chef-infra - 如何通过 chef-solo 创建用户帐户？

Question

问题

1. 如何通过 chef-solo 创建用户帐户？
2. 为什么“用户”配方需要 client.pem？

环境

• 红宝石是ruby 1.8.7 (2011-06-30 patchlevel 352) [i686-linux]
• 厨师独奏是Chef: 0.10.8
• “用户”配方版本位于 2012 年 3 月 27 日（提交：f6e1d421f3513c92a0cfbf89c77f750e402ba545）。
• 仅食谱{"run_list":["recipe[users::sysadmins]"]}

描述

我将通过 chef-solo 使用配方“ users ”创建用户帐户。但是发生了错误，如下所示。

FATAL: Chef::Exceptions::PrivateKeyMissing: users_manage[sysadmin] (users::sysadmins line 23) had an error: Chef::Exceptions::PrivateKeyMissing: I cannot read /etc/chef/client.pem, which you told me to use to sign requests!

日志

vagrant@lucid32:/tmp/vagrant-chef-1$ ruby --version
ruby 1.8.7 (2011-06-30 patchlevel 352) [i686-linux]
vagrant@lucid32:/tmp/vagrant-chef-1$ chef-solo -v
Chef: 0.10.8
vagrant@lucid32:/tmp/vagrant-chef-1$ cat /tmp/vagrant-chef-1/solo.rb
file_cache_path "/tmp/vagrant-chef-1"
cookbook_path ["/tmp/vagrant-chef-1/chef-solo-1/cookbooks", "/tmp/vagrant-chef-1/cookbooks/cookbooks"]
role_path nil
log_level :debug
vagrant@lucid32:/tmp/vagrant-chef-1$ cat /tmp/vagrant-chef-1/dna.json
{"run_list":["recipe[users::sysadmins]"]}
vagrant@lucid32:/tmp/vagrant-chef-1$ sudo chef-solo -c solo.rb -j dna.json
[Mon, 26 Mar 2012 17:54:48 -0700] INFO: *** Chef 0.10.8 ***
[Mon, 26 Mar 2012 17:54:49 -0700] DEBUG: Building node object for lucid32
[Mon, 26 Mar 2012 17:54:49 -0700] DEBUG: Extracting run list from JSON attributes provided on command line
[Mon, 26 Mar 2012 17:54:49 -0700] INFO: Setting the run_list to ["recipe[users::sysadmins]"] from JSON
[Mon, 26 Mar 2012 17:54:49 -0700] DEBUG: Applying attributes from json file
[Mon, 26 Mar 2012 17:54:49 -0700] DEBUG: Platform is ubuntu version 10.04
[Mon, 26 Mar 2012 17:54:49 -0700] INFO: Run List is [recipe[users::sysadmins]]
[Mon, 26 Mar 2012 17:54:49 -0700] INFO: Run List expands to [users::sysadmins]
[Mon, 26 Mar 2012 17:54:49 -0700] INFO: Starting Chef Run for lucid32
[Mon, 26 Mar 2012 17:54:49 -0700] INFO: Running start handlers
[Mon, 26 Mar 2012 17:54:49 -0700] INFO: Start handlers complete.
[Mon, 26 Mar 2012 17:54:49 -0700] DEBUG: No chefignore file found at /tmp/vagrant-chef-1/chef-solo-1/cookbooks/chefignore no files will be ignored
[Mon, 26 Mar 2012 17:54:49 -0700] DEBUG: No chefignore file found at /tmp/vagrant-chef-1/cookbooks/cookbooks/chefignore no files will be ignored
[Mon, 26 Mar 2012 17:54:49 -0700] DEBUG: Loading cookbook users's providers from /tmp/vagrant-chef-1/chef-solo-1/cookbooks/users/providers/manage.rb
[Mon, 26 Mar 2012 17:54:49 -0700] DEBUG: Loaded contents of /tmp/vagrant-chef-1/chef-solo-1/cookbooks/users/providers/manage.rb into a provider named users_manage defined in Chef::Provider::UsersManage
[Mon, 26 Mar 2012 17:54:49 -0700] DEBUG: Loading cookbook users's resources from /tmp/vagrant-chef-1/chef-solo-1/cookbooks/users/resources/manage.rb
[Mon, 26 Mar 2012 17:54:49 -0700] DEBUG: Loaded contents of /tmp/vagrant-chef-1/chef-solo-1/cookbooks/users/resources/manage.rb into a resource named users_manage defined in Chef::Resource::UsersManage
[Mon, 26 Mar 2012 17:54:49 -0700] DEBUG: Loading Recipe users::sysadmins via include_recipe
[Mon, 26 Mar 2012 17:54:49 -0700] DEBUG: Found recipe sysadmins in cookbook users
[Mon, 26 Mar 2012 17:54:49 -0700] DEBUG: Loading from cookbook_path: /tmp/vagrant-chef-1/chef-solo-1/cookbooks, /tmp/vagrant-chef-1/cookbooks/cookbooks
[Mon, 26 Mar 2012 17:54:49 -0700] DEBUG: Converging node lucid32
[Mon, 26 Mar 2012 17:54:49 -0700] DEBUG: Processing users_manage[sysadmin] on lucid32
[Mon, 26 Mar 2012 17:54:49 -0700] INFO: Processing users_manage[sysadmin] action remove (users::sysadmins line 23)
[Mon, 26 Mar 2012 17:54:49 -0700] WARN: Failed to read the private key /etc/chef/client.pem: #<Errno::ENOENT: No such file or directory - /etc/chef/client.pem>
[Mon, 26 Mar 2012 17:54:49 -0700] ERROR: users_manage[sysadmin] (users::sysadmins line 23) has had an error
[Mon, 26 Mar 2012 17:54:49 -0700] ERROR: users_manage[sysadmin] (/tmp/vagrant-chef-1/chef-solo-1/cookbooks/users/recipes/sysadmins.rb:23:in `from_file') had an error:
users_manage[sysadmin] (users::sysadmins line 23) had an error: Chef::Exceptions::PrivateKeyMissing: I cannot read /etc/chef/client.pem, which you told me to use to sign requests!
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/rest/auth_credentials.rb:62:in `load_signing_key'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/rest/auth_credentials.rb:33:in `initialize'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/rest.rb:47:in `new'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/rest.rb:47:in `initialize'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/search/query.rb:34:in `new'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/search/query.rb:34:in `initialize'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/mixin/language.rb:133:in `new'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/mixin/language.rb:133:in `search'
/tmp/vagrant-chef-1/chef-solo-1/cookbooks/users/providers/manage.rb:27:in `class_from_file'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/provider.rb:104:in `instance_eval'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/provider.rb:104:in `action_remove'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/resource.rb:440:in `send'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/resource.rb:440:in `run_action'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/runner.rb:45:in `run_action'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/runner.rb:81:in `converge'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/runner.rb:81:in `each'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/runner.rb:81:in `converge'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/resource_collection.rb:94:in `execute_each_resource'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/resource_collection/stepable_iterator.rb:116:in `call'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/resource_collection/stepable_iterator.rb:116:in `call_iterator_block'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/resource_collection/stepable_iterator.rb:85:in `step'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/resource_collection/stepable_iterator.rb:104:in `iterate'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/resource_collection/stepable_iterator.rb:55:in `each_with_index'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/resource_collection.rb:92:in `execute_each_resource'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/runner.rb:76:in `converge'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/client.rb:312:in `converge'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/client.rb:160:in `run'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/application/solo.rb:192:in `run_application'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/application/solo.rb:183:in `loop'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/application/solo.rb:183:in `run_application'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/application.rb:67:in `run'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/chef-solo:25
/opt/ruby/bin//chef-solo:19:in `load'
/opt/ruby/bin//chef-solo:19
[Mon, 26 Mar 2012 17:54:49 -0700] ERROR: Running exception handlers
[Mon, 26 Mar 2012 17:54:49 -0700] ERROR: Exception handlers complete
[Mon, 26 Mar 2012 17:54:49 -0700] DEBUG: Re-raising exception: Chef::Exceptions::PrivateKeyMissing - users_manage[sysadmin] (users::sysadmins line 23) had an error: Chef::Exceptions::PrivateKeyMissing: I cannot read /etc/chef/client.pem, which you told me to use to sign requests!
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/rest/auth_credentials.rb:62:in `load_signing_key'
  /opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/rest/auth_credentials.rb:33:in `initialize'
  /opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/rest.rb:47:in `new'
  /opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/rest.rb:47:in `initialize'
  /opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/search/query.rb:34:in `new'
  /opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/search/query.rb:34:in `initialize'
  /opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/mixin/language.rb:133:in `new'
  /opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/mixin/language.rb:133:in `search'
  /tmp/vagrant-chef-1/chef-solo-1/cookbooks/users/providers/manage.rb:27:in `class_from_file'
  /opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/provider.rb:104:in `instance_eval'
  /opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/provider.rb:104:in `action_remove'
  /opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/resource.rb:440:in `send'
  /opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/resource.rb:440:in `run_action'
  /opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/runner.rb:45:in `run_action'
  /opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/runner.rb:81:in `converge'
  /opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/runner.rb:81:in `each'
  /opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/runner.rb:81:in `converge'
  /opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/resource_collection.rb:94:in `execute_each_resource'
  /opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/resource_collection/stepable_iterator.rb:116:in `call'
  /opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/resource_collection/stepable_iterator.rb:116:in `call_iterator_block'
  /opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/resource_collection/stepable_iterator.rb:85:in `step'
  /opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/resource_collection/stepable_iterator.rb:104:in `iterate'
  /opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/resource_collection/stepable_iterator.rb:55:in `each_with_index'
  /opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/resource_collection.rb:92:in `execute_each_resource'
  /opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/runner.rb:76:in `converge'
  /opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/client.rb:312:in `converge'
  /opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/client.rb:160:in `run'
  /opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/application/solo.rb:192:in `run_application'
  /opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/application/solo.rb:183:in `loop'
  /opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/application/solo.rb:183:in `run_application'
  /opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/application.rb:67:in `run'
  /opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/chef-solo:25
  /opt/ruby/bin//chef-solo:19:in `load'
  /opt/ruby/bin//chef-solo:19
[Mon, 26 Mar 2012 17:54:49 -0700] FATAL: Stacktrace dumped to /tmp/vagrant-chef-1/chef-stacktrace.out
[Mon, 26 Mar 2012 17:54:49 -0700] DEBUG: Chef::Exceptions::PrivateKeyMissing: users_manage[sysadmin] (users::sysadmins line 23) had an error: Chef::Exceptions::PrivateKeyMissing: I cannot read /etc/chef/client.pem, which you told me to use to sign requests!
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/rest/auth_credentials.rb:62:in `load_signing_key'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/rest/auth_credentials.rb:33:in `initialize'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/rest.rb:47:in `new'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/rest.rb:47:in `initialize'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/search/query.rb:34:in `new'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/search/query.rb:34:in `initialize'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/mixin/language.rb:133:in `new'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/mixin/language.rb:133:in `search'
/tmp/vagrant-chef-1/chef-solo-1/cookbooks/users/providers/manage.rb:27:in `class_from_file'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/provider.rb:104:in `instance_eval'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/provider.rb:104:in `action_remove'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/resource.rb:440:in `send'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/resource.rb:440:in `run_action'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/runner.rb:45:in `run_action'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/runner.rb:81:in `converge'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/runner.rb:81:in `each'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/runner.rb:81:in `converge'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/resource_collection.rb:94:in `execute_each_resource'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/resource_collection/stepable_iterator.rb:116:in `call'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/resource_collection/stepable_iterator.rb:116:in `call_iterator_block'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/resource_collection/stepable_iterator.rb:85:in `step'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/resource_collection/stepable_iterator.rb:104:in `iterate'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/resource_collection/stepable_iterator.rb:55:in `each_with_index'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/resource_collection.rb:92:in `execute_each_resource'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/runner.rb:76:in `converge'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/client.rb:312:in `converge'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/client.rb:160:in `run'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/application/solo.rb:192:in `run_application'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/application/solo.rb:183:in `loop'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/application/solo.rb:183:in `run_application'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/../lib/chef/application.rb:67:in `run'
/opt/ruby/lib/ruby/gems/1.8/gems/chef-0.10.8/bin/chef-solo:25
/opt/ruby/bin//chef-solo:19:in `load'
/opt/ruby/bin//chef-solo:19
[Mon, 26 Mar 2012 17:54:49 -0700] FATAL: Chef::Exceptions::PrivateKeyMissing: users_manage[sysadmin] (users::sysadmins line 23) had an error: Chef::Exceptions::PrivateKeyMissing: I cannot read /etc/chef/client.pem, which you told me to use to sign requests!

Answer 1

最后，我成功地用 chef-solo 和 data_bags 创建了一个帐户。

它需要：

• 厨师独奏搜索
• 用户（需要 1.1.2 版，不能在 head 修订版中工作）

食谱。

见https://github.com/niku/vagrant_config_files/tree/minimum_set

Answer 2

Opscode 的“用户”食谱依赖于使用以服务器为中心的功能进行用户管理，即数据包和搜索。它并非设计或旨在与 Chef Solo 一起使用。

配方中使用的users_manage资源针对数据包users::sysadmins运行 Chef Search 查询。users当配方运行时，它会尝试连接到服务器，这就是它正在寻找的原因/etc/chef/client.pem- 与厨师服务器进行身份验证。因为你两者都没有，所以它失败了。

更新

现在有一本食谱，它为 Chef Solo 的数据包项目添加了“类似搜索”的功能，使用“用户”食谱可能会感兴趣。

• 厨师独奏搜索食谱

请注意，“用户”食谱当前会检查 Chef Solo，如果检测到则不会运行。根据 FC003，这是最近通过 foodcritic 的 linting 检查的一部分。用户手册的 1.1.2版不包含此更改（它在master分支中）

Answer 3

最好使用这本食谱。它提供了更灵活的用户资源。例如：

user_account 'hsolo' 做
  评论“韩索罗”
  # 文件密钥 ~/.ssh/authorized keys
  ssh_keys ['3dc348d9af8027df7b9c...', '2154d3734d609eb5c452...']
结尾

用户的 ssh 密钥和其他首选项将自动生成。

Answer 4

您可以使用用户资源创建本地用户，例如：

user "random" do
  comment "Random User"
  uid 1000
  gid "users"
  home "/home/random"
  shell "/bin/zsh"
  password "$1$JJsvHslV$szsCjVEroftprNn4JHtDi."
end