0

我创建了一个包装食谱来从加密的数据包中检索我的 datadog api 密钥,但它看起来在执行期间没有运行。

这是我的代码:

属性/default.rb

node.default['datadog']['encrypted_data_bag'] = 'datadog'
node.default['datadog']['encrypted_data_bag_item'] = 'datadog_keys'

食谱/set_key.rb:

node.default['datadog']['api_key'] = data_bag_item(node['datadog']['encrypted_data_bag'], node['datadog']['encrypted_data_bag_item'])['api_key']
node.default['datadog']['application_key'] = data_bag_item(node['datadog']['encrypted_data_bag'], node['datadog']['encrypted_data_bag_item'])['chef']

和del_key:

node.rm['datadog']['api_key']
node.rm['datadog']['application_key']

我创建了一个名为 datadog 的角色,该角色的运行列表如下所示:

datadog-wrapper-0.1.0::set_key
datadog::dd-agent
datadog::dd-handler
datadog-wrapper-0.1.0::del_key

我期待这个包装器配方加载数据狗键,然后运行数据狗配方,最后另一个包装器配方来删除键。但是当 Chef 运行时,我收到如下错误消息:

ArgumentError
-------------
chef_handler[Chef::Handler::Datadog] (datadog::dd-handler line 52) had an error: ArgumentError: Missing Datadog Api Key

由于我是厨师和数据包使用的新手,我有点困惑。为什么我的二传手配方没有运行?

谢谢。

4

1 回答 1

0

As I have mentioned in the comment, you are affected by two pass model. You should remove the keys in the resource added to the end of the chef run or triggered by the DD cookbook resources invoked as the last one in the run.

ruby_block "clean datadog api attributes" do
  block do
    node.rm("datadog", "api_key")
    ....
  end
  subscribes :create, "template[<some dd template using api keys>]", :immediately
end

However, it may not work with all versions of DD cookbook. From few DD cookbook versions, it is possible to store keys in node's run state which is not written to the Chef server.

node.run_state["datadog"] = {
  "api_key"         => datadog["api_key"],
  "application_key" => datadog["application_key"]
}

The above example is preferred solution to your issue.

于 2018-02-23T10:55:16.473 回答