I’m in the process of developing a cookbook for managing ssl certificates
on Windows.
So far, it only contains a lwrp responsible for installing a certificate in
the Windows cert store and managing permissions on private keys.
Other cookbooks however need to be able to look up certain attributes on
certificates in the store.
For example, some_cookbook might need to find the certificate thumbprint
for the certificate with the subject name “foo.bar.baz”.
In a some_cookbook recipe I might have:
windows_certificate “foo.bar.baz” do
action :install
source "foo.bar.baz.pfx"
password "foobar"
end
I would then like to be able to look up the thumbprint for a certificate:
So my question is - what is the best practice for populating custom node
attributes like these?
I could simply make my lwrp call node.set for each certificate installed -
is that kosher?
Should this rather be an ohai plugin? Is there another approach that I’m
missing?
Our latest approach uses an explicit act of publishing by the providing
node and equivalent lookup by the client node. This way if we changed the
implementation of the node, the clients won't break. This approach also
made it possible to use data bags to publish data from unmanaged nodes but
still access it through a uniform api. See [1]
On Thursday, July 11, 2013, Sölvi Páll Ásgeirsson wrote:
Hi everyone
I'm in the process of developing a cookbook for managing ssl certificates
on Windows.
So far, it only contains a lwrp responsible for installing a certificate
in the Windows cert store and managing permissions on private keys.
Other cookbooks however need to be able to look up certain attributes on
certificates in the store.
For example, some_cookbook might need to find the certificate thumbprint
for the certificate with the subject name "foo.bar.baz".
In a some_cookbook recipe I might have:
windows_certificate "foo.bar.baz" do
action :install
source "foo.bar.baz.pfx"
password "foobar"
end
I would then like to be able to look up the thumbprint for a certificate:
So my question is - what is the best practice for populating custom node
attributes like these?
I could simply make my lwrp call node.set for each certificate installed -
is that kosher?
Should this rather be an ohai plugin? Is there another approach that I'm
missing?
Our latest approach uses an explicit act of publishing by the providing
node and equivalent lookup by the client node. This way if we changed the
implementation of the node, the clients won't break. This approach also
made it possible to use data bags to publish data from unmanaged nodes but
still access it through a uniform api. See [1]
On Thursday, July 11, 2013, Sölvi Páll Ásgeirsson wrote:
Hi everyone
I'm in the process of developing a cookbook for managing ssl certificates
on Windows.
So far, it only contains a lwrp responsible for installing a certificate
in the Windows cert store and managing permissions on private keys.
Other cookbooks however need to be able to look up certain attributes on
certificates in the store.
For example, some_cookbook might need to find the certificate thumbprint
for the certificate with the subject name "foo.bar.baz".
In a some_cookbook recipe I might have:
windows_certificate "foo.bar.baz" do
action :install
source "foo.bar.baz.pfx"
password "foobar"
end
I would then like to be able to look up the thumbprint for a certificate:
So my question is - what is the best practice for populating custom node
attributes like these?
I could simply make my lwrp call node.set for each certificate installed
is that kosher?
Should this rather be an ohai plugin? Is there another approach that I'm
missing?