cloud-init

[RFE] Please add encrypted_data_bag_secret to client.rb.tmpl in cc_chef

Bug #1817082 reported by Eric Williams on 2019-02-21

This bug affects 1 person

Affects

Status

Importance

Assigned to

Milestone

cloud-init

Fix Released

Wishlist

Eric Williams

You need to log in to change this bug's status.

Affecting:	cloud-init
Filed here by:	Eric Williams
When:	2019-02-21
Confirmed:	2019-02-21
Assigned:	2019-02-22
Started work:	2019-02-25
Completed:	2019-05-10

Target

Distribution
Package	(Find…)
Project	(Find…)

Status	Importance
	Wishlist

Assigned to

	Me
	Eric Williams (eric-canonical)

Comment on this change (optional)

Email me about changes to this bug report

(?)

Bug Description

This is a request to add support for the client configuration option "encrypted_data_bag_secret" in `chef_client.rb.tmpl` and the `chef` configuration block.

Use Case:

Enable cloud-init to manage Chef deployments where encrypted data bags are in use. The path to the secrets can be configured with Cloud init, while the secrets files themselves can be supplied via an external facility (e.g., Barbican, Vault).

Example:

# cloud-init
chef:
   install_type: "packages"
   server_url: https://api.opscode.com/organizations/myorg
   environment: dev
   validation_name: dev-validator
   validation_cert: dev-validator.pem
   run_list: role[db]
   encrypted_data_bag_secret: /etc/chef/encrypted_data_bag_secret

# /etc/chef/client.rb
log_level :info
log_location "/var/log/chef/client.log"
ssl_verify_mode :verify_none
validation_client_name "dev-validator"
validation_key "/etc/chef/validation.pem"
client_key "/etc/chef/client.pem"
chef_server_url "https://api.opscode.com/organizations/myorg"
environment "dev"
node_name "5a2f89c3-da3a-4c83-85d8-cbc8fa63f429"
json_attribs "/etc/chef/firstboot.json"
file_cache_path "/var/cache/chef"
file_backup_path "/var/backups/chef"
pid_file "/var/run/chef/client.pid"
Chef::Log::Formatter.show_time = true
encrypted_data_bag_secret "/etc/chef/encrypted_data_bag_secret"

Thanks,
Eric

See original description

Add tags Tag help

Dan Watkins (daniel-thewatkins) wrote on 2019-02-21:

Hi Eric,

Thanks for filing this feature request! Is this something you would be interested in contributing a fix for?

Thanks!

Dan

Changed in cloud-init:
status:	New → Triaged
importance:	Undecided → Wishlist

Eric Williams (eric-canonical) wrote on 2019-02-22:

@Dan

I'll give it a shot; I've assigned it to myself.

Thanks,
Eric

Changed in cloud-init:
assignee:	nobody → Eric Williams (eric-canonical)

Dan Watkins (daniel-thewatkins) wrote on 2019-02-22:

Great, thanks!

Eric Williams (eric-canonical) on 2019-02-24

description:

updated

Server Team CI bot (server-team-bot) wrote on 2019-02-25:

This bug is fixed with commit 8cfcc28d to cloud-init on branch master.
To view that commit see the following URL:
https://git.launchpad.net/cloud-init/commit/?id=8cfcc28d

Changed in cloud-init:
status:	Triaged → Fix Committed

Chad Smith (chad.smith) wrote on 2019-05-10: Fixed in cloud-init version 19.1.

This bug is believed to be fixed in cloud-init in version 19.1. If this is still a problem for you, please make a comment and set the state back to New

Thank you.

Changed in cloud-init:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information Edit

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers