16 Mar 2014, 10:28

Version 0.4.0 of goiardi released. Now, with authentication!

A new version of goiardi, version 0.4.0, as been released.

This version fixes a bug with pessimistic matching, adds more tests, improves the documentation with an expanded README and more godocs, and introduces client/user authentication and authorization and SSL for connections as optional settings. It will also run and authenticate properly with the chef webui, if you’re so inclined. The webui is a separate install, however, and does not ship with goiardi.

There is also a fork of chef-pedant customized for goiardi now, to handle some tests with authentication where goiardi and the chef-server make slightly different decisions.

Goiardi still works fine in no-auth mode. The authentication and authorization parts are completely optional, but they’re there if you want or need authentication. It’s recommended that if you do use authentication that you should set the –index-file and –data-file options for persistent data and index storage, but it’s not strictly necessary. See the README for more on how to set up authentication.

SSL is pretty straightforward, and also explained in the README. You’ll need to generate a certificate/key pair for it to work, but that isn’t too hard. This does assume that you’d use a self-signed certificate for this; if you’re going to use a real cert I assume you know what you’re doing (and am a little surprised, to be honest).

That’s it for this release. The next major goiardi task coming up, barring any unexpected changes, is allowing it to use a database for the backend. This will be optional, of course; I plan on supporting the in-memory, no-auth mode a la chef-zero for goiardi indefinitely. Further out, there may be a smoother installation process, and someday even perhaps goiardi-specific features.

13 Mar 2014, 10:03

Meanwhile, in the auth branch...

While there is still some work remaining with finishing some needed authorization checks, I’m happy to report that in the goiardi auth branch, authentication for chef clients and webui is working and passing the chef-pedant tests.

Once those authorization issues are ironed out, I’ll start work on updating the documentation and making a new formal release. If, in the meantime, anyone felt like testing it, it’s pretty easy. Start goiardi with the -A or --use-auth flags, and set --conf-root to whereever you’d like the chef-validator, chef-webui, and admin certificates to be stored. You’d probably also want to specify index and data files for persistence, but you don’t have to. Goiardi works with chef-webui fine as well, but at the moment you’ll have to set a password for the admin user with knife.

As of this writing goiardi authentication is still a work in progress, but it’s far enough along to start banging on to look for problems. The chef-pedant tests are pretty happy, but that doesn’t always catch every real world issue.