Comments (7)
shapeofarchitect
commented on June 12, 2024
1
I would strongly recommend above , as there has been a lot of issues with this dependency , the latest issue I am facing now is that AWS OpsWorks with chef-splunk and it doesn't support encrypted data bags too.
================================================================================
Recipe Compile Error in /var/chef/runs/09193be9-9c61-47dc-8e32-64e179e1ba17/local-mode-cache/cache/cookbooks/chef-splunk/recipes/default.rb
================================================================================
Net::HTTPServerException
------------------------
404 "Not Found"
Cookbook Trace:
---------------
/var/chef/runs/09193be9-9c61-47dc-8e32-64e179e1ba17/local-mode-cache/cache/cookbooks/chef-vault/libraries/helpers.rb:38:in `chef_vault_item'
/var/chef/runs/09193be9-9c61-47dc-8e32-64e179e1ba17/local-mode-cache/cache/cookbooks/chef-splunk/recipes/setup_auth.rb:21:in `from_file'
/var/chef/runs/09193be9-9c61-47dc-8e32-64e179e1ba17/local-mode-cache/cache/cookbooks/chef-splunk/recipes/client.rb:81:in `from_file'
/var/chef/runs/09193be9-9c61-47dc-8e32-64e179e1ba17/local-mode-cache/cache/cookbooks/chef-splunk/recipes/default.rb:29:in `from_file'
Relevant File Content:
----------------------
/var/chef/runs/09193be9-9c61-47dc-8e32-64e179e1ba17/local-mode-cache/cache/cookbooks/chef-vault/libraries/helpers.rb:
31: # +node['chef-vault']['databag_fallback']+.
32: # @example
33: # item = chef_vault_item('secrets', 'bacon')
34: # log 'Yeah buddy!' if item['_default']['type']
35: # @param [String] bag Name of the data bag to load from.
36: # @param [String] id Identifier of the data bag item to load.
37: def chef_vault_item(bag, id)
38>> if ChefVault::Item.vault?(bag, id)
39: ChefVault::Item.load(bag, id)
40: elsif node['chef-vault']['databag_fallback']
41: data_bag_item(bag, id)
42: else
43: raise "Trying to load a regular data bag item #{id} from #{bag}, and databag_fallback is disabled"
44: end
45: end
46:
47: # Helper method which provides an environment wrapper for a data bag.
Platform:
---------
x86_64-linux
================================================================================
Recipe Compile Error in /var/chef/runs/0a6f8712-ddf0-4b86-b2bf-5a290875e2ec/local-mode-cache/cache/cookbooks/chef-splunk/recipes/default.rb
================================================================================
Net::HTTPServerException
------------------------
404 "Not Found"
Cookbook Trace:
---------------
/var/chef/runs/0a6f8712-ddf0-4b86-b2bf-5a290875e2ec/local-mode-cache/cache/cookbooks/chef-vault/libraries/helpers.rb:38:in `chef_vault_item'
/var/chef/runs/0a6f8712-ddf0-4b86-b2bf-5a290875e2ec/local-mode-cache/cache/cookbooks/chef-splunk/recipes/setup_auth.rb:21:in `from_file'
/var/chef/runs/0a6f8712-ddf0-4b86-b2bf-5a290875e2ec/local-mode-cache/cache/cookbooks/chef-splunk/recipes/client.rb:81:in `from_file'
/var/chef/runs/0a6f8712-ddf0-4b86-b2bf-5a290875e2ec/local-mode-cache/cache/cookbooks/chef-splunk/recipes/default.rb:29:in `from_file'
Relevant File Content:
----------------------
/var/chef/runs/0a6f8712-ddf0-4b86-b2bf-5a290875e2ec/local-mode-cache/cache/cookbooks/chef-vault/libraries/helpers.rb:
31: # +node['chef-vault']['databag_fallback']+.
32: # @example
33: # item = chef_vault_item('secrets', 'bacon')
34: # log 'Yeah buddy!' if item['_default']['type']
35: # @param [String] bag Name of the data bag to load from.
36: # @param [String] id Identifier of the data bag item to load.
37: def chef_vault_item(bag, id)
38>> if ChefVault::Item.vault?(bag, id)
39: ChefVault::Item.load(bag, id)
40: elsif node['chef-vault']['databag_fallback']
41: data_bag_item(bag, id)
42: else
43: raise "Trying to load a regular data bag item #{id} from #{bag}, and databag_fallback is disabled"
44: end
45: end
from chef-splunk.
devlinrcg
commented on June 12, 2024
1
Same as @shapeofarchitect
from chef-splunk.
haidangwa
commented on June 12, 2024
1
Chef 13.4 now includes the chef-vault gem, so this should no longer be an issue. v2.0.0 of this cookbook also now requires chef_version '>= 13.11'. Chef 13 reached EOL as of 4/30/2019, as well.
https://github.com/chef/chef/blob/master/RELEASE_NOTES.md#chef-vault-is-now-included
from chef-splunk.
filltr
commented on June 12, 2024
Please!
from chef-splunk.
haidangwa
commented on June 12, 2024
I don't like the idea of storing sensitive data in node attributes, because they are stored as unencrypted data; especially ones where they are to be encrypted by chef-vault or by encrypted data bags. Doing so defeats the purpose of encryption. Cookbooks that have done this imply another process to remove these node attributes from the node data before it gets uploaded back to the chef server at the end of successful chef runs. I think the cookbook should use chef's built-in encrypted data bag and rid of chef-vault altogether.
from chef-splunk.
bby-bishopclark
commented on June 12, 2024
It's a great idea to allow the implementer the choice of back-ends.
from chef-splunk.
bby-bishopclark
commented on June 12, 2024
Careful: Since #120 was just declined, if we fixate on chef-vault then this cookbook may no longer be usable in an air-gapped environment. This would make the emerging standard for PCI an environment too secure for chef/splunk, and it's not a space where I think Splunk can afford to be non-dominant.
from chef-splunk.
Related Issues (20)
- `splunk_auth` no longer required by `splunk_app` resource
- Error executing action `run` on resource 'execute[update-splunk-mgmt-port]' HOT 7
- Splunk forwarder installation failure HOT 6
- chef-splunk installation failure due default_description as a property field
- SHC captain logic fails when existing captain exists
- shcluster_member? is missing an argument on line 213
- splunk version conflict after upgrades can cause Splunk to be downgraded
- splunk.service: Refusing to accept PID outside of service control group HOT 8
- systemd unit file in cookbook has diverged from splunk documentation HOT 2
- GitHub actions don't test all supported OSes
- shcluster_member? is returning false when it should be true
- Implementing Windows Support for Client Only HOT 1
- splunk_login_successful? helper method fails to send auth info to splunkd
- Add SUSE support
- undefined local variable or method `node' for Chef::Provider::Service::Systemd:Class HOT 3
- Splunk restarting on every run because of mgmt port
- splunk_monitor resource fails for valid index names
- chef-vault and default recipe being invoked when only installing the forwarder
- Systemd doesn't recognize Splunkd.service on upgrade
- Dependency Dashboard
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from chef-splunk.