to client.rb.tmpl in cc_chef

Bug #1817082 reported by Eric Williams on 2019-02-21
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
cloud-init
Wishlist
Eric Williams

Bug Description

This is a request to add support for the client configuration option "encrypted_data_bag_secret" in `chef_client.rb.tmpl` and the `chef` configuration block.

Use Case:

Enable cloud-init to manage Chef deployments where encrypted data bags are in use. The path to the secrets can be configured with Cloud init, while the secrets files themselves can be supplied via an external facility (e.g., Barbican, Vault).

Example:

# cloud-init
chef:
   install_type: "packages"
   server_url: https://api.opscode.com/organizations/myorg
   environment: dev
   validation_name: dev-validator
   validation_cert: dev-validator.pem
   run_list: role[db]
   encrypted_data_bag_secret: /etc/chef/encrypted_data_bag_secret

=>

# /etc/chef/client.rb
log_level :info
log_location "/var/log/chef/client.log"
ssl_verify_mode :verify_none
validation_client_name "dev-validator"
validation_key "/etc/chef/validation.pem"
client_key "/etc/chef/client.pem"
chef_server_url "https://api.opscode.com/organizations/myorg"
environment "dev"
node_name "5a2f89c3-da3a-4c83-85d8-cbc8fa63f429"
json_attribs "/etc/chef/firstboot.json"
file_cache_path "/var/cache/chef"
file_backup_path "/var/backups/chef"
pid_file "/var/run/chef/client.pid"
Chef::Log::Formatter.show_time = true
encrypted_data_bag_secret "/etc/chef/encrypted_data_bag_secret"

Thanks,
Eric

Dan Watkins (daniel-thewatkins) wrote :

Hi Eric,

Thanks for filing this feature request! Is this something you would be interested in contributing a fix for?

Thanks!

Dan

Changed in cloud-init:
status: New → Triaged
importance: Undecided → Wishlist
Eric Williams (eric-canonical) wrote :

@Dan

I'll give it a shot; I've assigned it to myself.

Thanks,
Eric

Changed in cloud-init:
assignee: nobody → Eric Williams (eric-canonical)
Dan Watkins (daniel-thewatkins) wrote :

Great, thanks!

description: updated

This bug is fixed with commit 8cfcc28d to cloud-init on branch master.
To view that commit see the following URL:
https://git.launchpad.net/cloud-init/commit/?id=8cfcc28d

Changed in cloud-init:
status: Triaged → Fix Committed

This bug is believed to be fixed in cloud-init in version 19.1. If this is still a problem for you, please make a comment and set the state back to New

Thank you.

Changed in cloud-init:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers