0

是否可以将节点对象作为 ADMIN 添加到 chef-vault。我能够添加它,但是当我尝试使用节点 [nithin-desktop.nithinsworld.com] pem 键刷新保管库项目时,它失败说响应:缺少更新权限

$ knife data bag show nithin_test1 db-secrets_keys
WARNING: Unencrypted data bag detected, ignoring any provided secret options.
admins:
  nithin
  nithin-desktop.nithinsworld.com
clients:                         nithin-workstation.nithinsworld.com
id:                              db-secrets_keys
mode:                            default
...
...
...

来自 nithin-desktop.nithinsworld.com:

sudo knife vault refresh nithin_test1 db-secrets -M client -c /etc/chef/client.rb -V
INFO: Using configuration from /etc/chef/client.rb 
WARN: The default key for nithin-desktop.nithinsworld.com not found in users, trying client keys.
ERROR: You authenticated successfully to https://sandbox.chef.access.nithinsworld.com/organizations/nithins-testing as nithin-desktop.nithinsworld.com but you are not authorized for this action.
Response:  missing update permission
4

1 回答 1

0

您需要调整 ACL 以授予供应节点对相关数据包和项目的写入权限。默认情况下,出于安全原因,节点客户端(与人类客户端和用户相反)没有获得写入大多数对象类型的权限。您可以使用knife-aclgem 来编辑服务器 ACL。

于 2018-01-22T12:27:06.187 回答