chef-vault-retry 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.gitignore +2 -0
- data/Gemfile +3 -0
- data/README.md +39 -0
- data/chef-vault-retry.gemspec +19 -0
- data/lib/chef-vault-retry.rb +39 -0
- data/lib/chef-vault-retry/version.rb +20 -0
- metadata +65 -0
checksums.yaml
ADDED
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
---
|
|
2
|
+
SHA1:
|
|
3
|
+
metadata.gz: ff30d34bbf8026116369661dfe0339c53bfb2b51
|
|
4
|
+
data.tar.gz: a527512f4de92b17142e06c7993beaa670ff4289
|
|
5
|
+
SHA512:
|
|
6
|
+
metadata.gz: 41b84e9897fe479a20032128b488955a32cae01f308715c8135b1c201bb03cb9b1d4feaf2c11f6dff4fde35fa8e0cccd5e66abeefaa7245d9a7224b6c61df285
|
|
7
|
+
data.tar.gz: f1c0f2d2ae341a2e17f902cbd30ae09b76991be40f485a33e95041e7607ec55b37ce23453a087a3ac64a09d8868737c96c7fedcb39d3b1c2192c2e51e0b50cb9
|
data/.gitignore
ADDED
data/Gemfile
ADDED
data/README.md
ADDED
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
## Overview
|
|
2
|
+
|
|
3
|
+
Wraps `ChefVault::Item.load` with a new method `ChefVaultRetry::Item.load` that will periodically retry to decrypt the secret if an exception is raised. This is primarily intended to ease the bootstrapping of new systems by keeping chef-client runs from failing.
|
|
4
|
+
|
|
5
|
+
## Use
|
|
6
|
+
|
|
7
|
+
Replace the following code in your recipes:
|
|
8
|
+
|
|
9
|
+
```
|
|
10
|
+
chef_gem 'chef-vault' do
|
|
11
|
+
compile_time true if respond_to?(:compile_time)
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
require 'chef-vault'
|
|
15
|
+
|
|
16
|
+
item = ChefVault::Item.load('passwords', 'root')
|
|
17
|
+
item['password']
|
|
18
|
+
```
|
|
19
|
+
|
|
20
|
+
with this instead:
|
|
21
|
+
|
|
22
|
+
```
|
|
23
|
+
chef_gem 'chef-vault-retry' do
|
|
24
|
+
compile_time true if respond_to?(:compile_time)
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
require 'chef-vault-retry'
|
|
28
|
+
|
|
29
|
+
item = ChefVaultRetry::Item.load('passwords', 'root')
|
|
30
|
+
item['password']
|
|
31
|
+
```
|
|
32
|
+
|
|
33
|
+
The same ChefVault::Item.load method will be called, but if a secret decryption exception is raised:
|
|
34
|
+
|
|
35
|
+
1. A message will output about the failure
|
|
36
|
+
* e.g. `SecretDecryption exception raised; please refresh vault item (passwords/root)`
|
|
37
|
+
2. Recipe execution will pause for 30 seconds
|
|
38
|
+
3. The process will repeat
|
|
39
|
+
* It will repeat this 40 times by default (~20 minutes). The number of retries can be customized by passing a Fixnum as the `retries` argument of `ChefVaultRetry::Item.load`
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
$:.push File.expand_path('../lib', __FILE__)
|
|
2
|
+
require 'chef-vault-retry/version'
|
|
3
|
+
|
|
4
|
+
Gem::Specification.new do |s|
|
|
5
|
+
s.name = 'chef-vault-retry'
|
|
6
|
+
s.version = ChefVaultRetry::VERSION
|
|
7
|
+
s.authors = ['Biola University']
|
|
8
|
+
s.email = ['sysadmins@biola.edu']
|
|
9
|
+
s.summary = 'Retry support for chef-vault'
|
|
10
|
+
s.description = s.summary
|
|
11
|
+
s.homepage = 'https://github.com/biola/chef-vault-retry'
|
|
12
|
+
|
|
13
|
+
s.license = 'Apache License, v2.0'
|
|
14
|
+
|
|
15
|
+
s.files = `git ls-files`.split("\n")
|
|
16
|
+
s.require_paths = ['lib']
|
|
17
|
+
|
|
18
|
+
s.add_runtime_dependency 'chef-vault', '~> 2.6'
|
|
19
|
+
end
|
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
#
|
|
2
|
+
# Author:: Troy Ready (<troy.ready@biola.edu>)
|
|
3
|
+
#
|
|
4
|
+
# Copyright:: 2015, Biola University
|
|
5
|
+
#
|
|
6
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
7
|
+
# you may not use this file except in compliance with the License.
|
|
8
|
+
# You may obtain a copy of the License at
|
|
9
|
+
#
|
|
10
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
|
11
|
+
#
|
|
12
|
+
# Unless required by applicable law or agreed to in writing, software
|
|
13
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
14
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
15
|
+
# See the License for the specific language governing permissions and
|
|
16
|
+
# limitations under the License.
|
|
17
|
+
#
|
|
18
|
+
|
|
19
|
+
require 'chef-vault'
|
|
20
|
+
|
|
21
|
+
class ChefVaultRetry
|
|
22
|
+
class Item
|
|
23
|
+
|
|
24
|
+
def self.load(v, i, retries=40)
|
|
25
|
+
retries.times do
|
|
26
|
+
begin
|
|
27
|
+
return ChefVault::Item.load(v, i)
|
|
28
|
+
rescue ChefVault::Exceptions::SecretDecryption
|
|
29
|
+
puts "SecretDecryption exception raised; "\
|
|
30
|
+
"please refresh vault item (#{v}/#{i})"
|
|
31
|
+
sleep 30
|
|
32
|
+
next
|
|
33
|
+
end
|
|
34
|
+
end
|
|
35
|
+
fail "Failed after #{retries} attempts to decrypt #{v}/#{i}"
|
|
36
|
+
end
|
|
37
|
+
|
|
38
|
+
end
|
|
39
|
+
end
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
# Description: chef-vault-retry VERSION file
|
|
2
|
+
# Copyright 2015, Biola University
|
|
3
|
+
# Copyright 2013-15, Nordstrom, Inc.
|
|
4
|
+
|
|
5
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
6
|
+
# you may not use this file except in compliance with the License.
|
|
7
|
+
# You may obtain a copy of the License at
|
|
8
|
+
|
|
9
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
|
10
|
+
|
|
11
|
+
# Unless required by applicable law or agreed to in writing, software
|
|
12
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
13
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
14
|
+
# See the License for the specific language governing permissions and
|
|
15
|
+
# limitations under the License.
|
|
16
|
+
|
|
17
|
+
class ChefVaultRetry
|
|
18
|
+
VERSION = '0.1.0'
|
|
19
|
+
MAJOR, MINOR, TINY = VERSION.split('.')
|
|
20
|
+
end
|
metadata
ADDED
|
@@ -0,0 +1,65 @@
|
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
|
2
|
+
name: chef-vault-retry
|
|
3
|
+
version: !ruby/object:Gem::Version
|
|
4
|
+
version: 0.1.0
|
|
5
|
+
platform: ruby
|
|
6
|
+
authors:
|
|
7
|
+
- Biola University
|
|
8
|
+
autorequire:
|
|
9
|
+
bindir: bin
|
|
10
|
+
cert_chain: []
|
|
11
|
+
date: 2015-10-13 00:00:00.000000000 Z
|
|
12
|
+
dependencies:
|
|
13
|
+
- !ruby/object:Gem::Dependency
|
|
14
|
+
name: chef-vault
|
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
|
16
|
+
requirements:
|
|
17
|
+
- - "~>"
|
|
18
|
+
- !ruby/object:Gem::Version
|
|
19
|
+
version: '2.6'
|
|
20
|
+
type: :runtime
|
|
21
|
+
prerelease: false
|
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
23
|
+
requirements:
|
|
24
|
+
- - "~>"
|
|
25
|
+
- !ruby/object:Gem::Version
|
|
26
|
+
version: '2.6'
|
|
27
|
+
description: Retry support for chef-vault
|
|
28
|
+
email:
|
|
29
|
+
- sysadmins@biola.edu
|
|
30
|
+
executables: []
|
|
31
|
+
extensions: []
|
|
32
|
+
extra_rdoc_files: []
|
|
33
|
+
files:
|
|
34
|
+
- ".gitignore"
|
|
35
|
+
- Gemfile
|
|
36
|
+
- README.md
|
|
37
|
+
- chef-vault-retry.gemspec
|
|
38
|
+
- lib/chef-vault-retry.rb
|
|
39
|
+
- lib/chef-vault-retry/version.rb
|
|
40
|
+
homepage: https://github.com/biola/chef-vault-retry
|
|
41
|
+
licenses:
|
|
42
|
+
- Apache License, v2.0
|
|
43
|
+
metadata: {}
|
|
44
|
+
post_install_message:
|
|
45
|
+
rdoc_options: []
|
|
46
|
+
require_paths:
|
|
47
|
+
- lib
|
|
48
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
|
49
|
+
requirements:
|
|
50
|
+
- - ">="
|
|
51
|
+
- !ruby/object:Gem::Version
|
|
52
|
+
version: '0'
|
|
53
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
54
|
+
requirements:
|
|
55
|
+
- - ">="
|
|
56
|
+
- !ruby/object:Gem::Version
|
|
57
|
+
version: '0'
|
|
58
|
+
requirements: []
|
|
59
|
+
rubyforge_project:
|
|
60
|
+
rubygems_version: 2.4.5
|
|
61
|
+
signing_key:
|
|
62
|
+
specification_version: 4
|
|
63
|
+
summary: Retry support for chef-vault
|
|
64
|
+
test_files: []
|
|
65
|
+
has_rdoc:
|