chef - [chef] Best Practices for Retrieving Generated Passwords

Subscribers: 1946
Owners
Bryan McLellan
Joshua Timberman
Nathen Harvey
Seth Chisamore
Serdar Sutay

Subscribe
Unsubscribe
Info
Archive

Post

RSS
Shared documents

General discussion about Chef

[chef] Best Practices for Retrieving Generated Passwords

From: Dane Elwell < >
To: < >
Subject: [chef] Best Practices for Retrieving Generated Passwords
Date: Mon, 03 Dec 2012 16:12:32 +0000

Hi,

I work for a small ISP with about 23,000 servers and I'm trying to get some configuration management in the mix to help deploy/support a new product we're about to roll out.

I'm currently in the process of biting off more than I can chew with Chef, so some of this may be Chef 101. I apologise if I'm asking stupid questions, but I've not been able to find a solid answer elsewhere (and I would consider my Google-fu fairly tuned).

We have an in-house application that helps us to manage our inventory, assets, passwords, etc for the all the servers we host. I need to get Chef to configure a server with users and passwords, along with generating some other information to go into various configuration files on the server. These must all be retrieved and placed into our in-house system so we have them all on record.

I've had a look at the Users cookbook and I see this can generate passwords and such, and then (from what I can ascertain) those items become available through `knife node show nodename -m`. Which is fine for the odd server here and there, but I intend to use this to deploy a few hundred servers, so automation is a must.

Two questions:

* (Likely Chef 101 but I've not seen how to do this yet) Is there a way I can store arbitrary data for the local node somewhere? For example, if I generate a username and password for a haproxy statistics page, where can I then retrieve these from? Use of an encrypted databag? This is probably me just not RTFM to be fair - links appreciated.

* How can I gather this username/password information in a more automated way? Is there an API of some kind that can be called to retrieve this information from the Chef server? Unfortunately the in-house system is developed by a separate team, so I don't have many options for integration beyond "here's an API, implement this". I'm more than happy to write glue code for this if necessary.

I hope my requirements make sense, and I apologise again for being clueless. :)

Dane

[chef] Best Practices for Retrieving Generated Passwords, Dane Elwell, 12/03/2012
- [chef] Re: Best Practices for Retrieving Generated Passwords, Jacobo García, 12/03/2012
- [chef] RE: Best Practices for Retrieving Generated Passwords, Matt Ray, 12/03/2012
  - [chef] Re: RE: Best Practices for Retrieving Generated Passwords, Andrea Campi, 12/03/2012
    - [chef] Re: Re: RE: Best Practices for Retrieving Generated Passwords, Dane Elwell, 12/03/2012
      - [chef] Re: Re: Re: RE: Best Practices for Retrieving Generated Passwords, Andrea Campi, 12/04/2012
- [chef] Re: Best Practices for Retrieving Generated Passwords, Jay Feldblum, 12/03/2012
- [chef] Re: Best Practices for Retrieving Generated Passwords, Adam Jacob, 12/03/2012
  - [chef] Re: Re: Best Practices for Retrieving Generated Passwords, Dane Elwell, 12/03/2012