読者です 読者をやめる 読者になる 読者になる

なみひらブログ

学んだことを日々記録する。~ since 2012/06/24 ~

Chefでのdata_bagsの使い方

tomcatのwebアプリケーションマネージャのユーザ設定でChefのdata_bagsを使ったので、メモします。

作業

data_bagsにパスを通す

solo.rb

cookbook_path [ '/home/namihira/chef/chef-repo/cookbooks' ]
data_bag_path "/home/namihira/chef/chef-repo/data_bags"

tomcatのdata_bagsを用意する

tomcatのcookbook(opscode-cookbooks/tomcat · GitHub)を見ると

 Managing Tomcat Users

The recipe tomcat::users included in this cookbook is used for managing Tomcat users. The recipe adds users and roles to the tomcat-users.xml conf file.

Users are defined by creating a tomcat_users data bag and placing Encrypted Data Bag Items in that data bag. Each encrypted data bag item requires an 'id', 'password', and a 'roles' field.
{
  "id": "reset",
  "password": "supersecret",
  "roles": [
    "manager",
    "admin"
  ]
}
If you are a Chef Solo user the data bag items are not required to be encrypted and should not be.

のように書いているので、「tomcat_users」というdata_bagを作成し、その中にデータを定義します。

[namihira@xx.xx.xx.xx]~/chef/chef-repo% cat data_bags/tomcat_users/default.json
{
        "id":"namihira",
        "password": "namihira",
        "roles": [
                "manager",
                "admin"
        ]
}

run_listにtomcatのusersレシピを追加する

solo.json

{
        "run_list": [
                "recipe[apache2]",
                "recipe[java]",
                "recipe[tomcat]",
                "recipe[tomcat::users]"
        ]
}

実行してみる

上記のrun_listを実行すると、

[namihira@xx.xx.xx.xx]~/chef/chef-repo% sudo chef-solo -j solo.json -c solo.rb

tomcat-users.xml.erb」のテンプレートに値が入り、tomca-users.xmlが作成されます。

[namihira@xx.xx.xx.xx]~/chef/chef-repo% cat /etc/tomcat6/tomcat-users.xml
<?xml version='1.0' encoding='utf-8'?>
<!--
  Licensed to the Apache Software Foundation (ASF) under one or more
  contributor license agreements.  See the NOTICE file distributed with
  this work for additional information regarding copyright ownership.
  The ASF licenses this file to You under the Apache License, Version 2.0
  (the "License"); you may not use this file except in compliance with
  the License.  You may obtain a copy of the License at

      http://www.apache.org/licenses/LICENSE-2.0

  Unless required by applicable law or agreed to in writing, software
  distributed under the License is distributed on an "AS IS" BASIS,
  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  See the License for the specific language governing permissions and
  limitations under the License.
-->
<tomcat-users>
<role rolename="manager" />
<role rolename="admin" />
<user username="namihira" password="namihira" roles="manager, admin" />
</tomcat-users>

参考

サーバー設定ツール「Chef」応用編:knife-soloとData Bagを使う - さくらのナレッジ