0
尝试存储用于创建厨师保险箱的加密凭证,然后将食谱部署到我希望用户创建的节点。厨师保险柜物品未使用公钥加密
使用厨师版本37年12月13日
使用厨师穹顶菜谱2.1.1
最初创建与
输出的knife vault show ftp users
给
id: users
user: password
跳马我食谱中有这个:
include_recipe 'chef-vault'
vault = ChefVault::Item.load("ftp", "users")
user 'testuser' do
comment 'Test User Account'
home '/home/testuser'
shell '/sbin/bash'
group 'testusers'
password vault['user']
end
而我得到的错误是
ChefVault::Exceptions::SecretDecryption
---------------------------------------
ftp/users is not encrypted with your public key. Contact an administrator of the vault item to encrypt for you!
Cookbook Trace:
---------------
/var/chef/cache/cookbooks/ftp_test/recipes/default.rb:10:in
`from_file'
/var/chef/cache/cookbooks/compat_resource/files/lib/chef_compat/monkeypatches/chef/run_context.rb:347:in `load_recipe'
Relevant File Content:
----------------------
/var/chef/cache/cookbooks/ftp_test/recipes/default.rb:
3: # Recipe:: default
4: #
5: # Copyright:: 2017, The Authors, All Rights Reserved.
6: #
7:
8: include_recipe 'chef-vault'
9:
10>> vault = ChefVault::Item.load("ftp", "users")
11:
我试着做 knife update ftp users -S 'name:my_node_name' -M client
更新,但似乎并没有帮助
做一个knife data bag show ftp users_keys
给出:
WARNING: Unencrypted data bag detected, ignoring any provided secret options.
admins:
bk0155
my_node_name
my_node_name: fqkwg0098mpbDiJKFCsBEoMLiyN0kZLksiZpWwoxepr6lUgBMFGkJvSpkoGf
3ZwZt8PG2keNe9RYQ93rvgRBKGhLwP46lvDMLO78CEBPfSV5S2mYoe7B7mBb
NFhHPmWkXX2IhaL6TkLvvjATVqBEuUbeqtDb7HO5XOSTuBHacovQxEJerHmA
dXWBsPgs/GPnsu8xK3BNLHjvyVJ3ovaYkvCTxdFTWvDfb8184jC9rJX882Op
XCeGhZ3I5BPXDmNi5XW7EAPgjtbqgxIGPZwYHrrEcZji4TMKxnc6O5+9rPB/
/j4mM/QEL5zGtTeeluzmX+wSE605p9KwGAqsLpUn/g==
clients: my_node_name
id: users_keys
bk0155: mDsML41veFJclX0yXVMqYGvW52uRnZRtQTrRl1XTddgUJc0N9RR1qnyk0gxC
07jKkN+AsdkFuMoOGr7UcUCo/1MEsL125CvsSevOGOF9QMvUk67xw8Q+OlP0
4vqmvJNyaxeXxVV7FOVJSTC2ytovStD2WaSshZutNhG+EgIZ0zSOivHHryW+
aFyClqjVIA3Sm7ITuEyheqBJZZntpHhK1a4Gwk1V3T9aJZ3OT5vvFtNzppnx
CerZvQjPdthwmrqbKfMmYG3KmsPUPEMsAHxK8ryw8Sntu/MYechWzUTGYDii
gcuhehwUCgb+6LAM66ygiIqxcpZ3qg2ddcSUbo5V0g==
search_query: name:my_node_name
我也尝试过knife vault rotate keys
,我仍然得到同样的错误。
1.不幸的是'refresh'并没有改变解密过程的状态。导致同样的错误。 2.重新创建保管库会导致相同的错误。 – Patrick
我已经授予你赏金。感谢您的尝试。 – Patrick