logo标签列表

使用Chef进行Terraform自动化配置

chef-infraterraform
3

我正在使用这个配置来使用chef客户端和vagrant提供我的虚拟机:

  config.vm.provision "chef_client" do |chef|
    chef.add_recipe 'living-development'
    chef.chef_server_url = 'https://api.chef.io/organizations/my-organization'
    chef.validation_key_path = 'cert.pem'
    chef.validation_client_name = 'validation'
    chef.version = '12.19.36'
  end

这个配置在使用chef和vagrant时可以正常运行。然而,我需要使用terraform来设置我的机器。我不太清楚如何使用"terraform+chef"来设置上述的"vagrant+chef"配置。

到目前为止,我已经尝试过以下方法:

# Create a new Web Droplet in the nyc2 region
resource "digitalocean_droplet" "web" {
  image  = "ubuntu-14-04-x64"
  name   = "web-1"
  region = "fra1"
  size   = "512mb"
  ssh_keys = ["${digitalocean_ssh_key.default.id}"]
  volume_ids = ["${digitalocean_volume.foobar.id}"]
  provisioner "chef" {
    server_url = "https://api.chef.io/organizations/my-organization"
    user_name = "living"
    user_key = "./living.pem"
    node_name = "living"
    run_list = [ "cookbook::living-development" ]
    version = "12.19.36"
  }
}

执行结果输出如下所示:
digitalocean_droplet.web (chef): Connecting to remote host via SSH...
digitalocean_droplet.web (chef):   Host: 139.59.148.167
digitalocean_droplet.web (chef):   User: root
digitalocean_droplet.web (chef):   Password: false
digitalocean_droplet.web (chef):   Private key: false
digitalocean_droplet.web (chef):   SSH Agent: false
digitalocean_droplet.web: Still creating... (1m0s elapsed)
digitalocean_droplet.web (chef): Connecting to remote host via SSH...
digitalocean_droplet.web (chef):   Host: 139.59.148.167
digitalocean_droplet.web (chef):   User: root
digitalocean_droplet.web (chef):   Password: false
digitalocean_droplet.web (chef):   Private key: false
digitalocean_droplet.web (chef):   SSH Agent: false
digitalocean_droplet.web (chef): Connecting to remote host via SSH...
digitalocean_droplet.web (chef):   Host: 139.59.148.167
digitalocean_droplet.web (chef):   User: root
digitalocean_droplet.web (chef):   Password: false
digitalocean_droplet.web (chef):   Private key: false
digitalocean_droplet.web (chef):   SSH Agent: false
digitalocean_droplet.web (chef): Connecting to remote host via SSH...
digitalocean_droplet.web (chef):   Host: 139.59.148.167
digitalocean_droplet.web (chef):   User: root
digitalocean_droplet.web (chef):   Password: false
digitalocean_droplet.web (chef):   Private key: false
digitalocean_droplet.web (chef):   SSH Agent: false
digitalocean_droplet.web: Still creating... (1m10s elapsed)
digitalocean_droplet.web (chef): Connecting to remote host via SSH...
...

我不知道这是什么意思...

Chef想要得到什么?

我做错了吗?

它正在尝试使用ssh连接到您的droplet,用户名为root,但是Ubuntu默认禁用了root远程登录。 - AlexD
我不明白Vagrant在这里有什么作用。 - Matt Schuchard
1个回答
7
您的问题是,Chef试图使用SSH的root凭据连接到您的DigitalOcean Droplet。在ubuntu上,默认情况下禁用SSH的root登录,您不希望更改该设置,因为不允许root登录被认为是最佳实践。
因此,您需要配置Chef provisioner以使用正确的SSH凭据连接到Droplet。为此,您需要在chef provisioner定义中包含以下内容:
provisioner "chef" {
 connection {
  type = "ssh"
  user = "your-ssh-user"
  key = $file("/path/to/.pem.key")
 }
}

只需在Chef provisioner中设置正确的userkey属性的值,就可以让Chef按照您的预期连接到您的Droplet。

网页内容由stack overflow 提供, 点击上面的
可以查看英文原文,
原文链接