Created
August 18, 2012 06:09
-
-
Save d2kagw/3384786 to your computer and use it in GitHub Desktop.
How to store your Splunk Storm credentials securely in Chef.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
###################### | |
# Instructions | |
# | |
# Splunk Storm uses a proprietary license file which needs to be deployed on each of the forwarders. | |
# For us to deploy these files we need to put them into Chef Server, but it'd be nice for them to be | |
# all nice and secure. | |
# | |
# Here's a quick chunk of code of how to post the creds into a secure data bag. | |
# | |
# Create a data bag (preference would be this is a secure data bag) | |
# `knife data bag create licenses storm --secret-file ~/.chef/encrypted_data_bag_secret` | |
# | |
# open up irb and run the commands below to encode your credentials into the bag | |
# be sure to change the vars to match your setup (i'll have to make this a Knife Plugin one day) | |
# | |
# You'll probably want to checkin your keys into the | |
# `knife data bag show licenses storm -Fj > data_bags/licenses/storm.json` | |
###################### | |
# To write the Splunk Storm Creds to a data bag | |
require 'base64' | |
require 'chef' | |
data_bag = "licenses" | |
data_bag_key = "storm" | |
license_file = "stormforwarder_XXXXXXXX.spl" | |
Chef::Config.from_file("#{ENV['HOME']}/.chef/knife.rb") | |
c = Chef::DataBagItem.load(data_bag, data_bag_key) | |
contents = [File.open(license_file, "rb") {|io| io.read}].pack("m") | |
c['data'] = contents | |
c['filename'] = license_file | |
c.save | |
###################### | |
# To read the Splunk Storm Creds from a data bag | |
require 'base64' | |
require 'chef' | |
data_bag = "licenses" | |
data_bag_key = "storm" | |
Chef::Config.from_file("#{ENV['HOME']}/.chef/knife.rb") | |
c = Chef::DataBagItem.load(data_bag, data_bag_key) | |
File.open(c['filename'], "wb") do |file| | |
file.write(c['data'].unpack('m').first) | |
end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment