[英]How do I insert an encrypted data bag item value into a Chef recipe?
I've created an encrypted data bag value that I'm trying to load into a chef recipe. 我创建了一个加密的数据包值,试图将其加载到厨师食谱中。
knife data bag show foo bar --secret_file secret.key
Encrypted data bag detected, decrypting with provided secret.
id: bar
pass: p4ssw0rd
I'm trying to get the pass value to load up as a variable in a bash resource, and have the encrypted_data_bag_secret in /etc/chef on the client (hence no secret key show, reverting to default /etc/chef location): 我正在尝试获取传递值以将其作为bash资源中的变量加载,并在客户端的/ etc / chef中具有加密的data_bag_secret(因此不显示任何秘密密钥,恢复到默认的/ etc / chef位置):
dbag = Chef::EncryptedDataBagItem.load("foo", "bar")
foo_pass = dbag["pass"]
I've also tried using the recipe DSL instead of Chef::EncryptedDataBadItem method: 我也尝试使用食谱DSL代替Chef :: EncryptedDataBadItem方法:
dbag = data_bag_item('foo', 'bar')
foo_pass = dbag["pass"]
And then loading it into a bash resource: 然后将其加载到bash资源中:
bash 'install_mysql' do
code <<-EOC
...
sudo mysqladmin -u root password {foo_pass}
...
EOC
end
I had a few questions regarding this process. 我对此过程有一些疑问。
i) Will Chef::EncryptedDataBagItem.load be deprecated and replaced with data_bag_item; i)将不推荐使用Chef :: EncryptedDataBagItem.load并将其替换为data_bag_item; should I use one over the other?
我应该在另一个上使用吗?
ii) Am I pulling the dbag["pass"] using the correct methods; ii)我是否使用正确的方法拉了dbag [“ pass”]; how would I grab the 'pass' value from inside foo (data bag) => bar (item?)
我如何从foo(数据包)=> bar(项目)内部获取“ pass”值?
iii) To call the foo_pass variable inside the bash resource, do I just encapsulate the variable in curly braces {}, or am I missing something here? iii)要在bash资源中调用foo_pass变量,我是否将变量封装在花括号{}中,还是我在这里遗漏了什么?
iv) Is there a better method than what I am trying out? iv)是否有比我尝试的方法更好的方法?
I've tried adding the following to see if I can see the variable value printed to screen when running the chef-client, but it's not showing me any of the text or values: 我尝试添加以下内容以查看在运行Chef-client时是否可以看到打印到屏幕上的变量值,但是它没有显示任何文本或值:
puts "foo_pass equals 1:{foo_pass} 2:#{foo_pass}'
I've been hammering away at this for half the day, and was hoping to get some more experienced responses as how to handle this. 我已经花了半天时间来解决这个问题,并希望得到更多有关如何处理此问题的经验丰富的回复。
data_bag_item
in most cases, it is more correct. data_bag_item
,它更正确。 #{foo_pass}
, with the leading #
. #{foo_pass}
和前导#
。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.