没有这样的文件或目录 - 找不到文件错误 chef

No such file or directory - file not found error chef

这是我的食谱代码,

include_recipe 'aws'

require 'aws-sdk'

client = Aws::S3::Client.new(region: 'us-east-1')
bucket = client.get_object(bucket:'chefconfig', key: 'encrypted_data_bag_secret')

# Read content to variable
file_content = bucket.body.read 

# Log output (optional)
Chef::Log.info(file_content)

# Write content to file
file '/etc/chef/encrypted_data_bag_secret' do
  owner 'root'
  group 'root'
  mode '0755'
  content file_content
  action :create
end

password_secret = Chef::EncryptedDataBagItem.load_secret('/etc/chef/encrypted_data_bag_secret')
docker_password_data_bag_item = Chef::EncryptedDataBagItem.load('passwords', 'docker_server_master_password', password_secret)

docker_service 'default' do
  action [:create, :start]
end

docker_registry 'https://index.docker.io/v1/' do
  username node['docker']['username']
  password docker_password_data_bag_item['password']
  email node['docker']['email']
end

我原以为 file 资源将首先创建 /etc/chef/encrypted_data_bag_secret 并且可供 Chef::EncryptedDataBagItem.load_secret 使用,但是当我 运行 这本食谱时,我开始收到以下错误消息。

================================================================================
  Recipe Compile Error in /var/chef/cache/cookbooks/appservers/recipes/default.rb
  ================================================================================

  Errno::ENOENT
  -------------
  No such file or directory - file not found '/etc/chef/encrypted_data_bag_secret'

  Cookbook Trace:
  ---------------
    /var/chef/cache/cookbooks/appservers/recipes/docker.rb:29:in `from_file'
    /var/chef/cache/cookbooks/appservers/recipes/default.rb:9:in `from_file'

因为我在 bootstrapping 节点时添加了这本食谱,所以我不知道如何在 bootstrap 期间提供秘密文件。

正如@tensibai 在评论中提到的,问题在堆栈溢出问题中得到了很好的解释 compile time vs run time in chef recipes

这里是我如何设法解决我的问题。

我将 'password_secret' 和 'docker_password_data_bag_item' 包装在 ruby_block 中,如下所示,

ruby_block 'load_databag_secret' do
  block do
    password_secret = Chef::EncryptedDataBagItem.load_secret('/etc/chef/encrypted_data_bag_secret')
    docker_password_data_bag_item = Chef::EncryptedDataBagItem.load('passwords', 'docker_server_master_password', password_secret)
    node.set['docker']['password'] = docker_password_data_bag_item['password']
  end
end

并更改了我的 docker 注册表代码如下,

docker_registry 'https://index.docker.io/v1/' do
  username node['docker']['username']
  password lazy {node['docker']['password']}
  email node['docker']['email']
end

请注意 docker_registry 资源中的 lazy 关键字。如果你好奇,你可以在这里了解更多。