[chef] Re: Re: Best Practices for Retrieving Generated Passwords

Chronological Thread 
  • From: Dane Elwell < >
  • To: < >
  • Subject: [chef] Re: Re: Best Practices for Retrieving Generated Passwords
  • Date: Mon, 03 Dec 2012 18:10:25 +0000

On 2012-12-03 17:47, Adam Jacob wrote:
On 12/3/12 8:12 AM, "Dane Elwell" 
< >
Two questions:

* (Likely Chef 101 but I've not seen how to do this yet) Is there a way
I can store arbitrary data for the local node somewhere? For example, if
I generate a username and password for a haproxy statistics page, where
can I then retrieve these from? Use of an encrypted databag? This is
probably me just not RTFM to be fair - links appreciated.

So is the flow you are looking for here:

* Configure a bunch of services on a server, auto-generating secure
* Store those passwords in your arbitrary database someplace
* Profit


The node itself stores its attributes, so that would be the logical place
for the auto-generated dataŠ but do you really want to store them in plain

Indeed, that's kinda the flow I'm looking for, as strange as the second requirement may seem.

I don't have much insight as to the storage of those passwords on our other system as I have no control or view into the internal workings of that system. (I consider it to be a black box that consumes REST and JSON (luckily), maybe some SOAP, and spits out lots of information about our servers). FWIW, the security of that system is fairly robust.

* How can I gather this username/password information in a more
automated way? Is there an API of some kind that can be called to
retrieve this information from the Chef server? Unfortunately the
in-house system is developed by a separate team, so I don't have many
options for integration beyond "here's an API, implement this". I'm more
than happy to write glue code for this if necessary.

The Chef Server itself is a REST API, and you can absolutely use it here.
Answer my question above re: flow, and I'l reply again. :)

The Chef server API does seem to be the way to go here. The developers of the other system are attempting to standardize on REST and JSON APIs so getting them up and running with that shouldn't be too difficult!



Archive powered by MHonArc 2.6.16.