I want to use data bag for store password with community cookbook mysql - how can i do this in elegant way?


#1

In previous question to the community/maillist I asked about how can i
store decrypt passwords.
And a answer is - store it in node.run_state hash - this is because
this is not persistent store and there is only during the launch of chef.

This is very good idea of course. But I can’t understand how can use it
in real world.

For example I upload mysql community cookbook to my chef server. For
deploy mysql data base server.

Mysql community cookbook has several default attributes of passwords
which is randomly generated by openssl. But we can override them.

How can I override them best practice ?

README.md at this cookbook has:

node[‘mysql’][‘server_root_password’] - Set the server’s root password
node[‘mysql’][‘server_repl_password’] - Set the replication user 'repl’
password
node[‘mysql’][‘server_debian_password’] - Set the debian-sys-maint user
password

“OK” said I, How can I setup them with node.run_state ?

One way is to create application cookbook (
http://devopsanywhere.blogspot.ru/2012/11/how-to-write-reusable-chef-cookbooks.html)
and in the recipe mode set vars:

mysql_acme/recipes/default:

code to setup node.run_state[‘mysql’][‘server_root_password’] and

others from data bags. i.e. retrive data bags from server, decrypt them etc.
how can i do this, i has chef error, when set this var: undefined method
`[]=’ for nil:NilClass ?

node[‘mysql’][‘server_root_password’] =
node.run_state[‘mysql’][‘server_root_password’]

before run mysql::server we setup node attributes

include_recipe “mysql::server”

This is not good idea because I use node attribute that persistent to
chef server and will be available after chef run to all nodes wia search.
Despite the fact that I used node.run_state.

I cannot understand how to use community cookbook with my own data bags?


Best regards,

CVision Lab System Administrator
Vladmir Skubriev