Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refactor the population of TLS files to wrapper cookbooks? #247

Closed
Fitzsimmons opened this issue Dec 7, 2015 · 7 comments · Fixed by #291
Closed

Refactor the population of TLS files to wrapper cookbooks? #247

Fitzsimmons opened this issue Dec 7, 2015 · 7 comments · Fixed by #291
Assignees
@johnbellone
Milestone
2.0

Comments

@Fitzsimmons
Copy link
Contributor

Hi,

I'm noticing that consul_config.rb is currently expecting the TLS files to be set in a chef-vault. I fully support the use of chef-vault, and in fact I'm already using it; however, I'm adding the files to the filesystem in my wrapper cookbook, and I'd like to simply tell consul-cookbook where to look for the files once they're already there.

I much prefer this technique because it allows a lot of flexibility for myself and other consumers of this cookbook to handle secrets in their preferred way.

I'd be willing to write the pull request to make this happen, but I just wanted to make sure that this work would be appreciated before embarking on what I consider a fairly significant API change.

Let me know,

-Justin
@johnbellone
Copy link
Contributor

@Fitzsimmons I am willing to accept a PR here.

@joerocklin
Copy link
Contributor

I've implemented this over at https://github.com/joerocklin/consul-cookbook/tree/server_options - though I don't know that it's the most elegant of solutions. Basically I added another option called manual_tls (because I needed a quick fix for what I was working on). Would be happy to submit a PR if @johnbellone thinks that's a decent solution!

@johnbellone johnbellone added this to the 2.0 milestone Feb 22, 2016
@johnbellone johnbellone self-assigned this Feb 22, 2016
@johnbellone
Copy link
Contributor

I am removing the management of TLS certificates with version 2.0. It has already landed in the install-resource branch and will be released in the next few days. I am just going through some integration tests. The plan is to have a separate example wrapper cookbook to draw from.

@spheromak
Copy link
Contributor

👍 for those of us that manage certs outside of chef.

@joerocklin
Copy link
Contributor

@johnbellone I was trying to test my wrapper cookbook with the install-resource branch to get ready for the upcoming change, and it looks like it's still trying to manage keys & certs from chef-vault: https://github.com/johnbellone/consul-cookbook/blob/5e5dc78/libraries/consul_config.rb#L125

Is this still the plan for 2.0, or are there more changes in store?

johnbellone pushed a commit that referenced this issue Mar 16, 2016
Remove TLS certificate management from this policy.
630f05e 
I am deferring the management of TLS certificates to wrapper
cookbooks. This closes #247.
@johnbellone
Copy link
Contributor

@joerocklin A local commit that didn't get pushed up :).

johnbellone pushed a commit that referenced this issue Mar 17, 2016
Remove TLS certificate management from this policy.
ea2fe47 
I am deferring the management of TLS certificates to wrapper
cookbooks. This closes #247.
@johnbellone johnbellone mentioned this issue Mar 17, 2016
Merged
@lock
Copy link

lock bot commented Apr 25, 2020

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@lock lock bot locked as resolved and limited conversation to collaborators Apr 25, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@johnbellone johnbellone

Labels
None yet
Projects
None yet
Milestone
2.0
Development

Successfully merging a pull request may close this issue.

Adds custom resource for installing Consul. sous-chefs/consul
4 participants
@spheromak @joerocklin @johnbellone @Fitzsimmons