Skip to content
This repository has been archived by the owner on Apr 23, 2019. It is now read-only.

How to manage your node configurations with git

Jump to bottom
berkes edited this page Nov 11, 2014 · 1 revision

When using chef-repo, you probably want to manage your node files with git too. So that changes to your servers are correctly versioned.

But having it in a git repository poses a threat too; the node file can contain important information, which, when leaked to the public, can cause problems. For example, when using SSL, the node file will contain the private keys. When using sysadmins, it will contain hashed passwords. And when using your own additional cookbooks, details like your firewall setup might cause security-issues.

In short: you really want to avoid any chance of accidentally sharing the nodes configuration files. Chef-repo already has a line in .gitignore which makes sure all files ending in .json, except for the example_host.json are not versioned.

With a few steps, you can start tracking your custom node-configurations, in a way that you can be certain it will not be shared online.

Initialize a repository

Go into the node directory and initialize the repository.

cd nodes
git init .

Then make sure to ignore the files that are shipped with chef-repo, by adding two lines; one for .gitkeep and one for sample_host.json. Then commit this setup.

echo ".gitkeep\nsample_host.json" > .gitignore
git add .gitignore
git commit -m"Initialization of the node configurations"

That's all, you now track the node-config.

Back it up

You might want to keep a copy elsewhere. You could set up a private repo on something like Github, but, unless you have a good reason to share this repo across multiple systems, there really is no good reason to have this "online" somewhere. Again, you are storing plain-text private SSL-keys, for example. If it leaks, because you accidentally make this repo public, you must revoke such certificate and might need to inform clients about this. Best practice is to store such data in a well-protected and location that is fully under your control.

The simplest solution is to include the nodes directory (and the .git file in it) in your backup-plan. If you don't have one, or don't want to include this in your backups, you could set up a remote on a thumb-drive, other disk or another directory.

git init --bare /path/to/mounted/thumbdrive
cd nodes
git remote add backup /path/to/mounted/thumbdrive
git push backup
Clone this wiki locally