Skip to content

Instantly share code, notes, and snippets.

@jkeiser

jkeiser/gist:126e7e1ed0b040ddc892

Created March 16, 2015 20:20
Show Gist options
  • Save jkeiser/126e7e1ed0b040ddc892 to your computer and use it in GitHub Desktop.
Save jkeiser/126e7e1ed0b040ddc892 to your computer and use it in GitHub Desktop.
Download ZIP
provisioning-machine
Raw
gistfile1.txt
#
# First create a provisioners group so the ACLs are all correct
#
chef_group 'provisioners' do
end
# To be able to recreate the provisioners group
chef_acl 'groups' do
rights :create, groups: 'provisioners'
end
# To be able to add others to the provisioners group
chef_acl 'groups/provisioners' do
rights [ :read, :update ], groups: 'provisioners'
end
# To be able to create and delete machines
chef_acl 'nodes' do
rights :all, groups: 'provisioners'
end
chef_acl 'clients' do
rights :all, groups: 'provisioners'
end
# To be able to create and delete load balancers and images
chef_acl 'data' do
rights [ :read, :create ], groups: 'provisioners'
recursive false
end
%w(images load_balancers).each do |data_bag_name|
chef_data_bag data_bag_name do
end
chef_acl "data/#{data_bag_name}" do
rights :all, groups: 'provisioners'
end
end
#
# Now let's make a provisioning machine
#
machine 'provisioning-machine' do
recipe 'my_infrastructure'
end
chef_group 'provisioners' do
client 'provisioning-machine'
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment