Added parameters and steps to obtain pem files without curl. #8
Conversation
…with description of said parameters and how to use them.
…o save random generated password.
| chef-server-ctl org-create my_org "Default organization" --association_user admin --filename /etc/chef/my_org-validator.pem | ||
|
|
||
| if [[ -z $CHEF_MAIL ]]; then | ||
| chefMail="admin@$chefFDQN"; |
|
Hello @franklines! Thanks for your support, it means a lot! -I understand your concern about the admin keys and I think it can be improved. The point of this container is to easily get started. With this in mind, may I suggest the creation of an argument that will disable the access to the keys as opposed to removing it? Thanks again for this PR! |
| @@ -1,27 +1,43 @@ | |||
| # chef-server | |||
|
|
|||
| chef-server will run Chef Server 12 in an Ubuntu Trusty 14.04 LTS container. | |||
There was a problem hiding this comment.
This is needed in order to add a newline.
| You can however change that to another port by adding `-e SSL_PORT=new_port` to the `docker run` command below and update the expose port `-p` accordingly. | ||
|
|
||
| ##### SSL certificate | ||
| When Chef Server gets configured it creates an SSL certificate based on the container's FQDN (i.e "103d6875c1c5" which is the "CONTAINER ID"). This default behiavior has been changed to always produce an SSL certificate file named "chef-server.crt". |
There was a problem hiding this comment.
This is needed in order to add a newline.
| admin | ||
| ``` | ||
| **Done!** | ||
|
|
||
| ##### Note | ||
| Chef-Server running inside a container isn't officially supported by [Chef](https://www.chef.io/about/) and as a result the webui isn't available. |
There was a problem hiding this comment.
This is needed in order to add a newline.
| However the webui is not required since you can interact with Chef-Server via the `knife` and `chef-server-ctl` commands. | ||
|
|
||
| ##### Tags | ||
| v1.0: Chef Server 11 |
There was a problem hiding this comment.
This is needed in order to add a newline.
| Image Size: Approximately 1GB | ||
|
|
||
| This is a fork of: [base/chef-server](https://registry.hub.docker.com/u/base/chef-server/). | ||
|
|
||
| ## Environment |
There was a problem hiding this comment.
Can we keep the same format here? I find it easier to look at.
| `/var/log/` is accessible via a volume directory. Feel free to optionally to use it with the `docker run` command above by adding: `-v ~/chef-logs:/var/log` | ||
|
|
||
| ##### DNS | ||
| The container needs to be **DNS resolvable!** |
There was a problem hiding this comment.
This is needed in order to add a newline.
| `/var/log/` is accessible via a volume directory. Feel free to optionally to use it with the `docker run` command above by adding: `-v ~/chef-logs:/var/log` | ||
|
|
||
| ##### DNS | ||
| The container needs to be **DNS resolvable!** | ||
| Be sure **'chef-server'** or **$CONTAINER_NAME** is pointing to the container's IP! |
There was a problem hiding this comment.
This is needed in order to add a newline.
Hello!
Foremost, I want to give a thank you for providing this docker image. I was able to setup a quick test chef environment. The setup was pretty straight forward but I wanted to contribute and make the configure script more user-defined.
Changes made to fork:
Removed the nginx conf addition that made the admin keys available to anyone who can curl the web server. (for security purposes, in my case I had a public facing server and port 443 was open. Anyone could crawl the chef server and download the keys.)
Added new username & password parameters so that users can define their desired credentials. If none are specified, then a random password is generated for the user "admin". (for user convenience & security)
Updated README.md file with new parameters added and steps to take to retrieve the pem files without using curl. (initiate a shell session)
I'm very open to feedback and how I can improve the changes performed by myself.
Regards,
Franklin E.