I am just trying toprototype chef-vault databag encryption and following
My environment is behind firewall with no internet access
when I run my recipe I get following errors
retrying fetcher due to error (2/4); Bundler::HTTPError could not fetch specs from https://www.rubygems.org/
Googling it tells me setting up a proxy for that url which I don;t want to do. Are there any other work around? I did download chef-vault-3.4.3.gem file and using cookbook_file and chef_gemwas able to install but as soon as I add depends 'chef-vault' in cookbook's metadata.rb the error comes back...
So the gem is installed in the node you are testing on? Can you provide details on your recipe and the error output? One thing you should definitely consider is running a private gems repository in your network. You can run Geminabox fairly easily and will only need to punch a hole for that to rubygems.org. you will have to point your chef clients to it as their gems source. I have the same restrictions and it is the way that I have it set up.
The only recipe in the cookbook has 2 lines displaying plain text (hopefully) values from the vault. The line in metadata.rb depends 'chef-vault' causes it to set up gem chef-vault and everything goes downhill from there..
I guess I will have to look into geminabox solution. Will follow https://github.com/geminabox/geminabox see how far I can go.. unless there is some other option..
In reality we need chef-vault cookbook to install chef-vault.gem on the node and then use vault helper methods, right?
If I have a node which has chef-vault.gem already installed, I can get away with all geminabox and opening my firewall, only thing I will be missing is helper methods like chef_vault_item
To access vault from node, can I not use knife vault commands form my recipe? I noticed that knife is already installed on the node (not sure how and when), so can I not use it from recipe?
I'll get back to you on this when I check my setup again. It's been a while since I have one this so I will double check but I think it has something to do with the way my the vault cookbook is setup.