[英]Setting chef vault variable in template.erb
I have a vault item defined as the following in my recipe 我的食谱中定义了以下库存项目
item = ChefVault::Item.load("user","password")
How do i call this this in my template.erb
? 我怎么在我的template.erb
调用它? I tried the following which isn't working 我尝试了以下无效的方法
ROOTPASSWORD= <%= @node["testcookbook"]["user"]["password"] %>
My vault item looks like this: 我的保险箱项目如下所示:
$ knife vault show user password
id: password
pass: xxxxxxxxxx
username: chefuser
I generally do something like this within a recipe 我通常在食谱中做这样的事情
ROOTPASSWORD #{item['pass']}
however I don't think that would work within a template. 但我不认为这会在模板中起作用。
There are two options to solve that problem though the second one should be preferred as that keeps your sensitive data private. 有两个选项可以解决这个问题,虽然第二个应该是首选,因为这会使您的敏感数据保密。
Suppose, if your vault look like this: 假设,如果您的保险库看起来像这样:
knife vault show user password
id: password
pass: xxxxxxxxxx
username: chefuser
Then, you can approach like following: 然后,您可以如下所示:
First, if you want to set the password on node object and make it visible, then you can do something like below: 首先,如果要在节点对象上设置密码并使其可见,则可以执行以下操作:
In recipe: 在配方中:
node.default["testcookbook"]["user"]["password"] = ChefVault::Item.load("user","password")['pass']
template '/tmp/template' do
source 'template.erb'
owner 'root'
group 'root'
mode '0644'
end
In Template: 在模板中:
ROOTPASSWORD= <%= node["testcookbook"]["user"]["password"] %>
variables
使用variables
数据传递给模板 Second, if you don't want to set the password on node object and let it visible in chef run logs, then you can do something like below:- 其次,如果您不想在节点对象上设置密码并让它在厨师运行日志中可见,那么您可以执行以下操作: -
template '/tmp/template' do
source 'template.erb'
owner 'root'
group 'root'
mode '0644'
sensitive true
variables( {:password => ChefVault::Item.load("user","password")['pass']})
end
In Template: 在模板中:
ROOTPASSWORD= <%= @password %>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.