Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Jan 29 15:59
  • Jan 29 13:46
    OperationalDev opened #329
  • Jan 28 23:58
    tas50 unlabeled #291
  • Jan 28 23:58
    tas50 labeled #291
  • Jan 16 00:19

    tas50 on master

    Use the new GH labels in the ex… (compare)

  • Jan 15 12:38
  • Dec 22 2018 06:14
    tas50 unlabeled #58
  • Dec 22 2018 06:14
    tas50 labeled #58
  • Dec 22 2018 06:14
    tas50 unlabeled #116
  • Dec 22 2018 06:14
    tas50 labeled #116
  • Dec 22 2018 06:14
    tas50 unlabeled #117
  • Dec 22 2018 06:14
    tas50 labeled #117
  • Dec 22 2018 06:14
    tas50 unlabeled #124
  • Dec 22 2018 06:14
    tas50 labeled #124
  • Dec 22 2018 06:14
    tas50 unlabeled #126
  • Dec 22 2018 06:14
    tas50 labeled #126
  • Dec 22 2018 06:14
    tas50 unlabeled #127
  • Dec 22 2018 06:14
    tas50 labeled #127
  • Dec 22 2018 06:14
    tas50 unlabeled #129
  • Dec 22 2018 06:14
    tas50 labeled #129
Jandre
@iamzim
What did I do to knife vault?
ERROR: Chef::Exceptions::DuplicateDataBagItem: Data bag 'trucks-users' has items with the same name '' but different content.
Jason Schadel
@wyrdvans
I'm trying to use chef_vault_item in a chef-provisioning recipe but for some reason when I run the chef provision command to run it, the recipe can't find the chef-vault cookbook:
Reason: (Chef::Exceptions::CookbookNotFound) Cookbook chef-vault not found. If you're loading chef-vault from another cookbook, make sure you configure the dependency in your metadata
The cookbook is in my metadata
Hippie Hacker
@hh
Morning @dougireton 8)
xreference
@xreference

i've been using chef-vault for about 2 years, but in the last month or so, i'm having an issue where it appears to not be encrypting data properly for new uploads to chef vault databag only. upon a recipe run i get a message that states:

ChefVault::Exceptions::SecretDecryption

certs/hostname1_cert is not encrypted with your public key. Contact an administrator of the vault item to encrypt for you!

i'm uploading the cert as follows: knife vault create certs hostname1_cert --mode client --file hostname1.crt -A "adminname" -S "name:hostname1"

Interestingly, all my previously encrypted data bag items are fine and still function normally. Thus, this only affects provisioning of new data bags. I'm not sure where to go to figure out the answer on what might be occurring however. Anyone have any thoughts this issue?

equick
@equick
Is there a way to integrate access control with the chef host or AD (as an example) so we don't need to keep running knife vault update when a new node or admin is added ?
xreference
@xreference
i fixed my issue by upgrading to chef 12 server. not sure why though.
Benjamin Atkin
@benatkin
It might be that you upgraded your chef client without upgrading your chef server.
Will Hayworth
@wsh
Hi all :)
Has anyone tried to make chef-vault work with OpsWorks?
Gitter search and Google suggest the answer is no, but I thought it would be worth asking.
Dilip Panwar
@dilippanwar1
Please suggest to good link to start with vault
but both are using different ways to create vault
in one it uses knife encrypt and in another it uses knife vault
also the doc is very ol
odl
old*
Does anyone have any good link which I can follow
Dilip Panwar
@dilippanwar1
@seperman can you pls share how are you creating vaults
Dilip Panwar
@dilippanwar1
i have created a vault with plain text passwd
but I m not able to get passwd in my recipe
it is failing since i dont have keys for it
Can any one help how i can fix it
shansky
@Shansky

@dilippanwar1 u should use —search to specify hosts - for example:

knife vault create ssh deploy --search 'fqdn:server-*-prod' --admins dilippanwar1

this should add item deploy_keys in databag ssh with all hosts matching fqdn with given regex

Dilip Panwar
@dilippanwar1
I m getting these errors while create sample vaults
{"error":["Cannot load data bag item root_keys for data bag vault_bag"]}
{"error":["Cannot load data bag vault_bag"]}
Lets say I have fresh chef server with no nodes registered. What would be the command i should use to create vaults in that case
I m workng on one click deployment wherein , instances will be created on demand and vault will be utilized there
knife vault create vault_bag root '{"username": "root", "password": "mypassword"}' -S "role:webserver" -A "admin"
When i fire this command, It just creates the normal databag however I exepect to get a vault with encrypted values which I could fetch from recipes
@Shansky Can you please help
I am exactly following this
but vault is not getting created
<vaultname>_keys never gets created
content is always coming as plain text
I m doing some silly mistake i guess
but not able to catch it
shansky
@Shansky
@dilippanwar1 i manage to reproduce your problem
Dilip Panwar
@dilippanwar1
thats great!
shansky
@Shansky
by default knife vault creates vaults in file path specyfied in knife configuration file. On my workspace i’ve configured this by cookbook_path [ "/Users/Shansky/git/chef/cookbooks" ]then knife adds data_bags directory to this path and vaults lands there.
my knife.rb config strongly depends on current_dir
so when i was in subdirectory
it creates vault item but without keys and i couldn’t magange to read this by using knife data bag show
so when i’m on top of my repository vault creates encrypted items in data_bags directory :)
Dilip Panwar
@dilippanwar1
cookbook_path '/root/chef-repo/cookbooks/techops/chef/cookbooks'
this is my cbk path in knife