是否可以将节点对象作为ADMIN添加到chef-vault。我能够添加它,但当我尝试使用节点[nithin-desktop.nithinsworld.com] pem键刷新保险库项目时,它无法说响应:缺少更新权限
$ knife data bag show nithin_test1 db-secrets_keys
WARNING: Unencrypted data bag detected, ignoring any provided secret options.
admins:
nithin
nithin-desktop.nithinsworld.com
clients: nithin-workstation.nithinsworld.com
id: db-secrets_keys
mode: default
...
...
...
来自nithin-desktop.nithinsworld.com:
sudo knife vault refresh nithin_test1 db-secrets -M client -c /etc/chef/client.rb -V
INFO: Using configuration from /etc/chef/client.rb
WARN: The default key for nithin-desktop.nithinsworld.com not found in users, trying client keys.
ERROR: You authenticated successfully to https://sandbox.chef.access.nithinsworld.com/organizations/nithins-testing as nithin-desktop.nithinsworld.com but you are not authorized for this action.
Response: missing update permission
答案 0 :(得分:0)
您需要调整ACL,以便为配置节点提供对相关数据包和项目的写访问权限。默认情况下,出于安全原因,节点客户端(与人类客户端和用户相对)不会获得写入大多数对象类型的权限。您可以使用knife-acl gem来编辑服务器ACL。