Chef Solo and postgres password


#1

Hi –

I’m using the postgresql and database cookbooks with Chef Solo. This is
all working quite nicely!
The one little thing that seems a bit clumsy is that I have to supply
both the hashed and plain text passwords. Am I correct about that?
postgresql_database requires the plain text version.
Using postgresql cookbook requires adding the /hashed/ version to the node.
Ideally, I’d rather not have unencrypted passwords lying around… I
guess the best thing is to use encrypted data bags?

database cookbook:

create a postgresql database

postgresql_database ‘mr_softie’ do
connection(
:host => ‘127.0.0.1’
:port => 5432,
:username => ‘postgres’,
:password => node[‘postgresql’][‘password’][‘postgres’]
)
action :create
end

postgresql cookbook:

|{
“postgresql”: {
“password”: {
“postgres”: “iloverandompasswordsbutthiswilldo”
}
},
“run_list”: [“recipe[postgresql::server]”]
}
|

That should actually be the “encrypted password” instead of cleartext,
so you should generate it as an md5 hash using the PostgreSQL algorithm.


Liam Kirsher
PGP: http://liam.numenet.com/pgp/