Skip to content
This repository has been archived by the owner on Apr 23, 2019. It is now read-only.

sample_host.json explained

Jump to bottom
berkes edited this page Nov 28, 2014 · 4 revisions

For the most up-to-date file, please refer to the sample_host.json in master branch

PLEASE NOTE: This wiki-page is under construction and may be outdated or may not cover everything yet.

Below, the file is broken up in parts, each part is documented.

Runlist

  "run_list":["role[mysql]","role[rails_passenger]", "role[sysadmins]"],

In the runlist you define what recipes or roles are ran. In chef-repo, we typically only include roles here.

Available roles are:

  • backup: Set up the server so it makes backups of your apps.
  • base: The base server, will be run by most other recipes or roles.
  • mysql: A databaseserver with MySQL.
  • postgresql: A databaseserver with Postgresql.
  • rails_passenger: Rails App-server with Nginx and Passenger.
  • rails: Rails App-server with Unicorn (incompatible with Rails Passenger).
  • sysadmins: Sets up user-accounts with sudo-access.

MySQL

When the mysql role is in the run-list, you need to provide some basic configuration for the server.

  "mysql": {
    "server_debian_password": "<enter a random password>",
    "server_root_password": "<enter a random password>",
    "server_repl_password": "<enter a random password>"
  },

You need to provide secure root passwords for operations on the database:

  • server_debian_password Sets the password for the special debian-sys-maint user
  • server_root_password Sets the password for the MySQL-root. Be extra carefull with this password.
  • server_repl_password. If provided, this password will be used in a replicating cluster setup. See the README for Mysql for more information.

Package

  "packages": ["<option list of system wide packages>"],

TODO

Sysadmins

When using the sysadmins role in your runlist, you can set the sysadmins's details here.

  "sysadmins": {
    "<username>": {
      "password": "<hashed password: openssl passwd -1 'plaintextpassword'>",
      "ssh_keys": [
        "ssh-rsa AAA123...xyz== foo",
        "ssh-rsa AAA456...uvw== bar"
      ]
    }
  }
  • username: a Unix-compatible username. e.g. "alice"
  • password: a hashed password for alice. You can hash a password with openssl passwd -1 'plaintextpassword' on most linux and unix-systems. The password will then be literally plaintextpassword.
  • ssh_keys: A list of public keys which Alice uses. If alice has the private key, she can now log in using this ssh-key. Note that this recipe manages the keys, so tools like ssh-copy-id will not work, since the keys they add will be overwritten. On most systems you can find a public key at $HOME/.ssh/id_rsa.pub.

When running sudo-commands, the user is prompted for the password. When public keys are set up correctly, the user is still prompted for the password in order to run commands as sudo, but the user does not need to provide the password when logging into the server. If the user does not have proper keys set up, the user can log in by providing the password. This is the normal Ubuntu server behaviour wrt sudo.

NOTE: There is not recipe or flag yet, which allows you to remove users. If you remove a user from this list, it will not be removed from the server(s). If you want to deny access, simply change the password and remove the public keys. FRom then on the user can then no longer log into the server.

Deploy Keys

  "ssh_deploy_keys": [
    "<enter the contents of an id_rsa.pub here>"
  ],

TODO

Backups

  "backups": {
    "<app_name>_<stage>" : {
      "enabled": true,
      "storage_type": "s3",
      "s3_access_key": "<s3_access_key>",
      "s3_secret_access_key": "<s3_secret_access_key>",
      "s3_bucket": "<s3_bucketname>",
      "s3_region": "<s3_region, i.e.: eu-west-1>",
      "database_type": "<mysql, postgresql or none>",
      "database_username": "<db_username>",
      "database_password": "<db_password>",
      "database_host": "<db_host likely localhost>"
    }
  },

TODO

Applications

  "active_applications": {
    "<appname>_<stage>": {
      "rails_env": "<stage, eg: production>",
      "packages": ["nodejs"],
      "domain_names": ["<domain name>", "<domain name>", "<...>"],
      "ruby_version": "2.1.0",
      "ssl_info": {
        "key": "<ssl key>",
        "crt": "<ssl crt>"
        },
      "env_vars": {
        "key_1": "val_1",
        "key_2": "val_2"
      },
      "database_info": {
        "adapter": "mysql2",
        "host": "localhost",
        "username": "<db username, max 10 characters>",
        "password": "<enter a random password>",
        "database": "<appname>_<stage>"
      }
    }
  }

TODO

Clone this wiki locally