没有这样的文件或目录 - 找不到文件错误厨师

Question

这是我的食谱代码，

include_recipe 'aws'

require 'aws-sdk'

client = Aws::S3::Client.new(region: 'us-east-1')
bucket = client.get_object(bucket:'chefconfig', key: 'encrypted_data_bag_secret')

# Read content to variable
file_content = bucket.body.read 

# Log output (optional)
Chef::Log.info(file_content)

# Write content to file
file '/etc/chef/encrypted_data_bag_secret' do
  owner 'root'
  group 'root'
  mode '0755'
  content file_content
  action :create
end

password_secret = Chef::EncryptedDataBagItem.load_secret('/etc/chef/encrypted_data_bag_secret')
docker_password_data_bag_item = Chef::EncryptedDataBagItem.load('passwords', 'docker_server_master_password', password_secret)

docker_service 'default' do
  action [:create, :start]
end

docker_registry 'https://index.docker.io/v1/' do
  username node['docker']['username']
  password docker_password_data_bag_item['password']
  email node['docker']['email']
end

我认为file资源将首先创建/etc/chef/encrypted_data_bag_secret，并且可用于Chef::EncryptedDataBagItem.load_secret但是当我运行此食谱时，我开始收到以下错误消息。

================================================================================
  Recipe Compile Error in /var/chef/cache/cookbooks/appservers/recipes/default.rb
  ================================================================================

  Errno::ENOENT
  -------------
  No such file or directory - file not found '/etc/chef/encrypted_data_bag_secret'

  Cookbook Trace:
  ---------------
    /var/chef/cache/cookbooks/appservers/recipes/docker.rb:29:in `from_file'
    /var/chef/cache/cookbooks/appservers/recipes/default.rb:9:in `from_file'

由于我在引导节点时添加了这本食谱，所以我不知道如何在引导期间提供秘密文件。

Answer 1

正如@tensibai在评论中提到的那样，问题在堆栈溢出问题compile time vs run time in chef recipes

中得到了很好的解释

这是我如何设法解决我的问题。

我在ruby_block中包装'password_secret'和'docker_password_data_bag_item'，如下所示，

ruby_block 'load_databag_secret' do
  block do
    password_secret = Chef::EncryptedDataBagItem.load_secret('/etc/chef/encrypted_data_bag_secret')
    docker_password_data_bag_item = Chef::EncryptedDataBagItem.load('passwords', 'docker_server_master_password', password_secret)
    node.set['docker']['password'] = docker_password_data_bag_item['password']
  end
end

并更改了我的docker注册码，如下所示，

docker_registry 'https://index.docker.io/v1/' do
  username node['docker']['username']
  password lazy {node['docker']['password']}
  email node['docker']['email']
end

请注意lazy资源中的docker_registry个关键字。如果你很好奇，你可以在这里了解更多。

how-to-pass-value-from-one-resource-to-another-resource-in-chef-recipe