0

我在保险库中创建了 7 个用户,但是当我执行knife vault show vaultname.

当我做 aknife data bag show vaultname时,我看到所有 7 个用户加上他们相应的 user_keys 项目。

chef-client当我在我的节点上运行时,我还能够看到正在创建的所有七个用户。

我目前正在运行chefserver 11.2 版。

有谁知道为什么我在跑步时只能看到 5 个用户knife vault show vaultname


编辑

我的保险库的内容

$ knife vault show users user1

action:                  create
comment:                 User1
create_home:             true
dbpass:                  xxxxxxx
delete_home_when_remove: true
gid:                     user1
groups:
  user1
  user2
home:                    /home/user1
id:                      user1
password:                $6$tMb7XUou$9pTFWIlGbKJoT8FApDQSvjrRivnpB/tzRr/XrAX8qcdncO.OySKXCuAXxaSDPdQLlj4HGMRqvghvj24zM4XCx.
setfacl:                 false
shell:                   /bin/bash
ssh_keys:                ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAnOfRTKLEsUcY/0YNcJWoTq0OMQ1VbrcN4bEoqrN3cPbjCD0CcjZQKdiM9x+eD+usVbBsswG6LtE57dvM0+9tdidr0PfzK6iZ1ttv/cpnfi7Q3kKSlY4kK117ZhK2iKnLSpSMV1xPy97UDxkJK1NmC9FJpxtDmg5vqSTvmTmbs1auimehU3f3+db5g7lSXjI52jHM9xbdwONFK6yhgl2+iiC6A7AesdLT407p4S0nC6VlMcAKue1jvr0eQUK//Yqtp/APLflyQQ== 
sudo_pwdless:            true
sudoer:                  true
username:                user1

厨师食谱

chef_gem 'chef-vault' do
  compile_time true if respond_to?(:compile_time)
end

require 'chef-vault'

if node['testcook']['use_databag'] == true then
        users = data_bag(node['testcook']['databag_name']).delete_if {|x| x.include? "_keys" }
        sudoer_users = Array.new()
        users.each do |id|
              user = ChefVault::Item.load(node['testcook']['databag_name'], id)
              testcook user['id'] do
                 comment user['comment'] unless user['comment'].nil?
                 groups user['groups'] unless user['groups'].nil?
                 home user['home'] unless user['home'].nil?
                 create_home user['create_home'] unless user['create_home'].nil?
                 gid user['gid'] unless user['gid'].nil?
                 shell user['shell'] unless user['shell'].nil?
                 password user['password'] unless user['password'].nil?
                 uid user['uid'] unless user['uid'].nil?
                 ssh_keys user['ssh_keys'] unless user['ssh_keys'].nil?
                 delete_home_when_remove user['delete_home_when_remove'] unless user['delete_home_when_remove'].nil?
                 if user['action'] == 'remove'
                         action :remove
                 elsif
                        action :create
                 else
                         action :nothing
                end
         end
         if user['sudoer']
                 command = user['command'] ? user['command'] : 'ALL'
                 hash = { :uname => user['id'], :command => command, :sudo_pwdless => user['sudo_pwdless'] }
                 sudoer_users.push(hash)
         end
    end
else
    sudoer_users = Array.new()
    users = data_bag(node['testcook']['databag_name']).delete_if {|x| x.include? "_keys" }
    node.default['testcook']['databag_name'].each_line do |user|
    users.each do |id|
    user = ChefVault::Item.load(node['testcook']['databag_name'], id)
         testcook user['id'] do
                   comment user['comment'] unless user['comment'].nil?
                   groups user['groups'] unless user['groups'].nil?
                   home user['home'] unless user['home'].nil?
                   create_home user['create_home'] unless user['create_home'].nil?
                   shell user['shell'] unless user['shell'].nil?
                   password user['password'] unless user['password'].nil?
                   uid user['uid'] unless user['uid'].nil?
                   gid user['gid'] unless user['gid'].nil?
                   ssh_keys user['ssh_keys'] unless user['ssh_keys'].nil?
                   delete_home_when_remove user['delete_home_when_remove'] unless user['delete_home_when_remove'].nil?
                   if user['action'] == 'remove' then
                           action :remove
                   elsif
                          action :create
                   else
                           action :nothing
                   end
            end
            if user['sudoer']
                   command = user['command'] ? user['command'] : 'ALL'
                   hash = { :uname => user['username'], :command => command, :sudo_pwdless => user['sudo_pwdless'] }
                   sudoer_users.push(hash)
            end
      end
  end
end
template "/etc/sudoers" do
         source 'sudoers.erb'
         mode   '0440'
         owner  'root'
         group  node['root_group']
         variables(
                  :sudoers_users     => sudoer_users,
                  :sudoers_groups     =>  node[:testcook][:users][:sudoer_group]
        )
        only_if { sudoer_users }
end
4

0 回答 0