On Thu, Jan 22, 2015 at 2:55 PM, Fouts, Chris <
" target="_blank">
> wrote:
Like I said, I have this in my knife.rb file.
…….
validation_key "#{current_dir}/validator.pem"
encrypted_data_bag_secret “#{current_dir}/encrypted_data_bag_secret”
.....
My knife.rb, validator.pem, encrypted_data_bag_secret, are all on my <some_dir>/.chef directory. If it works for the validation_key property, why not the encrypted_data_bag_secret property? I did a puts and, you're correct, it's not expanding the <%= encrypted_data_bag_secret
%>, but why?
Chris
-----Original Message-----
From: AJ Christensen [mailto:
">
]
Sent: Wednesday, January 21, 2015 5:28 PM
To:
">
Subject: [chef] Re: RE: Re: RE: Re: Using encrypted data bags in cookbooks?
It looks like your knife config is wrong. Can you puts the value of the encrypted_data_bag_secret after setting it? does that path expand properly?
"#{home_dir}/.chef/encrypted_data_bag_secret"
do you have a local variable called "home_dir" in your knife.rb ? this ruby string expansion relies on it. if nil, the path is probably borked.
chuck `puts encrypted_data_bag_secret` in you config and see what it reckons
cheers,
--aj
On Thu, Jan 22, 2015 at 10:26 AM, Fouts, Chris <
">
> wrote:
> Thanks, but I was under the impression that the bootstrap (even the
> default
> template) will do this for me, using the same process it does to copy
> the validator.pem locally to the node. I see this in the chef-full.erb
> file
>
>
>
> <% if encrypted_data_bag_secret -%>
>
> cat > /etc/chef/encrypted_data_bag_secret <<'EOP'
>
> <%= encrypted_data_bag_secret %>
>
> EOP
>
> chmod 0600 /etc/chef/encrypted_data_bag_secret
>
> <% end -%>
>
>
>
> Chris
>
> From: Tiago Cruz [mailto:
">
]
> Sent: Wednesday, January 21, 2015 3:27 PM
> To:
">
> Subject: [chef] Re: RE: Re: Using encrypted data bags in cookbooks?
>
>
>
> You need to scp the file to your node at
> /etc/chef/encrypted_data_bag_secret
>
>
>
> On Wed, Jan 21, 2015 at 6:09 PM, Fouts, Chris <
">
>
> wrote:
>
> I have this in my knife.rb file
>
>
>
> …….
>
> validation_key "#{current_dir}/validator.pem"
>
> encrypted_data_bag_secret “#{current_dir}/encrypted_data_bag_secret”
>
> …….
>
>
>
> The knife.rb, validator.pem, and encrypted_data_bag_secret files are
> in <some_path>/.chef directory.
>
>
>
> Chris
>
>
>
>
>
>
>
>
>
> From: Daniel Condomitti [mailto:
">
]
> Sent: Wednesday, January 21, 2015 2:45 PM
> To:
">
> Subject: [chef] Re: Using encrypted data bags in cookbooks?
>
>
>
> Are you using a custom bootstrap template? Check your template to
> ensure that your template includes the encrypted_data_bag_secret logic
>
https://github.com/opscode/chef/blob/master/lib/chef/knife/bootstrap/c
> hef-full.erb#L46
>
>
>
> Is the correct path being used in your knife config?
>
> On Wednesday, January 21, 2015 at 2:38 PM, Fouts, Chris wrote:
>
> Client: v12.0.3
>
> Server: Chef 12 Enterprise
>
>
>
> I’m encrypting my data bags, but now of course would want to use them
> when I run my cookbooks in my nodes. This means that I’ll need to
> decrypt my data bag, which in turn means I’ll need the key. One
> solution I’ve been reading is to copy the key file in the node’s
> /etc/chef/* directory during the bootstrap process. I read this
>
http://lists.opscode.com/sympa/arc/chef/2013-04/msg00142.html, which
> shows adding this line in the knife.rb file
>
>
>
> encrypted_data_bag_secret "#{home_dir}/.chef/encrypted_data_bag_secret"
>
>
>
> …which will then automagically copy the file over to the node.
> However, I don’t see /etc/chef/encrypted_data_bag file in the boostrapped node.
>
>
>
> What am I missing?
>
>
>
> Chris
>
>
>
>
>
>
>
>
>
>
>
>
>
> --
>
> -- Tiago Cruz