- From: Matthew Todd <
>
- To:
- Subject: [chef] Re: Re: Re: Why port 444 for openid_url?
- Date: Sun, 23 Aug 2009 11:01:29 +0300
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:content-type:message-id :content-transfer-encoding:from:subject:date:to:x-mailer; b=J/I37axD/NA/hSa2/cHGzKgusBch+IVpTIiPoxiSdlGVS6sL5ZYEKorFWlUNdeas4r Tu3MXt2PR3S9HP6o4YVarR3N7ch/MxPwnAr+piUXrbKpTlX+7T5zRdHEpaTbf8fnJ/Y2 hhqtZ//P7XdV0LtSuFXYvY4oq0aD1ix7gLf3Y=
On Aug 22, 2009, at 5:54 PM, Claus Divossen wrote:
That's good to hear! I hope that the web interface user's login will
also get rid of Open ID. We are using Chef on an internal site, behind
firewalls with no direct internet access, and I was quite annoyed
that I
had to set up an OpenID server just to log in to the admin interface.
For what it's worth, as an alternative to setting up an OpenID
server, you can create an OpenIDRegistration (the same thing each of
your Nodes has) for use as an admin account. This may be hackish, and
may not work at 0.8.0 and beyond, but it's working fine for me in the
meantime. :-)
http://github.com/matthewtodd/skillet/blob/
e0ec8343827ce7257e761db032f9c331dcf1fb82/config/environments/
development.rb#L15-24
I'm kind of cheating by hooking into the Merb::Bootloader. For a more
standard Chef server instance, I suppose you could run something like
this, totally off the top of my head and never-been-run, caveat lector:
#!/usr/bin/env ruby
require 'rubygems'
require 'chef'
Chef::Config.from_file('/etc/chef/server.rb')
admin_account = Chef::OpenIDRegistration.new
admin_account.name = 'admin'
admin_account.set_password 'foo'
admin_account.validated = true
admin_account.admin = true
admin_account.save
And then you can log in as <your Chef::Config[:openid_url]>/openid/
server/node/admin.
Cheers! -- Matthew
Archive powered by MHonArc 2.6.16.