Terraform:配置厨师
Terraform: Provisioning with chef
我使用此配置是为了使用 chef 客户端和 vagrant 来配置我的客人:
config.vm.provision "chef_client" do |chef|
chef.add_recipe 'living-development'
chef.chef_server_url = 'https://api.chef.io/organizations/my-organization'
chef.validation_key_path = 'cert.pem'
chef.validation_client_name = 'validation'
chef.version = '12.19.36'
end
此配置在使用 chef 和 vagrant 时工作正常。尽管如此,我需要使用 terraform 来配置我的机器。我不太明白如何使用 "terraform+chef".
设置上述 "vagrant+chef" 配置
到目前为止,我去过这个:
# Create a new Web Droplet in the nyc2 region
resource "digitalocean_droplet" "web" {
image = "ubuntu-14-04-x64"
name = "web-1"
region = "fra1"
size = "512mb"
ssh_keys = ["${digitalocean_ssh_key.default.id}"]
volume_ids = ["${digitalocean_volume.foobar.id}"]
provisioner "chef" {
server_url = "https://api.chef.io/organizations/my-organization"
user_name = "living"
user_key = "./living.pem"
node_name = "living"
run_list = [ "cookbook::living-development" ]
version = "12.19.36"
}
}
执行正在打印我这个:
digitalocean_droplet.web (chef): Connecting to remote host via SSH...
digitalocean_droplet.web (chef): Host: 139.59.148.167
digitalocean_droplet.web (chef): User: root
digitalocean_droplet.web (chef): Password: false
digitalocean_droplet.web (chef): Private key: false
digitalocean_droplet.web (chef): SSH Agent: false
digitalocean_droplet.web: Still creating... (1m0s elapsed)
digitalocean_droplet.web (chef): Connecting to remote host via SSH...
digitalocean_droplet.web (chef): Host: 139.59.148.167
digitalocean_droplet.web (chef): User: root
digitalocean_droplet.web (chef): Password: false
digitalocean_droplet.web (chef): Private key: false
digitalocean_droplet.web (chef): SSH Agent: false
digitalocean_droplet.web (chef): Connecting to remote host via SSH...
digitalocean_droplet.web (chef): Host: 139.59.148.167
digitalocean_droplet.web (chef): User: root
digitalocean_droplet.web (chef): Password: false
digitalocean_droplet.web (chef): Private key: false
digitalocean_droplet.web (chef): SSH Agent: false
digitalocean_droplet.web (chef): Connecting to remote host via SSH...
digitalocean_droplet.web (chef): Host: 139.59.148.167
digitalocean_droplet.web (chef): User: root
digitalocean_droplet.web (chef): Password: false
digitalocean_droplet.web (chef): Private key: false
digitalocean_droplet.web (chef): SSH Agent: false
digitalocean_droplet.web: Still creating... (1m10s elapsed)
digitalocean_droplet.web (chef): Connecting to remote host via SSH...
...
不知道什么意思...
厨师想要什么?
我做错了吗?
您的问题是 Chef 正在尝试使用 SSH 的根凭据连接到您的 DigitalOcean Droplet。 ubuntu 默认禁用 SSH 的 root 登录,您不想更改它,因为不允许它被认为是最佳实践。
因此,您需要配置 Chef 供应器以使用正确的 SSH 凭据连接到您的 Droplet。为此,您需要在 chef 供应商定义中包含以下内容:
provisioner "chef" {
connection {
type = "ssh"
user = "your-ssh-user"
key = $file("/path/to/.pem.key")
}
}
只需在 chef provisioner 中为 connection 的 user 和 key 属性设置正确的值,这应该允许 Chef 像您期望的那样连接到您的 Droplet。
我使用此配置是为了使用 chef 客户端和 vagrant 来配置我的客人:
config.vm.provision "chef_client" do |chef|
chef.add_recipe 'living-development'
chef.chef_server_url = 'https://api.chef.io/organizations/my-organization'
chef.validation_key_path = 'cert.pem'
chef.validation_client_name = 'validation'
chef.version = '12.19.36'
end
此配置在使用 chef 和 vagrant 时工作正常。尽管如此,我需要使用 terraform 来配置我的机器。我不太明白如何使用 "terraform+chef".
"vagrant+chef" 配置
到目前为止,我去过这个:
# Create a new Web Droplet in the nyc2 region
resource "digitalocean_droplet" "web" {
image = "ubuntu-14-04-x64"
name = "web-1"
region = "fra1"
size = "512mb"
ssh_keys = ["${digitalocean_ssh_key.default.id}"]
volume_ids = ["${digitalocean_volume.foobar.id}"]
provisioner "chef" {
server_url = "https://api.chef.io/organizations/my-organization"
user_name = "living"
user_key = "./living.pem"
node_name = "living"
run_list = [ "cookbook::living-development" ]
version = "12.19.36"
}
}
执行正在打印我这个:
digitalocean_droplet.web (chef): Connecting to remote host via SSH...
digitalocean_droplet.web (chef): Host: 139.59.148.167
digitalocean_droplet.web (chef): User: root
digitalocean_droplet.web (chef): Password: false
digitalocean_droplet.web (chef): Private key: false
digitalocean_droplet.web (chef): SSH Agent: false
digitalocean_droplet.web: Still creating... (1m0s elapsed)
digitalocean_droplet.web (chef): Connecting to remote host via SSH...
digitalocean_droplet.web (chef): Host: 139.59.148.167
digitalocean_droplet.web (chef): User: root
digitalocean_droplet.web (chef): Password: false
digitalocean_droplet.web (chef): Private key: false
digitalocean_droplet.web (chef): SSH Agent: false
digitalocean_droplet.web (chef): Connecting to remote host via SSH...
digitalocean_droplet.web (chef): Host: 139.59.148.167
digitalocean_droplet.web (chef): User: root
digitalocean_droplet.web (chef): Password: false
digitalocean_droplet.web (chef): Private key: false
digitalocean_droplet.web (chef): SSH Agent: false
digitalocean_droplet.web (chef): Connecting to remote host via SSH...
digitalocean_droplet.web (chef): Host: 139.59.148.167
digitalocean_droplet.web (chef): User: root
digitalocean_droplet.web (chef): Password: false
digitalocean_droplet.web (chef): Private key: false
digitalocean_droplet.web (chef): SSH Agent: false
digitalocean_droplet.web: Still creating... (1m10s elapsed)
digitalocean_droplet.web (chef): Connecting to remote host via SSH...
...
不知道什么意思...
厨师想要什么?
我做错了吗?
您的问题是 Chef 正在尝试使用 SSH 的根凭据连接到您的 DigitalOcean Droplet。 ubuntu 默认禁用 SSH 的 root 登录,您不想更改它,因为不允许它被认为是最佳实践。
因此,您需要配置 Chef 供应器以使用正确的 SSH 凭据连接到您的 Droplet。为此,您需要在 chef 供应商定义中包含以下内容:
provisioner "chef" {
connection {
type = "ssh"
user = "your-ssh-user"
key = $file("/path/to/.pem.key")
}
}
只需在 chef provisioner 中为 connection 的 user 和 key 属性设置正确的值,这应该允许 Chef 像您期望的那样连接到您的 Droplet。