堆栈内存溢出
  简体   繁体   English

如何分离不同节点的数据袋项目?

[英]How to separate data bag item for different nodes?

 原文  2017-01-10 11:41:16       chef/ databags

问题描述

A basic data bag structure is: /data_bags/[data bag name]/[data bag items] 数据袋的基本结构是: /data_bags/[data bag name]/[data bag items]

Let say I want to create a data bag for all the possible admins of all my nodes in a data bag called users. 假设我要为名为“用户”的数据包中所有节点的所有可能的管理员创建一个数据包。 ie 

/data_bags/users/admin1.json
/data_bags/users/admin2.json
/data_bags/users/admin3.json

Now for node1 I only want to have admin1 and admin3 and for node2 I want to have admin2 and admin3 as my admins. 现在,对于node1我只想拥有admin1 and admin3 ,对于node2我想拥有admin2admin3作为我的管理员。

How can I separate or structure my configuration in a way that I can specify or split my data bags item for each different node? 如何以可以为每个不同节点指定或拆分数据包项的方式来分离或组织配置?

One idea I have is if we can do something like this. 我的一个想法是,如果我们可以做这样的事情。 

/data_bags/node1/users/...
/data_bags/node2/users/...

I am a starter in chef, so if what I want to is stupid and should be handled other way then, I appreciate any information to point me to right direction. 我是厨师的入门者,因此,如果我想要的是愚蠢的,并且应该以其他方式处理,那么我感谢您提供的任何信息都可以向我指明正确的方向。

2 个解决方案

解决方案1
 1  2017-01-10 11:53:58

You either need to group by user or by host. 您需要按用户或主机分组。 We have the following data bag structure (more docs ): 我们具有以下数据袋结构(更多文档 ): 

{
    "id": "a-srv123-admin",
    ...
    "nodes": {
            "srv123.example.org": {
                    "sudo": "true"
            }
    }
}

More nodes can be added to the node hash. 可以将更多节点添加到node哈希。 The corresponding recipe then searches for data bag items matching its own node['fqdn'] : 然后,相应的配方搜索与其自己的node['fqdn']相匹配的数据包项目: 

users = search('users', "nodes:#{node['fqdn']}")

Of course, if it is more important to you to have it grouped by node, just do it the other way around and simply pick the data bag item matching the fqdn or similar attribute. 当然,如果将它按节点分组对您来说更重要,那么就以另一种方式进行,只需选择与fqdn或类似属性匹配的数据包项即可。

解决方案2
 1  2017-01-11 21:47:27

The community users cookbook supports this feature. 社区用户食谱支持此功能。 On each server you specify the user group you want managed and the cookbook will search the databag items for matching group memberships. 在每台服务器上,指定要管理的用户组,并且菜谱将在数据袋项目中搜索匹配的组成员身份。

For an example, take a look at this answer: 例如,看一下这个答案:

Update 更新资料

The "users" cookbook has an LWRP that defines which group of users should be installed on the server. “用户”食谱具有一个LWRP,该LWRP定义了应在服务器上安装的用户组。 

users_manage "admins1"

In the data bag you then specify the groups that the user is a member of. 然后,在数据包中,指定用户所属的组。 So for example "user1" would be included in servers who require the admins1 or admins2 group. 因此,例如,“ user1”将包含在需要admins1或admins2组的服务器中。 

{
  "id": "user1",
  "ssh_keys": [
    "ssh-rsa I AM A DUMMY KEY 1"
  ],
  "groups": [
    "admins1",
    "admins2"
  ],
  "uid": 2001
}

You could of course create a group specific to each server, but that wouldn't scale terribly well. 当然,您可以创建一个特定于每个服务器的组,但是扩展性不佳。 Personally I'd suggest group names based on user roles. 我个人会根据用户角色建议组名。

  • admins 管理员
  • devops DEVOPS
  • developers 开发商
  • deployers 部署者

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何从厨师食谱创建\\编辑加密的数据袋项目 - how to create\edit encrypted data bag item from a chef recipe 我的Chef数据包项目在哪里? - Where is my Chef data bag item? Chef中带有data_bag_item的条件属性? - Conditional attribute with data_bag_item in Chef? data_bag_item用于检索单个键值 - data_bag_item to retrieve single keyvalue 如何将加密的数据袋项目值插入厨师食谱? - How do I insert an encrypted data bag item value into a Chef recipe? 无法加载此类文件-Chef / encrypted_data_bag_item - cannot load such file — chef/encrypted_data_bag_item 如何在厨师中循环加密的数据包 - How to loop an encrypted data bag in chef 如何在Chef中创建加密的数据包 - How to create an encrypted data bag in Chef 可以使用厨师环境json替换数据袋项目吗? - Can a chef environment json be used to replace a data bag item? Vagrant和Chef Solo中出现错误“无法加载数据包项目” - Error “Failed to load data bag item” in Vagrant and Chef Solo
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM