Reputation: 172
Chef recipe fails at compiling cookbook
I want to encrypt all my chef data_bags and set the decryption key on clients VMs in /etc/chef/secret_key so at chef-client run it will decrypt the data bag with this key. For this I have the following resources in recipe:
# Put the secret key in /etc/chef
cookbook_file '/etc/chef/rd_seceret_key' do
source 'rd_seceret_key'
action :create
end
# Get the credentials from the databag for the current environment
credentials = data_bag_item('pinpoint', node.chef_environment.downcase, IO.read('/etc/chef/rd_seceret_key'))
....
Now at compiling it tries to solve IO.read('/etc/chef/rd_seceret_key') which of course it doesn't exists yet until the chef client will set it from file like is set in the recipe above.
Errno::ENOENT
-------------
No such file or directory @ rb_sysopen - /etc/chef/rd_seceret_key
98>> credentials = data_bag_item('pinpoint', node.chef_environment.downcase, IO.read('/etc/chef/rd_seceret_key'))
Now my question is how can I prioritize this to set first the cookbook_file. Of course I want to do this from one chef-client not separating recipe.
Upvotes: 0
Views: 414
Answers (1)
Reputation: 54267
Read https://coderanger.net/two-pass/ to see how to force things to run at compile time.
That said, please don't do this. Distributing the data bag key through Chef itself defeats the entire point of the security model and is literally pointless.
Upvotes: 1
Related Questions
- Chef recipe not found for cookbook
- Chef Recipe: File not found issue (does not contain a file at any of these locations)
- chef, Could not find cookbook in your cookbook path
- I get Chef::Exceptions::CookbookNotFound
- getting an error while generating a cookbook using chef generate cookbook
- Could not find recipe file
- Chef Mysql recipe fails
- Chef recipe compilation failure
- Recipe not being executed in Chef
- Type error in chef recipe