tinychef 0.0.4 → 0.0.5

data/README.md

@@ -30,20 +30,73 @@ This will create a new *dirname* folder with the following structure:
     └── vendor
     └── solo.rb
 
+### Bootstrap a node
+
+Node bootstrapping is up to you. You have to prepare your own script file for
+bootstrapping and put it in `boot.sh`. You can then let tinychef run it:
+
+    $ tinychef boot newnode.example.org
 
 ### Run a node
 
-  $ tinychef run username@mynode.example.org 
+    $ tinychef run username@mynode.example.org 
 
 This command will look for a `mynode.example.org.json` file in nodes folder
 and execute the run list on that. Alternatively you can run: 
 
-  $ tinychef run nodes/another\_node.json username@mynode.example.org 
+    $ tinychef run nodes/another_node.json username@mynode.example.org 
 
 If you want to override the run list defined in the node file, append a
 run list sequence: 
 
-  $ tinychef run nodes/another\_node.json username@mynode.example.org "recipe\[mybook::myrecipe]"
+    $ tinychef run nodes/another_node.json username@mynode.example.org "recipe[mybook::myrecipe]"
+
+If this command does not encounter problems, all files are removed from the
+remote host when it completes. If any error occurs, files from the remote host
+are not removed, you'll have to clean everything up.
+
+### Working with data bags
+
+Tinychef assumes you will only work with encrypted data bags. In order to
+work with encrypted databags you have to create a secret.key file in your
+tinychef root folder.
+
+    $ tinychef key:generate
+
+This command will generate a `secret.key` file. Keep it secure.
+
+Databags must be placed under `data_bags` directory organized in folders
+reflecting the name of the recipe where the databag is used. You work on databags as
+plain ruby hash files, and then encrypt them when it's time to run the recipe
+or push everything to the remote.
+
+    $ tinychef bag:create myrecipe bag_name
+
+This command will crete a file named `data_bags/myrecipe/bag_name.rb`. When
+you are done editing this file you can encrypt it.
+
+    $ tinychef bag:encrypt myrecipe bag_name
+
+Encryption command will generate a `json` representation of the hash file.
+This json file is the one that will be moved to the remote host when running recipes.
+
+### Keeping data safe
+
+In order to keep your working copy clean and secure, tinychef provides a
+couple of commands to password protect you `secret.key` file:
+
+    $ tinychef key:lock
+
+will ask for a password and encrypt you key an `secret.key.aes` file. The
+reverse command is:
+
+    $ tinychef key:unlock
+
+It's a good idea to leave your working copy safe by removing all plain
+hashes version of data\_bags. You'll be always able to restore the ruby hash
+version of an encrypted data bag with the command:
+
+    $ tinychef bag:decrypt myrecipe bag_name
 
 ## Contributing
 

data/lib/tinychef/node_run.rb

@@ -58,7 +58,7 @@ EOH
 
       system %Q{ rsync -rvcL --exclude .git --exclude vendor/* --exclude *.swp --exclude *.swo .  #{dest}:#{RECIPES_DIR} }
       system %Q{ ssh -t #{dest} "sudo mkdir -p /etc/chef " }
-      system %Q{ ssh -t #{dest} "sudo cp #{RECIPES_DIR}/data_bags/secret.key /etc/chef/encrypted_data_bag_secret" }
+      system %Q{ ssh -t #{dest} "sudo cp #{RECIPES_DIR}/secret.key /etc/chef/encrypted_data_bag_secret" }
     end
 
     def run_code

data/lib/tinychef/version.rb

@@ -1,3 +1,3 @@
 module Tinychef
-  VERSION = "0.0.4"
+  VERSION = "0.0.5"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: tinychef
 version: !ruby/object:Gem::Version
-  version: 0.0.4
+  version: 0.0.5
   prerelease: 
 platform: ruby
 authors: