5. htpasswd
We need this contents to be in
node['apache']['dir']/htpasswd
admin:$apr1$ejZO6aAi$9zUZFyNxkX7pHOfqnjs8/0
Copy/paste from http://goo.gl/6sEYT5
7. Putting file to server #1
../cookbooks/webserver/recipes/default.rb
file "#{node['apache']['dir']}/htpasswd" do
owner 'root'
group node['apache']['root_group']
mode '0644'
backup false
content "admin:
$apr1$ejZO6aAi$9zUZFyNxkX7pHOfqnjs8/0"
end
8. Putting file to server #2
●
'content' attribute is not really scalable – what if
we need 2Kb of text inside?
●
Lets first comment out with # content attribute
●
create file
../cookbooks/webserver/files/default/htpasswd
●
and put root (not admin!) and password hash to it
●
Change resource from 'file' to 'cookbook_file'
9. Putting file to server #2
../cookbooks/webserver/recipes/default.rb
cookbook_file "#{node['apache']['dir']}/htpasswd" do
owner 'root'
group node['apache']['root_group']
mode '0644'
backup false
end
10. Welcome Berks-way!
gem install berkshelf
Test it with “berks -v”
-------------------------------------------------------------On Windows you'll need to add to chefrepo/.berkshelf/config.json:
"ssl": {
"verify": false
}
11. Move out community cookbooks
●
Add a line to Berksfile:
cookbook “cookbook” path: cookbooks/webserver
●
berks install ← download cookbook to local folder
●
berks upload ← upload cookbooks to Chef Server
●
remove 'apache2' folder from chef_repo
Where is cookbook now anyway?
12. Well done! Lets put it to git
git commit -a -m “Initial commit”
git push origin master
14. Lets do it better now!
https://github.com/Youscribe/htpasswdcookbook
Goal: specify user/pass with cookbook
attributes
Copy/paste from http://goo.gl/6sEYT5
15. New cookbook in Berksfile
cookbook "htpasswd", git:
https://github.com/Youscribe/htpasswdcookbook.git
23. Data bag CLI
knife data bag create htpasswd
knife data bag from file htpasswd user1.json
knife data bag from file htpasswd
data_bags/htpasswd/*
knife search htpasswd "(id:user1)"
knife search htpasswd "(nodes:yournode)"
25. Just an example of solution...
file "#{node['apache']['dir']}/htpasswd" do
action :delete
end
search(:htpasswd, "nodes:#{node.name}") do |user|
htpasswd "#{node['apache']['dir']}/htpasswd" do
user user['id']
password user['pass']
notifies :reload, 'service[apache2]'
end
end