tinychef 0.0.4 → 0.0.5
Sign up to get free protection for your applications and to get access to all the features.
- data/README.md +56 -3
- data/lib/tinychef/node_run.rb +1 -1
- data/lib/tinychef/version.rb +1 -1
- metadata +1 -1
data/README.md
CHANGED
@@ -30,20 +30,73 @@ This will create a new *dirname* folder with the following structure:
|
|
30
30
|
└── vendor
|
31
31
|
└── solo.rb
|
32
32
|
|
33
|
+
### Bootstrap a node
|
34
|
+
|
35
|
+
Node bootstrapping is up to you. You have to prepare your own script file for
|
36
|
+
bootstrapping and put it in `boot.sh`. You can then let tinychef run it:
|
37
|
+
|
38
|
+
$ tinychef boot newnode.example.org
|
33
39
|
|
34
40
|
### Run a node
|
35
41
|
|
36
|
-
|
42
|
+
$ tinychef run username@mynode.example.org
|
37
43
|
|
38
44
|
This command will look for a `mynode.example.org.json` file in nodes folder
|
39
45
|
and execute the run list on that. Alternatively you can run:
|
40
46
|
|
41
|
-
|
47
|
+
$ tinychef run nodes/another_node.json username@mynode.example.org
|
42
48
|
|
43
49
|
If you want to override the run list defined in the node file, append a
|
44
50
|
run list sequence:
|
45
51
|
|
46
|
-
|
52
|
+
$ tinychef run nodes/another_node.json username@mynode.example.org "recipe[mybook::myrecipe]"
|
53
|
+
|
54
|
+
If this command does not encounter problems, all files are removed from the
|
55
|
+
remote host when it completes. If any error occurs, files from the remote host
|
56
|
+
are not removed, you'll have to clean everything up.
|
57
|
+
|
58
|
+
### Working with data bags
|
59
|
+
|
60
|
+
Tinychef assumes you will only work with encrypted data bags. In order to
|
61
|
+
work with encrypted databags you have to create a secret.key file in your
|
62
|
+
tinychef root folder.
|
63
|
+
|
64
|
+
$ tinychef key:generate
|
65
|
+
|
66
|
+
This command will generate a `secret.key` file. Keep it secure.
|
67
|
+
|
68
|
+
Databags must be placed under `data_bags` directory organized in folders
|
69
|
+
reflecting the name of the recipe where the databag is used. You work on databags as
|
70
|
+
plain ruby hash files, and then encrypt them when it's time to run the recipe
|
71
|
+
or push everything to the remote.
|
72
|
+
|
73
|
+
$ tinychef bag:create myrecipe bag_name
|
74
|
+
|
75
|
+
This command will crete a file named `data_bags/myrecipe/bag_name.rb`. When
|
76
|
+
you are done editing this file you can encrypt it.
|
77
|
+
|
78
|
+
$ tinychef bag:encrypt myrecipe bag_name
|
79
|
+
|
80
|
+
Encryption command will generate a `json` representation of the hash file.
|
81
|
+
This json file is the one that will be moved to the remote host when running recipes.
|
82
|
+
|
83
|
+
### Keeping data safe
|
84
|
+
|
85
|
+
In order to keep your working copy clean and secure, tinychef provides a
|
86
|
+
couple of commands to password protect you `secret.key` file:
|
87
|
+
|
88
|
+
$ tinychef key:lock
|
89
|
+
|
90
|
+
will ask for a password and encrypt you key an `secret.key.aes` file. The
|
91
|
+
reverse command is:
|
92
|
+
|
93
|
+
$ tinychef key:unlock
|
94
|
+
|
95
|
+
It's a good idea to leave your working copy safe by removing all plain
|
96
|
+
hashes version of data\_bags. You'll be always able to restore the ruby hash
|
97
|
+
version of an encrypted data bag with the command:
|
98
|
+
|
99
|
+
$ tinychef bag:decrypt myrecipe bag_name
|
47
100
|
|
48
101
|
## Contributing
|
49
102
|
|
data/lib/tinychef/node_run.rb
CHANGED
@@ -58,7 +58,7 @@ EOH
|
|
58
58
|
|
59
59
|
system %Q{ rsync -rvcL --exclude .git --exclude vendor/* --exclude *.swp --exclude *.swo . #{dest}:#{RECIPES_DIR} }
|
60
60
|
system %Q{ ssh -t #{dest} "sudo mkdir -p /etc/chef " }
|
61
|
-
system %Q{ ssh -t #{dest} "sudo cp #{RECIPES_DIR}/
|
61
|
+
system %Q{ ssh -t #{dest} "sudo cp #{RECIPES_DIR}/secret.key /etc/chef/encrypted_data_bag_secret" }
|
62
62
|
end
|
63
63
|
|
64
64
|
def run_code
|
data/lib/tinychef/version.rb
CHANGED