我是厨师新手,想要使用rabbitmq user_management配方,而不添加rabbitmq guest帐户的默认行为。
我使用chef-server 11.1.3和rabbitmq cookbook 3.3.0( https://supermarket.getchef.com/cookbooks/rabbitmq )在ubuntu 14.04上安装和configurationrabbitmq 3.3.5。
我定义了一个厨师angular色,我使用user_management recipe和disabled_users来删除guest账户,但是每个厨师客户端运行的guest账户首先被添加到rabbitmq,然后再被删除 (你可以从“ – execute”行看到下面的client.log输出)。 我究竟做错了什么?
Recipe: rabbitmq::user_management * rabbitmq_user[guest] action addRecipe: <Dynamically Defined Resource> * execute[rabbitmqctl add_user guest] action run - execute rabbitmqctl add_user guest 'guest' Recipe: rabbitmq::user_management * rabbitmq_user[guest] action set_tags (up to date) * rabbitmq_user[guest] action set_permissionsRecipe: <Dynamically Defined Resource> * execute[rabbitmqctl set_permissions guest ".*" ".*" ".*"] action run - execute rabbitmqctl set_permissions guest ".*" ".*" ".*" Recipe: rabbitmq::user_management * rabbitmq_user[user1] action add (up to date) * rabbitmq_user[user1] action set_tags (up to date) * rabbitmq_user[user1] action set_permissionsRecipe: <Dynamically Defined Resource> * execute[rabbitmqctl set_permissions -p / user1 ".*" ".*" ".*"] action run - execute rabbitmqctl set_permissions -p / user1 ".*" ".*" ".*" Recipe: rabbitmq::user_management * rabbitmq_user[guest] action deleteRecipe: <Dynamically Defined Resource> * execute[rabbitmqctl delete_user guest] action run - execute rabbitmqctl delete_user guest { "name": "server-rabbitmq-test", "description": "testing", "json_class": "Chef::Role", "default_attributes": { "rabbitmq": { "version": "3.3.5", "use_distro_version": "true", "port": "5672", "virtualhosts": [ "/vhost1" ], "disabled_users": [ "guest" ], "enabled_users": [ { "name": "user1", "password": "user1", "tag": "user tag", "rights": [ { "vhost": "/vhost1", "conf": ".*", "write": ".*", "read": ".*" } ] } ] } }, "override_attributes": { }, "chef_type": "role", "run_list": [ "recipe[rabbitmq]", "recipe[rabbitmq::mgmt_console]", "recipe[rabbitmq::policy_management]", "recipe[rabbitmq::user_management]", "recipe[rabbitmq::virtualhost_management]", "recipe[rabbitmq::plugin_management]" ], "env_run_lists": { } }
我可以通过从这里更改rabbitmq / attributes / default.rb文件来停止行为:
# users default['rabbitmq']['enabled_users'] = [{ :name => 'guest', :password => 'guest', :rights => [{ :vhost => nil , :conf => '.*', :write => '.*', :read => '.*' }] }]
对此:
# users default['rabbitmq']['enabled_users'] = []
但是要有更好的方法去做,不是吗?
谢谢!!
您需要覆盖某处的[:rabbitmq][:enabled_users]属性。 编辑原始食谱并不是最好的地方,因为有一天食谱会被更新,你需要记得再做一次。
正如你正在处理在cookbook属性文件中设置的default属性,它可以在厨师的任何地方被覆盖 。
也许最便携的方法是创build您自己的域特定的RabbitMQ 包装食谱 ,并通过它做所有的定制工作。 基本上它是一个薄薄的垫片,除了要改变的东西以外,大部分的工作直接传递到原始的RabbitMQ食谱上。
在这种情况下,您可以在wrapper cookbooks attributes.rb设置default[:rabbitmq][:enabled_users] = [] ,并且首先加载默认default 。
您还可以在节点(单数),环境(组)或angular色(全局)级别上设置Chef服务器上属性的覆盖。 如果您觉得属性覆盖将被用于这些分组之一,那么在那里可能会更好。
请注意,您在烹饪书中使用这种types的东西时会失去版本控制(并且很可能会改变跟踪)。
是的,几乎。 您也可以显式禁用用户使用
node[:rabbitmq][:disabled_users] = ["guest"]
以确保它从早期运行不存在(我在这里使用它)。
再次感谢@mtm。 对于这里的logging,修复了override_attributes部分问题的完整angular色添加了:
{ "name": "server-rabbitmq-test", "description": "testing", "json_class": "Chef::Role", "default_attributes": { "rabbitmq": { "version": "3.3.5", "use_distro_version": "true", "port": "5672", "virtualhosts": [ "/vhost1" ], "disabled_users": [ "guest" ], "enabled_users": [ { "name": "user1", "password": "user1", "tag": "user tag", "rights": [ { "vhost": "/vhost1", "conf": ".*", "write": ".*", "read": ".*" } ] } ] } }, "override_attributes": { "rabbitmq": { "enabled_users": [] } }, "chef_type": "role", "run_list": [ "recipe[rabbitmq]", "recipe[rabbitmq::mgmt_console]", "recipe[rabbitmq::policy_management]", "recipe[rabbitmq::user_management]", "recipe[rabbitmq::virtualhost_management]", "recipe[rabbitmq::plugin_management]" ], "env_run_lists": { } }