Chef "file" resource with huge content

Question

I am using the file resource and specifying the file contents to the content attribute. However, the content is huge and I cannot declare the content directly within the file attribute.

file "/var/django/.ssh/id_rsa" do
  content "huge content"
  owner "django"
  group "django"
  mode 00600
end

Please suggest if there is a better way to declare the content(when content is huge).

Answer 1

Using a cookbook_file resource as coderanger described is probably the more correct way of doing this.

But if you really want to do it without a separate file, you can use a heredoc with the file resource.

file '/tmp/somefile' do
  content <<-EOF.gsub(/^\s+/, '')
    some line here
    some other line here
    more lines
    EOF
end

Answer 2

Although, you mentioned you don't want a separate file, the correct way to create a private SSH key would be to use encrypted data bags. The easiest way to manage encrypted data bags is through chef vault. You can read more about how to get setup with Chef vault here: http://jtimberman.housepub.org/blog/2013/09/10/managing-secrets-with-chef-vault/.

vault_ssh = ChefVault::Item.load("secrets", "vaultuser-ssh-private")

directory "/home/vaultuser/.ssh" do
  owner "vaultuser"
  group "vaultuser"
  mode 0700
end

file "/home/vaultuser/.ssh/id_rsa" do
  content vault_ssh["vaultuser-ssh-private"]
  owner "vaultuser"
  group "vaultuser"
  mode 0600
end

If you wanted to skip the data bag you could just set the value of the vault_ssh["vaultuser-ssh-private"] attribute to the key, or have it set to a node attribute in your role/cookbook.

Answer 3

Put the content in a file under files/ in the cookbook and use a cookbook_file resource.