1

这是我的食谱代码,

include_recipe 'aws'

require 'aws-sdk'

client = Aws::S3::Client.new(region: 'us-east-1')
bucket = client.get_object(bucket:'chefconfig', key: 'encrypted_data_bag_secret')

# Read content to variable
file_content = bucket.body.read 

# Log output (optional)
Chef::Log.info(file_content)

# Write content to file
file '/etc/chef/encrypted_data_bag_secret' do
  owner 'root'
  group 'root'
  mode '0755'
  content file_content
  action :create
end

password_secret = Chef::EncryptedDataBagItem.load_secret('/etc/chef/encrypted_data_bag_secret')
docker_password_data_bag_item = Chef::EncryptedDataBagItem.load('passwords', 'docker_server_master_password', password_secret)

docker_service 'default' do
  action [:create, :start]
end

docker_registry 'https://index.docker.io/v1/' do
  username node['docker']['username']
  password docker_password_data_bag_item['password']
  email node['docker']['email']
end

我认为file资源将/etc/chef/encrypted_data_bag_secret首先创建并且可供使用,Chef::EncryptedDataBagItem.load_secret但是当我运行这本食谱时,我开始收到以下错误消息。

================================================================================
  Recipe Compile Error in /var/chef/cache/cookbooks/appservers/recipes/default.rb
  ================================================================================

  Errno::ENOENT
  -------------
  No such file or directory - file not found '/etc/chef/encrypted_data_bag_secret'

  Cookbook Trace:
  ---------------
    /var/chef/cache/cookbooks/appservers/recipes/docker.rb:29:in `from_file'
    /var/chef/cache/cookbooks/appservers/recipes/default.rb:9:in `from_file'

由于我在引导节点时添加了这本食谱,所以我不知道如何在引导期间提供秘密文件。

4

1 回答 1

0

正如@tensibai 在评论中提到的,这个问题在堆栈溢出问题编译时间与厨师食谱中的运行时间中得到了很好的解释

在这里,我如何设法解决我的问题。

我将 'password_secret' 和 'docker_password_data_bag_item' 包装在 ruby​​_block 中,如下所示,

ruby_block 'load_databag_secret' do
  block do
    password_secret = Chef::EncryptedDataBagItem.load_secret('/etc/chef/encrypted_data_bag_secret')
    docker_password_data_bag_item = Chef::EncryptedDataBagItem.load('passwords', 'docker_server_master_password', password_secret)
    node.set['docker']['password'] = docker_password_data_bag_item['password']
  end
end

并将我的 docker 注册表代码更改如下,

docker_registry 'https://index.docker.io/v1/' do
  username node['docker']['username']
  password lazy {node['docker']['password']}
  email node['docker']['email']
end

请注意资源中lazy的关键字docker_registry。如果你好奇,你可以在这里了解更多。

如何在厨师食谱中将价值从一个资源传递到另一个资源

于 2015-11-09T10:53:39.693 回答