Hi Chefs,
I was wondering it it was possible to write to a data bag from within a
recipe?
I know this is not the main purpose of a data bag but sometimes I need to
exchange data between several nodes. I sure can put that data in myself but
it’d be better if fully automated.
–
Dorian JAMINAIS
System Administrator
+33 6 95 10 95 37
http://perfect-memory.com
https://twitter.com/semanticbushttp://www.facebook.com/pages/Perfect-Memory/155555567821817
It can be done, the permissions out of the box don’t allow it though. Check this out:
http://docs.opscode.com/essentials_data_bags.html#create-and-edit
Thanks,
Matt Ray
Cloud Integrations Product Lead :: Opscodehttp://opscode.com
512.731.2218 :: matt@opscode.com
mattray :: GitHubhttp://github.com/mattray/ :: IRC :: Twitterhttp://twitter.com/mattray
From: Dorian Jaminais
Sent: Tuesday, July 09, 2013 5:40 AM
To: chef@lists.opscode.com
Subject: [chef] data bags and recipe
Hi Chefs,
I was wondering it it was possible to write to a data bag from within a recipe?
I know this is not the main purpose of a data bag but sometimes I need to exchange data between several nodes. I sure can put that data in myself but it’d be better if fully automated.
–
Dorian JAMINAIS
System Administrator
+33 6 95 10 95 37
[http://i.imgur.com/zaIatYO.png]http://perfect-memory.com
[http://i.imgur.com/g7RkQnG.png]https://twitter.com/semanticbus[http://i.imgur.com/V27iqb6.png]http://www.facebook.com/pages/Perfect-Memory/155555567821817
Thanks for your answer, actually I was hoping for something less risky than
giving my nodes admin permission.
2013/7/9 Matt Ray matt@opscode.com
It can be done, the permissions out of the box don't allow it though.
Check this out:
About Data BagsThanks,Matt Ray
Cloud Integrations Product Lead :: Opscode http://opscode.com
512.731.2218 :: matt@opscode.com
mattray :: GitHub http://github.com/mattray/ :: IRC :: Twitterhttp://twitter.com/mattray
From: Dorian Jaminais
Sent: Tuesday, July 09, 2013 5:40 AM
To: chef@lists.opscode.com
Subject: [chef] data bags and recipeHi Chefs,
I was wondering it it was possible to write to a data bag from within a
recipe?
I know this is not the main purpose of a data bag but sometimes I need to
exchange data between several nodes. I sure can put that data in myself but
it'd be better if fully automated.--
Dorian JAMINAIS
System Administrator
+33 6 95 10 95 37
http://perfect-memory.comhttps://twitter.com/semanticbushttp://www.facebook.com/pages/Perfect-Memory/155555567821817
--
Dorian JAMINAIS
System Administrator
+33 6 95 10 95 37
http://perfect-memory.com
https://twitter.com/semanticbushttp://www.facebook.com/pages/Perfect-Memory/155555567821817
Hi Dorian.
What kind of data do you need to exchange between nodes?
One strategy I've used in the past is having clients stash data in their
own node object and having others search for it.
Something like this may or may not work for you:
stash data:
https://github.com/someara/pki-cookbook/blob/master/providers/servercert.rb#L26
then search
https://github.com/someara/pki-cookbook/blob/master/recipes/server.rb#L29
-s
On Tue, Jul 9, 2013 at 6:40 AM, Dorian Jaminais <
dorian.jaminais@perfect-memory.com> wrote:
Hi Chefs,
I was wondering it it was possible to write to a data bag from within a
recipe?
I know this is not the main purpose of a data bag but sometimes I need to
exchange data between several nodes. I sure can put that data in myself but
it'd be better if fully automated.--
Dorian JAMINAIS
System Administrator
+33 6 95 10 95 37
http://perfect-memory.comhttps://twitter.com/semanticbushttp://www.facebook.com/pages/Perfect-Memory/155555567821817
Hi Sean,
I also do that for most of the data.
My use case here is to store passwords generated on the node to be used by
other nodes. We have separated environment for each client with dedicated
databags and encryption key so I wanted to leverage this to avoid having
the password in plaintext in the node's attribute.
2013/7/9 Sean OMeara someara@gmail.com
Hi Dorian.
What kind of data do you need to exchange between nodes?
One strategy I've used in the past is having clients stash data in their
own node object and having others search for it.Something like this may or may not work for you:
stash data:
https://github.com/someara/pki-cookbook/blob/master/providers/servercert.rb#L26
then search
https://github.com/someara/pki-cookbook/blob/master/recipes/server.rb#L29
-s
On Tue, Jul 9, 2013 at 6:40 AM, Dorian Jaminais <
dorian.jaminais@perfect-memory.com> wrote:Hi Chefs,
I was wondering it it was possible to write to a data bag from within a
recipe?
I know this is not the main purpose of a data bag but sometimes I need to
exchange data between several nodes. I sure can put that data in myself but
it'd be better if fully automated.--
Dorian JAMINAIS
System Administrator
+33 6 95 10 95 37
http://perfect-memory.comhttps://twitter.com/semanticbushttp://www.facebook.com/pages/Perfect-Memory/155555567821817
--
Dorian JAMINAIS
System Administrator
+33 6 95 10 95 37
http://perfect-memory.com
https://twitter.com/semanticbushttp://www.facebook.com/pages/Perfect-Memory/155555567821817
I did something like this for managing RunDeck SSH key pairs and I can
testify that it does, in fact, work. Data bag items have a couple of
tricks to them but the documentation sorted me out. Due to the way
encrypted data bag items are handled, you have to do a few things
differently if you're generating one -- essentially, you create a data bag
item first, then pass in the encrypted data bag item as payload. Then you
call #save on the containing data bag item and you're all set.
If you aren't already writing these as library functions, I'd suggest doing
that for the cookbook. It does make your recipe a bit more readable ...
and, of course, once you're writing pure Ruby in your library you can
document it like any other Ruby code.
On Tue, Jul 9, 2013 at 6:35 AM, Dorian Jaminais <
dorian.jaminais@perfect-memory.com> wrote:
Hi Sean,
I also do that for most of the data.
My use case here is to store passwords generated on the node to be used by
other nodes. We have separated environment for each client with dedicated
databags and encryption key so I wanted to leverage this to avoid having
the password in plaintext in the node's attribute.2013/7/9 Sean OMeara someara@gmail.com
Hi Dorian.
What kind of data do you need to exchange between nodes?
One strategy I've used in the past is having clients stash data in their
own node object and having others search for it.Something like this may or may not work for you:
stash data:
https://github.com/someara/pki-cookbook/blob/master/providers/servercert.rb#L26
then search
https://github.com/someara/pki-cookbook/blob/master/recipes/server.rb#L29
-s
On Tue, Jul 9, 2013 at 6:40 AM, Dorian Jaminais <
dorian.jaminais@perfect-memory.com> wrote:Hi Chefs,
I was wondering it it was possible to write to a data bag from within a
recipe?
I know this is not the main purpose of a data bag but sometimes I need
to exchange data between several nodes. I sure can put that data in myself
but it'd be better if fully automated.--
Dorian JAMINAIS
System Administrator
+33 6 95 10 95 37
http://perfect-memory.comhttps://twitter.com/semanticbushttp://www.facebook.com/pages/Perfect-Memory/155555567821817
--
Dorian JAMINAIS
System Administrator
+33 6 95 10 95 37
http://perfect-memory.comhttps://twitter.com/semanticbushttp://www.facebook.com/pages/Perfect-Memory/155555567821817
Dorian,
You can simply store an encrypted version of the password in the node’s
attributes. You can use the normal Ruby OpenSSL stdlib to do the encryption
(the encrypted data-bag code does that under the hood).
You can even use the encrypted-data-bag key for this purpose, provided the
key management procedures are appropriate.
You do not need to write to encrypted data-bag items from within recipes.
Cheers,
Jay Feldblum
