- From: Dane Elwell <
- To: <
- Subject: [chef] Best Practices for Retrieving Generated Passwords
- Date: Mon, 03 Dec 2012 16:12:32 +0000
I work for a small ISP with about 23,000 servers and I'm trying to get
some configuration management in the mix to help deploy/support a new
product we're about to roll out.
I'm currently in the process of biting off more than I can chew with
Chef, so some of this may be Chef 101. I apologise if I'm asking stupid
questions, but I've not been able to find a solid answer elsewhere (and
I would consider my Google-fu fairly tuned).
We have an in-house application that helps us to manage our inventory,
assets, passwords, etc for the all the servers we host. I need to get
Chef to configure a server with users and passwords, along with
generating some other information to go into various configuration files
on the server. These must all be retrieved and placed into our in-house
system so we have them all on record.
I've had a look at the Users cookbook and I see this can generate
passwords and such, and then (from what I can ascertain) those items
become available through `knife node show nodename -m`. Which is fine
for the odd server here and there, but I intend to use this to deploy a
few hundred servers, so automation is a must.
* (Likely Chef 101 but I've not seen how to do this yet) Is there a way
I can store arbitrary data for the local node somewhere? For example, if
I generate a username and password for a haproxy statistics page, where
can I then retrieve these from? Use of an encrypted databag? This is
probably me just not RTFM to be fair - links appreciated.
* How can I gather this username/password information in a more
automated way? Is there an API of some kind that can be called to
retrieve this information from the Chef server? Unfortunately the
in-house system is developed by a separate team, so I don't have many
options for integration beyond "here's an API, implement this". I'm more
than happy to write glue code for this if necessary.
I hope my requirements make sense, and I apologise again for being
- [chef] Best Practices for Retrieving Generated Passwords, Dane Elwell, 12/03/2012
Archive powered by MHonArc 2.6.16.