我在保险库中创建了 7 个用户,但是当我执行knife vault show vaultname.
当我做 aknife data bag show vaultname时,我看到所有 7 个用户加上他们相应的 user_keys 项目。
chef-client当我在我的节点上运行时,我还能够看到正在创建的所有七个用户。
我目前正在运行chefserver 11.2 版。
有谁知道为什么我在跑步时只能看到 5 个用户knife vault show vaultname?
编辑
我的保险库的内容
$ knife vault show users user1
action: create
comment: User1
create_home: true
dbpass: xxxxxxx
delete_home_when_remove: true
gid: user1
groups:
user1
user2
home: /home/user1
id: user1
password: $6$tMb7XUou$9pTFWIlGbKJoT8FApDQSvjrRivnpB/tzRr/XrAX8qcdncO.OySKXCuAXxaSDPdQLlj4HGMRqvghvj24zM4XCx.
setfacl: false
shell: /bin/bash
ssh_keys: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAnOfRTKLEsUcY/0YNcJWoTq0OMQ1VbrcN4bEoqrN3cPbjCD0CcjZQKdiM9x+eD+usVbBsswG6LtE57dvM0+9tdidr0PfzK6iZ1ttv/cpnfi7Q3kKSlY4kK117ZhK2iKnLSpSMV1xPy97UDxkJK1NmC9FJpxtDmg5vqSTvmTmbs1auimehU3f3+db5g7lSXjI52jHM9xbdwONFK6yhgl2+iiC6A7AesdLT407p4S0nC6VlMcAKue1jvr0eQUK//Yqtp/APLflyQQ==
sudo_pwdless: true
sudoer: true
username: user1
厨师食谱
chef_gem 'chef-vault' do
compile_time true if respond_to?(:compile_time)
end
require 'chef-vault'
if node['testcook']['use_databag'] == true then
users = data_bag(node['testcook']['databag_name']).delete_if {|x| x.include? "_keys" }
sudoer_users = Array.new()
users.each do |id|
user = ChefVault::Item.load(node['testcook']['databag_name'], id)
testcook user['id'] do
comment user['comment'] unless user['comment'].nil?
groups user['groups'] unless user['groups'].nil?
home user['home'] unless user['home'].nil?
create_home user['create_home'] unless user['create_home'].nil?
gid user['gid'] unless user['gid'].nil?
shell user['shell'] unless user['shell'].nil?
password user['password'] unless user['password'].nil?
uid user['uid'] unless user['uid'].nil?
ssh_keys user['ssh_keys'] unless user['ssh_keys'].nil?
delete_home_when_remove user['delete_home_when_remove'] unless user['delete_home_when_remove'].nil?
if user['action'] == 'remove'
action :remove
elsif
action :create
else
action :nothing
end
end
if user['sudoer']
command = user['command'] ? user['command'] : 'ALL'
hash = { :uname => user['id'], :command => command, :sudo_pwdless => user['sudo_pwdless'] }
sudoer_users.push(hash)
end
end
else
sudoer_users = Array.new()
users = data_bag(node['testcook']['databag_name']).delete_if {|x| x.include? "_keys" }
node.default['testcook']['databag_name'].each_line do |user|
users.each do |id|
user = ChefVault::Item.load(node['testcook']['databag_name'], id)
testcook user['id'] do
comment user['comment'] unless user['comment'].nil?
groups user['groups'] unless user['groups'].nil?
home user['home'] unless user['home'].nil?
create_home user['create_home'] unless user['create_home'].nil?
shell user['shell'] unless user['shell'].nil?
password user['password'] unless user['password'].nil?
uid user['uid'] unless user['uid'].nil?
gid user['gid'] unless user['gid'].nil?
ssh_keys user['ssh_keys'] unless user['ssh_keys'].nil?
delete_home_when_remove user['delete_home_when_remove'] unless user['delete_home_when_remove'].nil?
if user['action'] == 'remove' then
action :remove
elsif
action :create
else
action :nothing
end
end
if user['sudoer']
command = user['command'] ? user['command'] : 'ALL'
hash = { :uname => user['username'], :command => command, :sudo_pwdless => user['sudo_pwdless'] }
sudoer_users.push(hash)
end
end
end
end
template "/etc/sudoers" do
source 'sudoers.erb'
mode '0440'
owner 'root'
group node['root_group']
variables(
:sudoers_users => sudoer_users,
:sudoers_groups => node[:testcook][:users][:sudoer_group]
)
only_if { sudoer_users }
end