Authentication of chef clients with a git repo


#1

Hello,

I’m trying to use git scm resource but it’s not clear in the
documentation how to authenticate chef clients with a git server so
the clients can sync the repos. How is it done?

Thanks for your time.

Jacobo García López de Araujo
blog: http://robotplaysguitar.com
http://workingwithrails.com/person/13395-jacobo-garc-a


#2

On Apr 15, 2010, at 9:13 AM, Jacobo García wrote:

I’m trying to use git scm resource but it’s not clear in the
documentation how to authenticate chef clients with a git server so
the clients can sync the repos. How is it done?

Use a key, then git can tunnel over ssh without any username password mularchy…

John


John Merrells
http://johnmerrells.com
+1.415.244.5808


#3

I’m thinking making a recipe that generates a ssh key on every client
for the shell user that runs chef-client (root in my case), so when
chef-client tries to pull the repo.

This is what you refer?

Jacobo García López de Araujo
blog: http://robotplaysguitar.com
http://workingwithrails.com/person/13395-jacobo-garc-a

On Thu, Apr 15, 2010 at 6:29 PM, John Merrells john@merrells.com wrote:

On Apr 15, 2010, at 9:13 AM, Jacobo García wrote:

I’m trying to use git scm resource but it’s not clear in the
documentation how to authenticate chef clients with a git server so
the clients can sync the repos. How is it done?

Use a key, then git can tunnel over ssh without any username password mularchy…

John


John Merrells
http://johnmerrells.com
+1.415.244.5808


#4

On Apr 15, 2010, at 9:52 AM, Jacobo García wrote:

I’m thinking making a recipe that generates a ssh key on every client
for the shell user that runs chef-client (root in my case), so when
chef-client tries to pull the repo.

This is what you refer?

Yes.

You’ll also need the server key in the client’s known_hosts file.

Note that you might find it more manageable to have the same
on all the client machines…

I have a recipe which creates the same

/root/.ssh/id_rsa
/root/.ssh/id_rsa.pub
/root/.ssh/knownhosts

on all the machines that pull from the same repo. Which in my
case is github.

But, yes different keys everywhere would be more secure.

John


John Merrells
http://johnmerrells.com
+1.415.244.5808


#5

I’ll do that.

Thanks a lot.

Jacobo García López de Araujo
blog: http://robotplaysguitar.com
http://workingwithrails.com/person/13395-jacobo-garc-a

On Thu, Apr 15, 2010 at 7:00 PM, John Merrells john@merrells.com wrote:

On Apr 15, 2010, at 9:52 AM, Jacobo García wrote:

I’m thinking making a recipe that generates a ssh key on every client
for the shell user that runs chef-client (root in my case), so when
chef-client tries to pull the repo.

This is what you refer?

Yes.

You’ll also need the server key in the client’s known_hosts file.

Note that you might find it more manageable to have the same
on all the client machines…

I have a recipe which creates the same

/root/.ssh/id_rsa
/root/.ssh/id_rsa.pub
/root/.ssh/knownhosts

on all the machines that pull from the same repo. Which in my
case is github.

But, yes different keys everywhere would be more secure.

John


John Merrells
http://johnmerrells.com
+1.415.244.5808