预期在路径“ / instance_groups / name = bosh / jobs / uaa”处找到地图,但找到了“ [] interface {}”

时间:2018-11-26 16:24:58

标签: bosh cloudfoundry-uaa cloud-foundry-bosh

尝试部署与LDAP集成的BOSH Director,并遇到问题。这是我的步骤。

  1. 克隆最新的存储库:

git clone https://github.com/cloudfoundry/bosh-deployment

  1. 创建vars文件并填充它。

  2. 为ldap修改opsfile

文件:ldap.yml

- type: replace
  path: /instance_groups/name=bosh/jobs/uaa/properties/uaa.ldap.enabled?
  value: "true"

- type: replace
  path: /instance_groups/name=bosh/jobs/uaa/properties/uaa.ldap.profile_type
  value: "search-and-bind"

- type: replace
  path: /instance_groups/name=bosh/jobs/uaa/properties/uaa.ldap.url
  value: "ldap://XXXX.XXXXXXX.XXX"

- type: replace
  path: /instance_groups/name=bosh/jobs/uaa/properties/uaa.ldap.userDNPatternDelimiter
  value:  ";"

- type: replace
  path: /instance_groups/name=bosh/jobs/uaa/properties/uaa.ldap.userDN
  value: "XXXXX\\XXXXXXXXX"

- type: replace
  path: /instance_groups/name=bosh/jobs/uaa/properties/uaa.ldap.userPassword
  value: "XXXXXXXXXX"

- type: replace
  path: /instance_groups/name=bosh/jobs/uaa/properties/uaa.ldap.searchBase
  value: "dc=XXX,dc=XXXXXXX,dc=XXX"

- type: replace
  path: /instance_groups/name=bosh/jobs/uaa/properties/uaa.ldap.searchFilter
  value: "cn={0}"

- type: replace
  path: /instance_groups/name=bosh/jobs/uaa/properties/uaa.ldap.passwordAttributeName
  value: "userPassword"

- type: replace
  path: /instance_groups/name=bosh/jobs/uaa/properties/uaa.ldap.passwordEncoder
  value: "org.cloudfoundry.identity.uaa.ldap.DynamicPasswordComparator"

- type: replace
  path: /instance_groups/name=bosh/jobs/uaa/properties/uaa.ldap.sslCertificate
  value: ""

- type: replace
  path: /instance_groups/name=bosh/jobs/uaa/properties/uaa.ldap.ssl.skipVerification?
  value: "true"

- type: replace
  path: /instance_groups/name=bosh/jobs/uaa/properties/uaa.ldap.ssl.tls
  value: "none"

- type: replace
  path: /instance_groups/name=bosh/jobs/uaa/properties/uaa.ldap.mailAttributeName
  value: "mail"

- type: replace
  path: /instance_groups/name=bosh/jobs/uaa/properties/uaa.ldap.mailSubstitute
  value: ""

- type: replace
  path: /instance_groups/name=bosh/jobs/uaa/properties/uaa.ldap.mailSubstituteOverrridesLdap?
  value: "false"

- type: replace
  path: /instance_groups/name=bosh/jobs/uaa/properties/uaa.ldap.referral
  value: "follow"

- type: replace
  path: /instance_groups/name=bosh/jobs/uaa/properties/uaa.ldap.groups.profile_type
  value: "groups-map-to-scopes"

- type: replace
  path: /instance_groups/name=bosh/jobs/uaa/properties/uaa.ldap.groups.searchBase
  value: "dc=XXX,dc=XXXXXXXXX,dc=XXX"

- type: replace
  path: /instance_groups/name=bosh/jobs/uaa/properties/uaa.ldap.groups.groupRoleAttribute
  value: "member"

- type: replace
  path: /instance_groups/name=bosh/jobs/uaa/properties/uaa.ldap.groupSearchFilter
  value: "member={0}"

- type: replace
  path: /instance_groups/name=bosh/jobs/uaa/properties/uaa.ldap.searchSubtree?
  value: "true"

- type: replace
  path: /instance_groups/name=bosh/jobs/uaa/properties/uaa.ldap.maxSearchDepth
  value: "1"

- type: replace
  path: /instance_groups/name=bosh/jobs/uaa/properties/uaa.ldap.emailDomain
  value: ""

- type: replace
  path: /instance_groups/name=bosh/jobs/uaa/properties/uaa.ldap.attributeMappings
  value:
    user.attribute.name-of-attribute-in-uaa-id-token: name-of-attribute-in-ldap-record
    user.attribute.name-of-other-attribute-in-uaa-id-token: name-of-other-attribute-in-ldap-record

- type: replace
  path: /instance_groups/name=bosh/jobs/uaa/properties/uaa.ldap.storeCustomAttributes?
  value: "true"

- type: replace
  path: /instance_groups/name=bosh/jobs/uaa/properties/uaa.ldap.externalGroupWhitelist?
  value: ""

- type: replace
  path: /instance_groups/name=bosh/jobs/uaa/properties/uaa.ldap.add_shadow_user_on_login?
  value: "true"

运行部署脚本:

#!/bin/bash
bosh create-env bosh-deployment/bosh.yml \
    --state=state.json \
    --vars-store=creds.yml \
    --vars-file=vars.yml \
    -o bosh-deployment/vsphere/cpi.yml \
    -o bosh-deployment/uaa.yml \
    -o bosh-deployment/ldap.yml \
    -o bosh-deployment/misc/dns.yml \
    -o bosh-deployment/misc/ntp.yml \
    -o bosh-deployment/jumpbox-user.yml

获取错误:

Deployment manifest: '/Users/user1/workarea/bosh-1/bosh-deployment/bosh.yml'
Deployment state: 'state.json'

Started validating
Failed validating (00:00:00)

Parsing release set manifest '/Users/user1/workarea/bosh-1/bosh-deployment/bosh.yml':
  Evaluating manifest:
    Expected to find a map at path '/instance_groups/name=bosh/jobs/uaa' but found '[]interface {}'

Exit code 1

如果我为LDAP集成(bosh-deployment/ldap.yml)删除了ops文件,那么一切都很好-部署了BOSH,UAA等。我不明白为什么会抱怨。 UAA正在BOSH中创建工作,我正在uaa.yml文件之后传递ops文件。它应该已经能够在BOSH部署中创建UAA作业。

有任何提示吗?

非常感谢!

1 个答案:

答案 0 :(得分:0)

回答我自己的问题。我必须在路径中放入?/-,以便可以在ldap下创建新元素。一旦输入了这些内容,便可以使用新的OpsFile部署环境。

- type: replace
  path: /instance_groups/name=bosh/jobs/name=uaa/properties/ldap?/-
  value:
    enabled: true
    profile_type: "search-and-bind"
    url: "ldap://ldap.localnet.com"
    userDN: 'XXXX\\XXXXXXX'
    userPassword: 'XXXXXXXXXX'
    searchBase: "dc=local,dc=localnet,dc=com"
    searchFilter: "cn={0}"
    passwordAttributeName: "userPassword"
    passwordEncoder: "org.cloudfoundry.identity.DynamicPasswordComparator"
    sslCertificate: ""
    ssl:
     skipVerification: "true"
     tls: "none"
    mailAttributeName: "mail"
    mailSubstitute: ""
    mailSubstituteOverrridesLdap: "false"
    referral: "follow"
    groups:
     profile_type: "groups-map-to-scopes"
     searchBase: "dc=local,dc=localnet,dc=com"
     groupRoleAttribute: "member"
    groupSearchFilter: "member={0}"
    searchSubtree: "true"
    maxSearchDepth: "10"
    emailDomain: ""
    storeCustomAttributes: "true"
    externalGroupWhitelist: ""
    add_shadow_user_on_login: "true"