如何允许食谱在Chef OpenSource 12.x中编辑数据袋?
[英]How do I allow recipes to edit data bags in Chef OpenSource 12.x?
问题描述
While setting up the icinga2 chef cookbook for my own personal use (specifically around the pki-tickets generation for the icinga2 remote API,) I have spent a lot of time looking for a way to enable admin on a client, as the data bag documentation requires . 
在设置供个人使用的icinga2厨师食谱时 (特别是围绕icinga2远程API的pki票务代发),我花了很多时间寻找一种在客户端上启用管理员的方法,作为数据包文档要求 。
Altering data bags from the node when using the open source Chef server requires the node's API client to be granted admin privileges.
However, I'm not able to set an admin client when I edit the json through knife client edit . 但是,当我通过knife client edit json时,无法设置管理客户knife client edit 。 I edit the json, changing "admin": true and save it. 我编辑json,更改"admin": true并保存。 knife reports that it's updated, but a knife client show shows that admin is still false. 刀报告说它已更新,但knife client show表明admin仍然为假。 Additionally, I find conflicting information in the knife client documentation . 此外,我在刀具客户文档中发现有冲突的信息。
With regards to the -a --admin option creating a client: 关于-a --admin选项创建客户端:
This option only works when used with the open source Chef server and will have no effect when used with Enterprise Chef or Chef server 12.x.
How do I enable edit/creation of databags/databag entries from a recipe? 如何启用配方中的数据袋/数据袋条目的编辑/创建?
1 个解决方案
解决方案1
0 已采纳 2017-05-05 04:10:16
You would use the Chef Server ACLs system: https://docs.chef.io/auth.html#authorization 您将使用Chef Server ACL系统: https : //docs.chef.io/auth.html#authorization
You can either edit those via the Manage web UI or the knife-acl CLI. 您可以通过“管理” Web UI或knife-acl CLI编辑这些内容。
Be aware of the security ramifications and general complexities of this approach before you proceed though. 在继续之前,请注意此方法的安全性和一般复杂性。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.