From 8cfcc28db1acc7594dbbf76b846f4964f40f9e63 Mon Sep 17 00:00:00 2001
From: Eric Williams <eric@subcritical.org>
Date: Mon, 25 Feb 2019 19:09:39 +0000
Subject: Enable encrypted_data_bag_secret support for Chef

Encrypted data bags require a secrets file to be present to
decrypt, and the location of the file must be configured the
Chef client configuration file, client.rb.

This update enables cloud-init's chef module to update that
setting in client.rb.

LP: #1817082
---
 doc/examples/cloud-config-chef.txt | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'doc/examples')

diff --git a/doc/examples/cloud-config-chef.txt b/doc/examples/cloud-config-chef.txt
index defc5a54..2320e01a 100644
--- a/doc/examples/cloud-config-chef.txt
+++ b/doc/examples/cloud-config-chef.txt
@@ -98,6 +98,9 @@ chef:
  # to the install script
  omnibus_version: "12.3.0"
 
+ # If encrypted data bags are used, the client needs to have a secrets file
+ # configured to decrypt them
+ encrypted_data_bag_secret: "/etc/chef/encrypted_data_bag_secret"
 
 # Capture all subprocess output into a logfile
 # Useful for troubleshooting cloud-init issues
-- 
cgit v1.2.3