Skip to content

Instantly share code, notes, and snippets.

@wrossmann

wrossmann/chef-shell

Created October 31, 2014 23:01
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save wrossmann/322183455339b95517e0 to your computer and use it in GitHub Desktop.
Save wrossmann/322183455339b95517e0 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
chef-shell
chef > ::File.exists?(node['c_elk']['logstash']['extra_conf_dir']+'/server.crt')
=> true
chef > ssl_defaults = node['c_elk']['logstash']['ssl_subj_defaults']
=> {"C"=>"CA", "ST"=>"BC", "L"=>"City", "O"=>"Company", "OU"=>"IT", "emailAddress"=>"servers@company.com"}
chef > ssl_subject = sprintf('/C=%s/ST=%s/L=%s/O=%s/OU=%s/CN=%s/emailAddress=%s',
chef > ssl_defaults['C'], ssl_defaults['ST'], ssl_defaults['L'],
chef > ssl_defaults['O'], ssl_defaults['OU'], node['fqdn'], ssl_defaults['emailAddress']
chef ?> )
=> "/C=CA/ST=BC/L=City/O=Company/OU=IT/CN=chef-ls-test-01.iad.company.com/emailAddress=servers@company.com"
chef > ssl_subject == `openssl x509 -in #{node['c_elk']['logstash']['extra_conf_dir']}/server.crt -noout -subject | cut -d " " -f 2-`.strip
=> true
Raw
recipe_fragment
not_if {
# skip cert generation if the cert exists and the subject match
if ::File.exists?(node['c_elk']['logstash']['extra_conf_dir']+'/server.crt')
if ssl_subject == `openssl x509 -in #{node['c_elk']['logstash']['extra_conf_dir']}/server.crt -noout -subject | cut -d " " -f 2-`.strip
true
end
end
false
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment