chef - [chef] Re: Re: Best Practices for Retrieving Generated Passwords

First login ?
Lost password ?

Subscribers: 1946
Owners
Bryan McLellan
Joshua Timberman
Nathen Harvey
Seth Chisamore
Serdar Sutay

Subscribe
Unsubscribe
Info
Archive

Post

RSS
Shared documents

General discussion about Chef

[chef] Re: Re: Best Practices for Retrieving Generated Passwords

From: Dane Elwell < >
To: < >
Subject: [chef] Re: Re: Best Practices for Retrieving Generated Passwords
Date: Mon, 03 Dec 2012 18:10:25 +0000

On 2012-12-03 17:47, Adam Jacob wrote:

On 12/3/12 8:12 AM, "Dane Elwell"
< >
wrote:

Two questions:

* (Likely Chef 101 but I've not seen how to do this yet) Is there a way
I can store arbitrary data for the local node somewhere? For example, if
I generate a username and password for a haproxy statistics page, where
can I then retrieve these from? Use of an encrypted databag? This is
probably me just not RTFM to be fair - links appreciated.

So is the flow you are looking for here:

* Configure a bunch of services on a server, auto-generating secure
passwords
* Store those passwords in your arbitrary database someplace
* Profit

Yes?

The node itself stores its attributes, so that would be the logical place
for the auto-generated dataŠ but do you really want to store them in plain
text?

Indeed, that's kinda the flow I'm looking for, as strange as the second requirement may seem.

I don't have much insight as to the storage of those passwords on our other system as I have no control or view into the internal workings of that system. (I consider it to be a black box that consumes REST and JSON (luckily), maybe some SOAP, and spits out lots of information about our servers). FWIW, the security of that system is fairly robust.

* How can I gather this username/password information in a more
automated way? Is there an API of some kind that can be called to
retrieve this information from the Chef server? Unfortunately the
in-house system is developed by a separate team, so I don't have many
options for integration beyond "here's an API, implement this". I'm more
than happy to write glue code for this if necessary.

The Chef Server itself is a REST API, and you can absolutely use it here.
Answer my question above re: flow, and I'l reply again. :)

The Chef server API does seem to be the way to go here. The developers of the other system are attempting to standardize on REST and JSON APIs so getting them up and running with that shouldn't be too difficult!

Thanks

Dane

[chef] Best Practices for Retrieving Generated Passwords, Dane Elwell, 12/03/2012
- [chef] Re: Best Practices for Retrieving Generated Passwords, Jacobo García, 12/03/2012
- [chef] RE: Best Practices for Retrieving Generated Passwords, Matt Ray, 12/03/2012
  - [chef] Re: RE: Best Practices for Retrieving Generated Passwords, Andrea Campi, 12/03/2012
    - [chef] Re: Re: RE: Best Practices for Retrieving Generated Passwords, Dane Elwell, 12/03/2012
- [chef] Re: Best Practices for Retrieving Generated Passwords, Jay Feldblum, 12/03/2012
- [chef] Re: Best Practices for Retrieving Generated Passwords, Adam Jacob, 12/03/2012
  - [chef] Re: Re: Best Practices for Retrieving Generated Passwords, Dane Elwell, 12/03/2012