堆栈内存溢出
  简体   繁体   English

Chef节点无法加载数据包项,因为公钥加密问题

[英]Chef node cannot load data bag item because public key encryption issues

 原文  2017-04-04 15:50:24       chef/ knife/ databags/ chef-vault

问题描述

I have a new VM I just built. 我有一个刚刚建立的新VM。 It has been bootstrapped with the same cookbooks as all the other nodes. 它使用与所有其他节点相同的烹饪书进行自举。 They can load this data bag just fine. 他们可以很好地加载这个数据包。 The new VM cannot. 新VM不能。

Stacktrace error :: Stacktrace错误:: 

/usr/bin/chef-client:57:in `load'
/usr/bin/chef-client:57:in `<main>'
>>>> Caused by ChefVault::Exceptions::SecretDecryption:     DATABAG_NAME/ITEM is not encrypted with your public key.  Contact an administrator of the vault item to encrypt for you!
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-vault-2.9.1/lib/chef-vault/item.rb:152:in `secret'
/opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-vault-2.9.1/lib/chef-vault/item.rb:74:in `load_keys'

Code snippet causing the issue :: 导致问题的代码段::

databag_contents = ChefVault::Item.load(node['DATABAG_NAME']['ITEM']['databag'], node['DATABAG_NAME']['ITEM']['databag_item'])

From the Chef server I have already updated the vault knife vault update DATABAG_NAME ITEM -S "name:new_node_name_here" 从Chef服务器我已经更新了保险库knife vault update DATABAG_NAME ITEM -S "name:new_node_name_here"

I think this is fundamentally a vault error, but the fact that I've already ran the single command which the docs say should encrypt the data bag with the public key ... I don't know what else can be done. 我认为这基本上是一个保险库错误,但事实上我已经运行了文档所说的单一命令,应该用公钥加密数据包......我不知道还能做些什么。

thanks. 谢谢。

(actual info has been removed and replaced with "DATABAG_NAME" and "ITEM") (实际信息已被删除,并替换为“DATABAG_NAME”和“ITEM”)

EDIT :: 编辑::

Some additional things I've tried are in the chat. 我尝试过的其他一些东西都在聊天中。 I also did a knife vault update DATABAG_NAME ITEM -S "name:new_vm_name_here" --verbose --verbose to get the keys from the output there. 我还做了一个knife vault update DATABAG_NAME ITEM -S "name:new_vm_name_here" --verbose --verbose来从输出中获取密钥。 I took those keys and one by one used knife data bag edit DATABAG ITEM_keys to add the key manually. 我拿了那些钥匙,一个一个地knife data bag edit DATABAG ITEM_keys手动添加钥匙。 None of them worked. 他们都没有工作。

1 个解决方案

解决方案1
 0  2017-04-07 16:03:59

更新保管库的命令必须是:

knife vault update DATABAG_NAME ITEM -S "name:new_node_name_here" -M client

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 无法加载此类文件-Chef / encrypted_data_bag_item - cannot load such file — chef/encrypted_data_bag_item 如何使用Chef Client本地模式在独立节点上隐藏用于数据包加密的密钥 - How do I hide my secret key for data bag encryption on a standalone node using Chef Client local mode Vagrant和Chef Solo中出现错误“无法加载数据包项目” - Error “Failed to load data bag item” in Vagrant and Chef Solo 我的Chef数据包项目在哪里? - Where is my Chef data bag item? Chef中带有data_bag_item的条件属性? - Conditional attribute with data_bag_item in Chef? 数据包加密在Chef服务器上加密,但如何加密本地副本? - Data bag encryption encrypts on Chef server, but how to encrypt local copy? 有什么方法可以检索数据包中可用的厨师节点特定参数 - Is there any way to retrieve the chef node specific parameters available in data bag 可以使用厨师环境json替换数据袋项目吗? - Can a chef environment json be used to replace a data bag item? 如何从厨师食谱创建\\编辑加密的数据袋项目 - how to create\edit encrypted data bag item from a chef recipe 在主厨中引导节点时如何传递自定义数据包? - How to pass a custom data bag while bootstrapping a node in chef?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM