chef-infrachef-recipechef-solo

Chef "file" resource with huge content


I am using the file resource and specifying the file contents to the content attribute. However, the content is huge and I cannot declare the content directly within the file attribute.

file "/var/django/.ssh/id_rsa" do
  content "huge content"
  owner "django"
  group "django"
  mode 00600
end

Please suggest if there is a better way to declare the content(when content is huge).


Solution

  • Although, you mentioned you don't want a separate file, the correct way to create a private SSH key would be to use encrypted data bags. The easiest way to manage encrypted data bags is through chef vault. You can read more about how to get setup with Chef vault here: http://jtimberman.housepub.org/blog/2013/09/10/managing-secrets-with-chef-vault/.

    vault_ssh = ChefVault::Item.load("secrets", "vaultuser-ssh-private")
    
    directory "/home/vaultuser/.ssh" do
      owner "vaultuser"
      group "vaultuser"
      mode 0700
    end
    
    file "/home/vaultuser/.ssh/id_rsa" do
      content vault_ssh["vaultuser-ssh-private"]
      owner "vaultuser"
      group "vaultuser"
      mode 0600
    end
    

    If you wanted to skip the data bag you could just set the value of the vault_ssh["vaultuser-ssh-private"] attribute to the key, or have it set to a node attribute in your role/cookbook.