-
Notifications
You must be signed in to change notification settings - Fork 82
sample_host.json explained
For the most up-to-date file, please refer to the sample_host.json in master branch
PLEASE NOTE: This wiki-page is under construction and may be outdated or may not cover everything yet.
Below, the file is broken up in parts, each part is documented.
"run_list":["role[mysql]","role[rails_passenger]", "role[sysadmins]"],
In the runlist you define what recipes or roles are ran. In chef-repo, we typically only include roles here.
Available roles are:
- backup: Set up the server so it makes backups of your apps.
- base: The base server, will be run by most other recipes or roles.
- mysql: A databaseserver with MySQL.
- postgresql: A databaseserver with Postgresql.
- rails_passenger: Rails App-server with Nginx and Passenger.
- rails: Rails App-server with Unicorn (incompatible with Rails Passenger).
- sysadmins: Sets up user-accounts with sudo-access.
When the mysql
role is in the run-list, you need to provide some basic configuration for the server.
"mysql": {
"server_debian_password": "<enter a random password>",
"server_root_password": "<enter a random password>",
"server_repl_password": "<enter a random password>"
},
You need to provide secure root passwords for operations on the database:
-
server_debian_password
Sets the password for the special debian-sys-maint user -
server_root_password
Sets the password for the MySQL-root. Be extra carefull with this password. -
server_repl_password
. If provided, this password will be used in a replicating cluster setup. See the README for Mysql for more information.
"packages": ["<option list of system wide packages>"],
TODO
When using the sysadmins role in your runlist, you can set the sysadmins's details here.
"sysadmins": {
"<username>": {
"password": "<hashed password: openssl passwd -1 'plaintextpassword'>",
"ssh_keys": [
"ssh-rsa AAA123...xyz== foo",
"ssh-rsa AAA456...uvw== bar"
]
}
}
-
username
: a Unix-compatible username. e.g. alice -
password
: a hashed password for alice. You can hash a password with the commandopenssl passwd -1 'plaintextpassword'
on most Linux and Unix-systems. The password will then be literallyplaintextpassword
. -
ssh_keys
: A list of public keys which alice uses. If alice has the private key for this public key, she can now log in using this ssh-key. On most systems you can find a public key at$HOME/.ssh/id_rsa.pub
.
When running sudo-commands, the user is prompted for the password. When public keys are set up correctly, the user is still prompted for the password in order to run commands as sudo, but the user does not need to provide the password when logging into the server. If the user does not have proper keys set up, the user can log in by providing the password. This is the normal Ubuntu server behaviour wrt sudo.
NOTE: There is not recipe or flag yet, which allows you to remove users. If you remove a user from this list, it will not be removed from the server(s). If you want to deny access, simply change the password and remove the public keys. FRom then on the user can then no longer log into the server.
NOTE: This recipe manages the keys, so tools like ssh-copy-id
will not work, since the keys they add will be overwritten.
"ssh_deploy_keys": [
"<enter the contents of an id_rsa.pub here>"
],
TODO
"backups": {
"<app_name>_<stage>" : {
"enabled": true,
"storage_type": "s3",
"s3_access_key": "<s3_access_key>",
"s3_secret_access_key": "<s3_secret_access_key>",
"s3_bucket": "<s3_bucketname>",
"s3_region": "<s3_region, i.e.: eu-west-1>",
"database_type": "<mysql, postgresql or none>",
"database_username": "<db_username>",
"database_password": "<db_password>",
"database_host": "<db_host likely localhost>"
}
},
TODO
"active_applications": {
"<appname>_<stage>": {
"rails_env": "<stage, eg: production>",
"packages": ["nodejs"],
"domain_names": ["<domain name>", "<domain name>", "<...>"],
"ruby_version": "2.1.0",
"ssl_info": {
"key": "<ssl key>",
"crt": "<ssl crt>"
},
"env_vars": {
"key_1": "val_1",
"key_2": "val_2"
},
"database_info": {
"adapter": "mysql2",
"host": "localhost",
"username": "<db username, max 10 characters>",
"password": "<enter a random password>",
"database": "<appname>_<stage>"
}
}
}
TODO