oc_id: email configuration

[dissonanz]

I'm setting up an open source Chef 12 server with supermarket, and the password reset service from oc_id fails because the origin host is not set in the production.yml file. Additionally, the from: address is also not overridden.

I've managed to workaround the problem by creating a settings.local.yml file in /opt/opscode/embedded/service/oc_id/config containing the following lines:

email_from_address: 'Chef Notifications <[email protected]>'
origin: chef.notchef.io

But it would be far better to have these lines included in /var/opt/opscode/oc_id/config/production.yml

[pmoosh]

+1

[smith]

The correct way to fix this will be to add these options to be configurable in chef-server.rb. The options should be added here:

chef-server/omnibus/files/private-chef-cookbooks/private-chef/attributes/default.rb

Lines 539 to 575 in cd2ec8d

	# Chef Identity
	###
	default['private_chef']['oc_id']['enable'] = true
	default['private_chef']['oc_id']['ha'] = false
	default['private_chef']['oc_id']['dir'] = "/var/opt/opscode/oc_id"
	default['private_chef']['oc_id']['log_directory'] = "/var/log/opscode/oc_id"
	default['private_chef']['oc_id']['log_rotation']['file_maxbytes'] = 104857600
	default['private_chef']['oc_id']['log_rotation']['num_to_keep'] = 10
	default['private_chef']['oc_id']['vip'] = "127.0.0.1"
	default['private_chef']['oc_id']['port'] = 9090
	default['private_chef']['oc_id']['sql_database'] = "oc_id"
	default['private_chef']['oc_id']['sql_user'] = "oc_id"
	default['private_chef']['oc_id']['sql_password'] = "snakepliskin"
	default['private_chef']['oc_id']['sql_ro_user'] = "oc_id_ro"
	default['private_chef']['oc_id']['sql_ro_password'] = "look-but-don't-touch"
	default['private_chef']['oc_id']['db_pool_size'] = '20'
	default['private_chef']['oc_id']['sentry_dsn'] = nil
	default['private_chef']['oc_id']['sign_up_url'] = nil
	default['private_chef']['oc_id']['administrators'] = []
	# Use to define predefined applications that can authenticate with the server.
	# Entries are a hash with the key being the name of the application and the
	# value being a hash with a 'redirect_uri' key. Example:
	#
	# oc_id['applications'] = {
	# 'supermarket' => {
	# 'redirect_uri' => 'http://supermarket.mycorp/auth/chef_oauth2/callback'
	# },
	# 'another_app' => {
	# 'redirect_uri' => 'http://anotherapp.mycorp/auth/chef_oauth2/callback'
	# }
	# }
	#
	# Default value: `{}`.
	default['private_chef']['oc_id']['applications'] = {}

and here

chef-server/omnibus/files/private-chef-cookbooks/private-chef/recipes/oc_id.rb

Lines 27 to 38 in cd2ec8d

	app_settings = {
	'chef' => {
	'endpoint' => "https://#{node['private_chef']['lb_internal']['vip']}",
	'superuser' => 'pivotal',
	'key_path' => '/etc/opscode/webui_priv.pem'
	},
	'doorkeeper' => {
	'administrators' => node['private_chef']['oc_id']['administrators'] || []
	},
	'sentry_dsn' => node['private_chef']['oc_id']['sentry_dsn'],
	'sign_up_url' => sign_up_url,
	}

Then, in your chef-server.rb you could do:

oc_id['email_from_address'] 'Chef Notifications <[email protected]>'
oc_id['origin'] 'chef.notchef.io'

The oc_id options from that file get written out to production.yml when you chef-server-ctl reconfigure:

chef-server/omnibus/files/private-chef-cookbooks/private-chef/recipes/oc_id.rb

Lines 78 to 84 in cd2ec8d

	file "#{oc_id_config_dir}/production.yml" do
	owner OmnibusHelper.new(node).ownership['owner']
	group OmnibusHelper.new(node).ownership['group']
	mode '640'
	content mutable_hash.to_yaml
	notifies :restart, 'runit_service[oc_id]' unless backend_secondary?
	end

The settings.local.yml should override what's in the production.yml (we're using https://github.com/railsconfig/config), so that's probably the best workaround for now, but it might also be a good idea to place the file outside of /opt and symlink it to avoid the possibility of it being wiped out on an upgrade.