未使用您的公钥加密Chef Vault Item

时间:2017-05-03 23:30:58

标签: chef

尝试为用户创建Chef Vault存储加密凭据,然后将cookbook部署到我希望用户创建的节点上。

使用Chef版本12.13.37

使用chef-vault cookbook 2.1.1

最初使用

创建了保管库 
processMessage

knife vault create ftp users \ '{"user":"password"}' \ --search 'name:my_node_name' \ --admins bk0155 \ --mode client 的输出结果

knife vault show ftp users

我的食谱中有这个:

id:             users
user: password

我得到的错误是

include_recipe 'chef-vault'
vault = ChefVault::Item.load("ftp", "users")
user 'testuser' do
      comment 'Test User Account'
      home '/home/testuser'
      shell '/sbin/bash'
      group 'testusers'
      password vault['user']
end

我试过了 ChefVault::Exceptions::SecretDecryption --------------------------------------- ftp/users is not encrypted with your public key. Contact an administrator of the vault item to encrypt for you! Cookbook Trace: --------------- /var/chef/cache/cookbooks/ftp_test/recipes/default.rb:10:in `from_file' /var/chef/cache/cookbooks/compat_resource/files/lib/chef_compat/monkeypatches/chef/run_context.rb:347:in `load_recipe' Relevant File Content: ---------------------- /var/chef/cache/cookbooks/ftp_test/recipes/default.rb: 3: # Recipe:: default 4: # 5: # Copyright:: 2017, The Authors, All Rights Reserved. 6: # 7: 8: include_recipe 'chef-vault' 9: 10>> vault = ChefVault::Item.load("ftp", "users") 11: 要更新,但似乎没有帮助

执行knife update ftp users -S 'name:my_node_name' -M client给出:

knife data bag show ftp users_keys

我也尝试了WARNING: Unencrypted data bag detected, ignoring any provided secret options. admins: bk0155 my_node_name my_node_name: fqkwg0098mpbDiJKFCsBEoMLiyN0kZLksiZpWwoxepr6lUgBMFGkJvSpkoGf 3ZwZt8PG2keNe9RYQ93rvgRBKGhLwP46lvDMLO78CEBPfSV5S2mYoe7B7mBb NFhHPmWkXX2IhaL6TkLvvjATVqBEuUbeqtDb7HO5XOSTuBHacovQxEJerHmA dXWBsPgs/GPnsu8xK3BNLHjvyVJ3ovaYkvCTxdFTWvDfb8184jC9rJX882Op XCeGhZ3I5BPXDmNi5XW7EAPgjtbqgxIGPZwYHrrEcZji4TMKxnc6O5+9rPB/ /j4mM/QEL5zGtTeeluzmX+wSE605p9KwGAqsLpUn/g== clients: my_node_name id: users_keys bk0155: mDsML41veFJclX0yXVMqYGvW52uRnZRtQTrRl1XTddgUJc0N9RR1qnyk0gxC 07jKkN+AsdkFuMoOGr7UcUCo/1MEsL125CvsSevOGOF9QMvUk67xw8Q+OlP0 4vqmvJNyaxeXxVV7FOVJSTC2ytovStD2WaSshZutNhG+EgIZ0zSOivHHryW+ aFyClqjVIA3Sm7ITuEyheqBJZZntpHhK1a4Gwk1V3T9aJZ3OT5vvFtNzppnx CerZvQjPdthwmrqbKfMmYG3KmsPUPEMsAHxK8ryw8Sntu/MYechWzUTGYDii gcuhehwUCgb+6LAM66ygiIqxcpZ3qg2ddcSUbo5V0g== search_query: name:my_node_name ,但仍然遇到同样的错误。

1 个答案:

答案 0 :(得分:2)

如果您的节点密钥发生任何变化,如果您未在knife.rb中设置此值,则应使用knife vault refresh ftp users_keys运行-M client。如果它不起作用,请尝试删除整个保管库并从头开始创建它,但refresh就足够了。

update is for updating the content of the vault, rotate is for rotating shared key not client's keys

相关问题
最新问题